The critical vulnerability CVE-2025-11953, informally dubbed Metro4Shell, is being actively abused to compromise React Native development environments. Attackers are exploiting a flaw in the Metro server — the default JavaScript bundler for React Native — to deploy malicious payloads on Windows and Linux systems directly inside developer workstations and build environments. What the React Native … Read more

A critical implementation error in Nitrogen ransomware targeting VMware ESXi hosts effectively converts each attack into a data‑wiping event rather than a traditional extortion incident. According to technical analysis by Coveware, the flaw breaks the cryptographic relationship between the ransomware’s public and private keys, meaning that encrypted virtual machines cannot be recovered, even if the … Read more

A U.S. federal court has handed down one of the harshest sentences to date for online drug trafficking: 24‑year‑old Taiwanese citizen Rui‑Siang Lin, known on the dark web as “Pharoah” and “Faro”, received 30 years in prison for running the Incognito darknet marketplace. The New York court described the case as the most serious internet‑based … Read more

At the end of 2025, analysts at F6 identified a malicious program that did not fit typical modern ransomware patterns. The sample initially looked like a classic ransomware strain, allegedly encrypting all user data. Detailed reverse engineering, however, showed that no file encryption took place. Instead, the malware operated as a winlocker—blocking access to Windows … Read more

The open‑source local AI assistant ecosystem OpenClaw (formerly Moltbot and ClawdBot) has rapidly evolved from a hobby project into a large‑scale platform — and at the same time into a significant attack surface. Independent security researchers have identified hundreds of malicious skills (plugins) and early signs of self‑propagating prompt worms, making OpenClaw a revealing case … Read more

Within days of Microsoft releasing an emergency security update for Microsoft Office, the Russian-linked threat group APT28 (also known as Fancy Bear, Sofacy, and Forest Blizzard) integrated a working exploit for the critical vulnerability CVE-2026-21509 into its toolkit. According to analysis by Zscaler, the group launched a focused phishing campaign against organizations in Ukraine and … Read more

French law-enforcement authorities have searched the Paris office of social network X as part of a wide‑ranging criminal investigation into the platform’s Grok generative AI system. Investigators are focusing on Grok’s alleged role in creating and disseminating illegal content, including sexual deepfakes, child sexual abuse material (CSAM) and statements denying the Holocaust, underscoring how regulators … Read more

Recent investigations by Rapid7 have revealed a significant supply chain attack against the Notepad++ update infrastructure, attributed to the Chinese‑speaking Lotus Blossom APT group. The operation delivered a previously undocumented backdoor dubbed Chrysalis and turned a trusted text editor into a covert entry point for cyber‑espionage, running silently for much longer than initially assumed. Notepad++ … Read more

On 30 January 2026, the Open VSX marketplace faced a notable software supply chain attack: four Visual Studio Code extensions published under the developer nickname oorzc received malicious updates containing the GlassWorm malware loader. These extensions had appeared legitimate for a long time, with some in use for more than two years before the injected … Read more

MongoDB instances exposed directly to the internet are once again being hit by automated ransomware campaigns. Attackers are systematically scanning the internet for misconfigured servers, erasing the data they contain and leaving ransom notes that promise “recovery” of the deleted databases in exchange for cryptocurrency. Mass ransomware attacks on exposed MongoDB databases According to recent … Read more