Cybersecurity researchers have uncovered a fresh hacking campaign tied to a China-linked threat actor known as UAT-8099, active from late 2025 through early 2026. The operation, revealed by Cisco Talos, focused on breaking into vulnerable Microsoft Internet Information Services (IIS)…
Cybersecurity researchers are warning about a new attack campaign where threat actors are using stolen credentials to install legitimate Remote Monitoring and Management (RMM) tools, giving them stealthy and persistent remote control over victim systems. Instead of relying on traditional…
A cyberattack described by Polish officials as the most serious assault on the country’s energy infrastructure in years has been linked to the Russian state-backed hacking group Sandworm. The incident happened during the final week of December 2025 and targeted…
A serious security vulnerability has been identified in ServiceNow that affects its AI and virtual agent components, raising concerns about how agentic AI systems can be abused inside enterprise environments. The issue impacts the following ServiceNow components and versions: The…
Security researchers have uncovered a harmful Google Chrome extension that targets users of MEXC, a centralized cryptocurrency exchange operating in more than 170 countries. The extension pretends to be a trading automation tool but is designed to quietly steal sensitive…
Cybersecurity researchers have uncovered a large-scale web skimming operation that has been running quietly since January 2022. The campaign targets online payment environments connected to major card networks, including American Express, Diners Club, Discover, JCB, Mastercard, and UnionPay. According to…
European law enforcement authorities have arrested 34 people in Spain over their alleged links to Black Axe, a transnational criminal organization long associated with cyber crime and other serious offenses. Europol said the arrests followed a coordinated operation led by…
An Iranian-linked hacking group known as MuddyWater has been connected to a new spear-phishing operation aimed at organizations in the diplomatic, maritime, financial, and telecommunications sectors across the Middle East. The activity centers on a Rust-based malware implant researchers have…
As organizations prepare for 2026, cybersecurity predictions are everywhere. But many of these outlooks are shaped by headlines and speculation rather than solid evidence. The real challenge is no longer finding predictions. It is figuring out which ones point to…
Researchers uncovered a phishing setup that relies on a concealed HTML form element containing a webhook[.]site URL. JavaScript embedded in the page quietly sends a “page opened” signal, captures any credentials entered by the victim, and forwards them to the…
