UFP Technologies warns customers of a recent cyberattack that has compromised its information technology systems. The American company, recognized for producing medical devices, disclosed that unauthorized access led to data theft. This breach raises concerns about potential impacts on both the company’s operations and its clients’ confidentiality. UFP Technologies has initiated an investigation to assess […]
SolarWinds has released patches for four critical vulnerabilities in its Serv-U software. These security issues could allow attackers to execute remote code if they gain administrative privileges. Addressing the vulnerabilities is crucial to prevent potential exploits that might compromise system integrity. The patched defects underscore the ongoing need for vigilance in cybersecurity, particularly for companies […]
In recent findings, security researchers uncovered a significant flaw in Anthropic’s Claude Code, allowing remote code execution and API key theft when users access untrusted repositories. The Check Point Research team identified critical vulnerabilities, CVE-2025-59536 and CVE-2026-21852, that can exploit features in Claude Code for malicious purposes. By leveraging project-level configuration files, attackers can initiate […]
Google disrupts a major cyber espionage campaign linked to suspected Chinese state actors, impacting telecommunications and government entities worldwide. This operation, run by a group tracked as UNC2814, went undetected for nearly a decade. Google’s Threat Intelligence Group (GTIG) and Mandiant have collaborated to dismantle the group’s infrastructure that breached 53 organizations across 42 countries. […]
Anthropic says MiniMax, along with DeepSeek and Moonshot AI, orchestrated extensive distillation attacks on its Claude models, involving over 24,000 fake accounts and generating 16 million exchanges. The San Francisco-based AI firm detailed how these Chinese labs employed proxy services to engage in massive data extractions, allegedly refining their own AI with capabilities stolen from […]
Several popular Android mental health apps, available on Google Play, are grappling with significant security vulnerabilities. These apps, collectively boasting 14.7 million downloads, may inadvertently expose users’ sensitive medical information. Experts raise concerns that flaws in the apps’ code could potentially lead to unauthorized access to users’ data. The revelations underscore ongoing issues in the […]
In a recently identified campaign, the Russia-linked threat actor known as APT28 has deployed MacroMaze malware to compromise entities across Western and Central Europe. The campaign, which took place from September 2025 to January 2026, was reported by the S2 Grupo’s LAB52 threat intelligence team. They revealed that Operation MacroMaze targets entities using webhook-based macro […]
GrayCharlie deploys NetSupport and other malicious software by injecting JavaScript into compromised WordPress sites. Since mid-2023, this threat actor has covertly embedded harmful scripts to facilitate malware delivery. Known for connections to the SmartApeSG cluster, GrayCharlie utilizes NetSupport RAT to gain control over infected systems and has expanded its arsenal to include Stealc and SectopRAT. […]
Google Chrome pushes a fix in an emergency security update, addressing three high-severity vulnerabilities in the browser. The update targets versions 145.0.7632.116/117 for Windows and macOS, while Linux users receive version 144.0.7559.116. Significant risks are mitigated as the update tackles flaws involving out-of-bounds memory access and inappropriate implementation. The first vulnerability, CVE-2026-3061, presents an out-of-bounds […]
In February 2026, hackers use Claude and DeepSeek in a sophisticated wave of cyberattacks targeting FortiGate devices worldwide. These advanced AI-powered strategies integrate Large Language Models to automate complex tasks within the intrusion chain. Misconfigured servers revealed that attackers embedded Claude and DeepSeek into their operations, focusing on FortiGate SSL VPN appliances. By exploiting stolen […]
WhatsApp bolsters login security with its latest Android beta update, introducing an optional account password feature. This enhancement aims to add an additional security layer to the existing two-step verification system, thwarting unauthorized access attempts. WhatsApp users can set an alphanumeric password, ranging from 6 to 20 characters, to further protect their accounts. Combined with […]
CrowdStrike says attackers move through networks with alarming speed, taking just 29 minutes on average to go from infiltration to internal movement in 2025. This marks a striking 65% increase in velocity compared to the previous year, highlighting an escalating threat landscape for businesses. Cybersecurity experts attribute this swift progression to increasingly sophisticated attack methods. […]