ransomware | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A server-side request forgery ( SSRF ) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that could allow a malicious actor with network access to UEM to send requests without authentication and to gain access to sensitive information. CVE-2025-26399 (CVSS score: 9.8) - A deserialization of untrusted data vulnerability in the AjaxProxy component of SolarWinds Web Help Desk that could allow an attacker to run commands on the host machine. CVE-2026-1603 (CVSS score: 8.6) - An authentication bypass using an alternate path or channel vulnerability in Ivanti Endpoint Manager that could allow a remote unauthenticated attacker to leak specific stored credential data. The addition o...

Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of what is happening behind the scenes in the cyber world right now. From new tactics and campaigns to security and policy changes that could affect millions of users, there is a lot unfolding at once. Below is a quick roundup of the most notable stories making headlines this week. Phishing Campaign Deploys Multiple Malware Strains Ukraine Targeted by SHADOWSNIFF, SALATSTEALER, DEAFTICKK Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a hacking campaign targeting Ukrainian government institutions using phishing emails containing a...

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from an IT desk that activates a layered malware delivery pipeline. "In one organization, the adversary moved from initial access to nine additional endpoints over the course of eleven hours, deploying a mix of custom Havoc Demon payloads and legitimate RMM tools for persistence, with the speed of lateral movement strongly suggesting the end goal was data exfiltration, ransomware, or both," researchers Michael Tigges, Anna Pham, and Bryan Masters said. It's worth noting that the modus operandi is consistent with email bombing and Microsoft Teams phishing attacks orchestrated by t...

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP address ("212.11.64[.]250") that was used by the suspected Russian-speaking threat actor to conduct automated mass scanning for vulnerable appliances. CyberStrikeAI is an "open-source artificial intelligence (AI) offensive security tool (OST) developed by a China-based developer who we assess has some ties to the Chinese government," security researcher Will Thomas (aka @BushidoToken ) said . Details of the AI-powered activity came to light last month when Amazon Threat Intelligence said it detected the unknown attacker systematically targeting FortiGate devices using generative artificial intelligence (AI) services like Anthropic ...

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described the phishing attacks as an identity-based threat that takes advantage of OAuth's standard, by-design behavior rather than exploiting software vulnerabilities or stealing credentials. "OAuth includes a legitimate feature that allows identity providers to redirect users to a specific landing page under certain conditions, typically in error scenarios or other defined flows," the Microsoft Defender Security Research Team said . "Attackers can abuse this native functionality by crafting URLs with popular identity providers, such as Entra ID or Google Workspace, that use manipu...