Norman Ore Olivera

Termite ransomware breaches linked to ClickFix CastleRAT attacks Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. [...] bleepingcomputer.com/news/security/…

⚠️ A flaw in #GitHub Codespaces let attackers hide malicious Copilot instructions inside a GitHub issue. When a developer opened a Codespace from that issue, Copilot could silently run the injected prompt and leak a privileged GITHUB_TOKEN. 🔗 Details → thehackernews.com/2026/02/roguep…

Threat actors are actively exploiting CVE-2026-1731 (9.9) in BeyondTrust Remote Support & PRA. Attackers extract portal data, then open WebSocket channels to trigger unauthenticated RCE. 🔗 Read → thehackernews.com/2026/02/resear…

🛑 A suspected Iran-aligned campaign targets NGOs and individuals documenting human rights abuses. HarfangLab tracks the activity as RedKitten, using Excel files themed around deceased protesters to deliver malware. 🔗 Read → thehackernews.com/2026/01/iran-l…

⚠️ Poland confirms coordinated cyber attacks on 30+ renewable energy sites and a major CHP plant. CERT Polska says the campaign was destructive, using wiper malware, but failed to disrupt power or heat supply. 🔗 Read → thehackernews.com/2026/01/poland…

Mandiant details how ShinyHunters abuse SSO to steal cloud data Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks [...] bleepingcomputer.com/news/security/…

Researcher reveals evidence of private Instagram profiles leaking photos A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. [...] bleepingcomputer.com/news/security/…

🛑 Chrome extensions are being abused at scale. Researchers uncovered tools that hijack affiliate links, scrape shopping data, steal ChatGPT login tokens, and even deliver phishing pages—while passing official store reviews. 🔗 Learn more about → thehackernews.com/2026/01/resear…

🌍 Cybercrime enforcement follows clear patterns. A new analysis maps 418 confirmed actions worldwide from 2021–2025, showing where arrests, takedowns, and sanctions are focused. 🔗 How cybercrime is being targeted worldwide → thehackernews.com/2026/01/badges…

⚠️ Researchers map 175K publicly exposed Ollama LLM servers worldwide. Tool-calling turns exposed AI into a highest-severity execution risk. Full details: thehackernews.com/2026/01/resear…

Aisuru botnet sets new record with 31.4 Tbps DDoS attack The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million requests per second. [...] bleepingcomputer.com/news/security/…

🚨 Container adoption has outpaced security. 82% of organizations suffered a container breach last year, and most now assume one will happen every year. Fast-moving containers and unchecked public images keep adding risk faster than teams can fix it. 🔗- thehackernews.com/expert-insight…

📊🛡️ Poor threat intel drives downtime and analyst burnout in modern SOCs. Fresh, validated feeds shorten MTTD/MTTR and reduce false positives at scale. Full details: thehackernews.com/2026/01/3-deci…

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. [...] bleepingcomputer.com/news/security/…

Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. [...] bleepingcomputer.com/news/security/…

🛑 Attackers now use 🤖 AI to write, hide, and mutate malware in real time. Google and Anthropic confirm AI-orchestrated attacks running autonomously end to end. 🔗 How network signals expose what endpoints miss → thehackernews.com/2026/01/winnin…

🛠️⚠️ Attackers are abusing trusted IT tools, not deploying malware. A new campaign steals email logins, then installs legitimate RMM software for silent, long-term access. 🔗 Details → thehackernews.com/2026/01/phishi…

Why Active Directory password resets are surging in hybrid work Hybrid work has driven a surge in Active Directory password resets, turning minor lockouts into major productivity drains. Specops shows why remote access, cached credentials [...] bleepingcomputer.com/news/security/…

Hackers exploit security testing apps to breach Fortune 500 firms Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP [...] bleepingcomputer.com/news/security/…

🚨 Security researchers found two high-severity flaws in Chainlit, an open-source AI chatbot framework. The bugs enable file reads and SSRF, exposing API keys and internal data and enabling lateral movement. Fixed in v2.9.4. 🔗 Read → thehackernews.com/2026/01/chainl…