State-sponsored hackers hijacked Notepad++ update mechanism
The attack involved an infrastructure-level breach at Notepad++’s hosting provider, not vulnerabilities in the application’s source code.
Cybersecurity News - Page 16
ShinyHunters SaaS breaches linked to Vishing and SSO phishing campaign
Mandiant is tracking the activity across multiple threat clusters, including UNC6661, UNC6671, and UNC6240.
Threat actor targets exposed MongoDB databases in low-cost extortion scheme
Flare says it found more than 208,500 publicly exposed MongoDB servers, including 3,100 that required no authentication.
Cyber Security Week in Review: January 30, 2026
In brief: Ivanti, Microsoft and Fortinet fix zero-days, eScan hit with a supply chain attack, and more.
Google disrupts one of the world’s largest residential proxy networks IPIDEA
In a separate development, US authorities have seized the dark web and clearnet domains of the RAMP cybercrime forum.
Russia-affiliated Electrum hackers linked to cyberattack on Polish power grid
Dragos assessed that Electrum works closely with another threat cluster Kamacite that focuses on initial access.
Fortinet begins rolling out fixes for critical FortiOS zero-day
The flaw (CVE-2026-24858) was actively exploited in the wild by two malicious FortiCloud accounts.
Recent WinRAR flaw now widely exploited by state hackers and cybercrime groups
The flaw, tracked as CVE-2025-8088, allows attackers to place malicious files on a victim’s system by tricking users into opening specially crafted RAR archives.
Indian government entities targeted in new Pakistan-linked cyber campaigns
The campaigns, dubbed ‘Gopher Strike’ and ‘Sheet Attack,’ were discovered in September 2025.
New Stanley MaaS pushes phishing via Chrome extensions
Stanley is marketed as an easy-to-use phishing platform that works by hijacking user navigation and overlaying a full-screen iframe with attacker-controlled content.
Showing elements 151 - 160