Critical Microsoft SharePoint flaw now exploited in attacks

A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and ...
SecurityWeek

CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability

The SharePoint remote code execution vulnerability CVE-2026-20963, which Microsoft patched in January, has been exploited in ...

LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...
Microsoft

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including ...
The Hacker News

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.
How-To Geek on MSN

How a lazy reverse proxy setup let a crypto botnet hijack my home server

I made the most common homelab security mistake of all time (and I'm not alone) ...
PCMag

US Disrupts Aisuru, Botnet Behind Record-Breaking 30Tbps DDoS Attacks

In total, the operation went after four botnets, estimated to have infected millions of devices across the globe, including TV boxes, web cameras and Wi-Fi routers.
Compare the Cloud

Open-Source AI Servers Hijacked with Cryptominers and Infostealers for Over a Year

Researchers found 98 OpenWebUI instances where authentication was turned off entirely and over 2,000 servers that allowed anyone to register an account. A malware operation has been hijacking AI ...