A sophisticated cyber-espionage campaign leveraging a novel “ClickFix” technique to deliver a custom remote access trojan (RAT) named MIMICRAT has been identified by security researchers. This sophisticated multi-stage operation deceives users into executing malicious code by compromising legitimate websites, bypassing traditional security measures through social engineering rather than exploiting software…

Cybersecurity researchers have detailed a new cryptojacking campaign that leverages pirated software bundles as an entry point to deploy a custom XMRig miner. This sophisticated attack chain utilizes social engineering and worm-like capabilities to maximize cryptocurrency mining hashrate, often destabilizing victim systems. The campaign, uncovered by Trellix researchers, highlights the…

North Korean threat actors are employing sophisticated, two-pronged cyber operations, including the “Contagious Interview” campaign, to infiltrate Western tech companies and generate revenue. These malicious actors impersonate IT recruiters, tricking software developers into running malware during fake technical interviews to steal credentials and gain remote access. Since at least 2022,…

A new, sophisticated phishing framework named Starkiller has emerged, empowering attackers with advanced tools to steal credentials and bypass multi-factor authentication (MFA). Developed and sold as a commercial Software-as-a-Service (SaaS) product by the group Jinkusu, this malicious toolkit represents a significant evolution from older methods that relied on static website…

The cybersecurity landscape continues to present a complex and evolving threat environment, with recent developments highlighting the exploitation of familiar pressure points. This week, a significant zero-day vulnerability in Dell RecoverPoint for Virtual Machines was actively exploited by a China-linked threat group. The exploitation of CVE-2026-22769, a critical flaw with…

Cybersecurity researchers have identified a sophisticated new campaign attributed to the Silver Fox advanced persistent threat (APT) group, which is employing advanced techniques like DLL sideloading and BYOVD (Bring Your Own Vulnerable Driver) to infiltrate networks, primarily targeting organizations across Asia. This operation, which leverages carefully localized lures disguised as…

A year ago, on February 21, 2026, North Korea (DPRK)-linked operators executed the largest confirmed cryptocurrency theft in history, siphoning approximately $1.46 billion in cryptoassets from the Dubai-based exchange Bybit. Far from deterring these malicious actors, this breach appears to have emboldened them. The group has continued an aggressive campaign…

The Iranian hacking group MuddyWater, also known by aliases such as Earth Vetala, Mango Sandstorm, and MUDDYCOAST, has launched a new campaign named Operation Olalampo, targeting organizations and individuals primarily in the Middle East and North Africa (MENA) region. This operation, first detected on January 26, 2026, showcases the deployment…

A novel cyber threat campaign leveraging generative AI has successfully compromised over 600 FortiGate devices across 55 countries. This financially motivated operation, conducted by a Russian-speaking threat actor, exploited fundamental security weaknesses rather than specific vulnerabilities. Amazon Threat Intelligence observed this activity between January 11 and February 18, 2026, highlighting…

Artificial intelligence company Anthropic has introduced a significant new security feature for its Claude Code platform, aiming to bolster software security by scanning codebases for vulnerabilities and proposing patches. This groundbreaking AI-powered vulnerability scanning capability, branded as Claude Code Security, is presently in a limited research preview for Enterprise and…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially acknowledged the active exploitation of two critical security vulnerabilities affecting the widely used Roundcube webmail software. The agency added these flaws to its Known Exploited Vulnerabilities (KEV) catalog on February 21, 2026, prompting urgent patching efforts for organizations utilizing the…

A new stealthy malware strain named CharlieKirk Grabber is actively targeting Windows systems, with a primary objective of stealing sensitive login credentials, browser cookies, and session data. Discovered by Cyfirma researchers, this infostealer operates as a swift “smash-and-grab” threat, rapidly collecting data and disappearing before users can detect its presence.…