breaking news

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational […]

January 9, 2026
0 comment
Read More >>

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational […]

January 9, 2026
0 comment
Read More >>

Chinese-speaking hackers exploited ESXi zero-days long before disclosure

Chinese-speaking attackers used a hacked SonicWall VPN to deploy ESXi zero-days that were likely exploited over a year before public disclosure. Chinese-speaking attackers were seen abusing a hacked SonicWall VPN to deliver a toolkit targeting VMware ESXi. The exploit chain included a sophisticated VM escape and appears to have been developed more than a year […]

January 9, 2026
0 comment
Read More >>

Astaroth banking Trojan spreads in Brazil via WhatsApp worm

A WhatsApp worm spread the Astaroth banking trojan across Brazil by automatically sending malicious messages to victims’ contacts. Astaroth, a long-running Brazilian banking malware, has evolved in a new campaign dubbed Boto Cor-de-Rosa by abusing WhatsApp Web for propagation. The malware harvests the victim’s WhatsApp contact list and automatically sends malicious messages to each contact, […]

January 8, 2026
0 comment
Read More >>

Public PoC prompts Cisco patch for ISE, ISE-PIC vulnerability

Cisco addressed a medium-severity vulnerability in ISE and ISE-PIC after a public PoC exploit was disclosed. Cisco addressed a medium-severity vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) after a public PoC exploit was disclosed. The vulnerability resides in the licensing feature of Cisco ISE […]

January 8, 2026
0 comment
Read More >>

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2009-0556 is a memory corruption flaw […]

January 8, 2026
0 comment
Read More >>

China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

Taiwan says China-linked cyberattacks on its energy sector rose tenfold in 2025, hitting critical infrastructure across nine sectors, with total incidents up 6%. Taiwan reports China-linked cyberattacks on its energy sector surged tenfold in 2025, targeting critical infrastructure across nine sectors, with total incidents up 6% YoY. Taiwan’s National Security Bureau (NSB) reports China launched […]

January 8, 2026
0 comment
Read More >>

Veeam resolves CVSS 9.0 RCE flaw and other security issues

Veeam patched a critical RCE flaw in Backup & Replication, CVE-2025-59470, rated CVSS 9.0, along with other vulnerabilities. Veeam released patches for multiple Backup & Replication flaws, including a critical RCE vulnerability tracked as CVE-2025-59470 (CVSS score of 9.0). A Backup or Tape Operator can achieve remote code execution as the postgres user by abusing […]

January 7, 2026
0 comment
Read More >>

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’), […]

January 7, 2026
0 comment
Read More >>

Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector

PHALT#BLYX targets European hotels with fake Booking emails and BSoD lures, tricking staff into installing the DCRat remote access trojan. Researchers uncovered a late-December 2025 campaign, dubbed PHALT#BLYX, targeting European hotels with fake Booking-themed emails. Victims are redirected to bogus BSoD pages using ClickFix-style lures that prompt them to apply “fixes.” The multi-stage attack ultimately […]

January 7, 2026
0 comment
Read More >>