HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.
Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense
Unit 42 celebrates 9 years of the Cyber Threat Alliance, tracing its journey from a bold idea to a global leader in collaborative cyber defense. The post Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense appeared first on Unit 42.
_NicoElNino_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Complex VoidLink Linux Malware Created by AI
Researchers say the advanced framework was built almost entirely by agents, marking a significant evolution in the use of AI to develop wholly original malware.
Phishing Campaign Zeroes in on LastPass Customers
The bait incudes plausible subject lines and credible messages, most likely thanks to attackers' use of large language models to craft them.
'Contagious Interview' Attack Now Delivers Backdoor Via VS Code
Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no other user interaction.
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could p
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job Interviews
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning artificial intelligence (AI), cryptocurrency, financial services, IT services, market
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild. The vulnerability, CVE-
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, it said, commenced on January 15, 2026, adding it shares similarities with a Dece
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev, mimics SymPy, replicating t
Filling the Most Common Gaps in Google Workspace Security
Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance exper