threats

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

, ,

Microsoft revealed a new ClickFix attack utilizing nslookup for malware staging. Attackers trick users into running DNS lookups to retrieve malicious payloads, circumventing security measures by having victims infect their own machines. This technique has evolved into various forms and leverages DNS traffic as a stealthy method of signaling to malicious infrastructure. The attack can lead to further malware deployment, including remote access trojans and information stealers, particularly targeting both Windows and macOS users amidst rising incidents of cryptocurrency theft.

https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html

Naming and Shaming: How Ransomware Groups Tighten the Screws on Victims

, ,

Ransomware tactics have evolved from simple file encryption to combining data theft with threats of public exposure via dedicated leak sites (DLSs). These sites, emerging in 2019, amplify pressure on victims by publicly showcasing stolen data and demanding payment. This approach increases risks including reputational damage, regulatory fines, and follow-on cybercrimes. Victims face urgency and fear as they navigate decisions under pressure, often leading to repeated attacks even after ransom payment. Effective defenses require advanced security measures, access controls, regular software updates, resilient backups, and employee training to mitigate risks associated with ransomware threats.

https://www.welivesecurity.com/en/ransomware/naming-shaming-ransomware-groups-tighten-screws-victims/

2026 State of Enterprise Infostealer Identity Exposure

, ,

In 2025, enterprise identity exposure intensified, with enterprise identity logs increasing from 8% to 11% of all logs. Microsoft Entra ID credentials appeared in 79% of these logs, making them the most compromised. Over 18% of identity logs contained credentials for multiple providers, expanding the potential impact of a single breach.

https://flare.io/learn/resources/2026-enterprise-infostealer-identity-exposure/

As Ransomware Recedes, a New More Dangerous Digital Parasite Rises

, , ,

Ransomware declines as “sleeperware” ascends: Picus Labs' report shows a shift from ransomware to stealthy malware that remains dormant until opportune moments, focusing on data theft rather than system disruption. This change reflects a significant drop in ransomware incidents, prompting new cybersecurity strategies.

https://www.zdnet.com/article/sleeperware-malware-sneaks-waits-ransomware-decline/

Microsoft Warns That Poisoned AI Buttons and Links May Betray Your Trust

, , ,

Microsoft warns of “AI Recommendation Poisoning,” a technique where malicious data manipulates AI responses, risking trust in AI services. Companies have been embedding hidden prompts in AI links, influencing outputs subtly. This can result in AI providing biased advice on crucial topics like health and finance, often unnoticed by users. Microsoft advises caution with AI-related links, reviewing AI memory, and scanning for manipulation attempts in corporate settings.

https://www.theregister.com/2026/02/12/microsoft_ai_recommendation_poisoning/

Exclusive: Palo Alto Chose Not to Tie China to Hacking Campaign for Fear of Retaliation From Beijing, Sources Say

Palo Alto Networks refrained from linking China to a recent hacking campaign due to fears of potential retaliation from Beijing. Initially, their report identified a hacking group as connected to China, but this was softened to “state-aligned group operating out of Asia” after concerns emerged, particularly following a Chinese ban on certain cybersecurity software. The company aims to protect its personnel and clients. Experts suggest attribution is complex, highlighting the risks cybersecurity firms face in naming state-sponsored cyber threats.

https://www.reuters.com/world/china/palo-alto-chose-not-tie-china-hacking-campaign-fear-retaliation-beijing-sources-2026-02-12/

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

,

Google Alerts State-Backed Hackers Using Gemini AI for Attacks
North Korean group UNC2970 exploited Google’s Gemini AI for reconnaissance and cyber espionage, targeting cybersecurity firms. The AI synthesized OSINT for profiling high-value targets, enabling tailored phishing strategies. Other hacker groups, including Chinese and Iranian actors, also misuse Gemini for intelligence gathering and deploying malware. Google emphasizes ongoing efforts to enhance safety systems against AI misuse.

https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html

LummaStealer Is Getting a Second Life Alongside CastleLoader

,

TLDR: LummaStealer, a prominent info-stealer malware, resurfaces alongside CastleLoader after law enforcement disruptions. It primarily spreads via social engineering tactics, tricking users into executing malware through fake software or media downloads. CastleLoader enhances LummaStealer's distribution, employing in-memory execution and heavy obfuscation. The partnership suggests shared infrastructure between both malware, posing severe privacy risks by harvesting sensitive data like credentials and financial information.

https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader

Kimwolf Botnet Swamps Anonymity Network I2P

,

Kimwolf botnet disrupts I2P, an anonymity network, by overwhelming it with infected devices. Emerged in late 2025, it turns IoT devices into relays for DDoS attacks. Users reported connectivity issues as Kimwolf attempted to escape detection by taking over I2P nodes. This “Sybil attack” compromised the network's integrity, reducing its capacity. Experts believe Kimwolf's operators are experimenting with I2P for stability amid takedown attempts, though botnet numbers are declining due to internal issues and errors.

https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/

The Latest Wave of Ransomware Attacks: As Widespread as Possible

, ,

Ransomware attack on BridgePay disrupts U.S. payment systems, forcing businesses, like restaurants, to go cash-only. The company is working with law enforcement but has found no evidence of compromised payment card data. This incident highlights vulnerabilities in centralized payment systems, emphasizing the need for improved cyber resiliency among service providers.

https://www.paymentsjournal.com/the-latest-wave-of-ransomware-attacks-as-widespread-as-possible/

Global SaaS Abuse Surge: U.S., Europe & APAC Targeted in Large‑Scale Phone‑Based Phishing

, ,

Phishing campaign using legitimate SaaS platforms saw 133,260 emails target over 20,000 organizations. Attackers exploited platform features to send authentic-looking scam emails, bypassing traditional detection methods. Techniques included manipulating user fields to create legitimate notifications from companies like Microsoft and Amazon, urging victims to call attacker-controlled phone numbers instead of clicking links. This trend reflects a strategic shift towards trust-based attacks, highlighting vulnerabilities in widely-used enterprise services and the need for improved detection strategies.

https://blog.checkpoint.com/research/saas-abuse-at-scale-phone-based-scam-campaign-leveraging-trusted-platforms/

The Rise of Moltbook Suggests Viral AI Prompts May Be the Next Big Security Threat

,

The rise of AI agents, particularly through platforms like OpenClaw and Moltbook, raises concerns about self-replicating ‘prompt worms' that could exploit these agents, spreading harmful instructions and data risks. Potential interventions from API providers could mitigate threats but may alienate users. The urgency for solutions grows as local AI capabilities improve, leading to a future where unregulated AI interactions might create security crises.

https://arstechnica.com/ai/2026/02/the-rise-of-moltbook-suggests-viral-ai-prompts-may-be-the-next-big-security-threat/

30 Years of DDoS: Why a Structural Problem Persists

, ,

DDoS attacks, originating in 1996, remain a persistent problem due to known weaknesses in internet architecture and organizational structures. The growth of the internet has amplified the impact of these attacks, exploiting vulnerabilities in IoT devices and combining network overloads with targeted disruptions to business processes.

https://www.igorslab.de/en/30-years-of-ddos-why-a-structural-problem-persists/

Notepad++ Hijacked by State-Sponsored Hackers

, ,

Notepad++ was hijacked by state-sponsored hackers, likely Chinese, compromising update traffic from June to December 2025. The former hosting provider confirmed the server was breached, allowing attackers to redirect Notepad++ updates. All security vulnerabilities were addressed by December 2, 2025, and the site was migrated to a more secure host. Users are advised to download v8.9.1, which includes security enhancements, and manual updates. No specific indicators of compromise were found during the investigation.

https://notepad-plus-plus.org/news/hijacked-incident-info-update/

Scroll to Top