Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks
Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals. Tracked as CVE-2026-20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Apple’s security bulletin warns […]
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. With the release of Windows 1.0, Microsoft introduced Notepad, a simple, easy-to-use text editor that, over the years, became popular […]
Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. Originally a legitimate meeting scheduling tool for Outlook users, the module was developed by an independent publisher and has been on the Microsoft Office Add-in Store since December 2022. Office add-ins are just URLs pointing […]
Crazy ransomware gang abuses employee monitoring tool in attacks
A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. The breaches were observed by researchers at Huntress, who investigated multiple incidents where threat actors deployed Net Monitor for Employees Professional alongside SimpleHelp for remote […]
Police arrest seller of JokerOTP MFA passcode capturing tool
The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. The suspect is the third one arrested after authorities after a three-year investigation that led to dismantling the JokerOTP phishing-as-a-service (PhaaS) operation in April 2025. At the […]
LummaStealer infections surge after CastleLoader malware campaigns
A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware. LummaStealer, also known as LummaC2, is an infostealer operation running as a malware-as-a-service (MaaS) platform that was disrupted in May 2025 when multiple tech firms and law enforcement authorities seized 2,300 domains and the central command structure supporting the malicious […]
Microsoft releases Windows 11 26H1 for select and upcoming CPUs
Microsoft has announced Windows 11 26H1, but it’s not for existing PCs. Instead, it will ship on devices with Snapdragon X2 processors and possibly other rumored ARM chips. Microsoft insists Windows 11 is still following an annual update cadence, which means Windows 11 26H2 is likely on track. According to Microsoft, Windows 11 26H1 is […]
New Linux botnet SSHStalker uses old-school IRC for C2 comms
A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. The protocol was invented in 1988, and its adoption peaked during the 1990s, becoming the main text-based instant messaging solution for group and private communication. Technical communities still appreciate it for its implementation simplicity, interoperability, […]
North Korean hackers use new macOS malware in crypto-theft attacks
North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. The threat actor’s goal is financial, as suggested by the role of the tools used in an attack on a fintech company investigated by Google’s Mandiant researchers. During […]
Malicious 7-Zip site distributes installer laced with proxy tool
A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user’s computer into a residential proxy node. Residential proxy networks use home user devices to route traffic with the goal of evading blocks and performing various malicious activities such as credential stuffing, phishing, and malware distribution. The new campaign […]