Recently leaked Windows zero-days now exploited in attacks

Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. Since the start of the month, a security researcher known as “Chaotic Eclipse” or “Nightmare-Eclipse” has published proof-of-concept exploit code for all three security issues in protest to how Microsoft’s Security Response Center (MSRC) handled […]

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains

More than 75,000 individuals using distributed denial-of-service (DDoS) platforms for disruptive attacks have been warned through emails and letters during the latest phase of the Operation PowerOFF international law enforcement action. The ongoing operation is supported by Europol and involves authorities in 21 countries. Coordinated efforts led to the arrest of four people, taking offline […]

ZionSiphon malware designed to sabotage water treatment systems

A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. The threat can adjust hydraulic pressures and raise chlorine levels to dangerous levels, researchers found during their analysis. Based on its IP targeting and political messages embedded in its strings, ZionSiphon appears to focus […]

New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges

A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. This exploit is for a local privilege escalation (LPE) flaw that grants SYSTEM privileges in Windows 10, Windows 11, and Windows Server on […]

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. Attacks leveraging the remote code execution flaw (CVE-2026-39987) started last week for credential theft, less than 10 hours after technical details were disclosed publicly, according to data from cloud-security company Sysdig. Sysdig researchers […]

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. The flaw, tracked as CVE-2026-33032, is caused by nginx-ui leaving the ‘/mcp_message’ endpoint unprotected, allowing remote attackers to invoke privileged MCP actions without credentials. Because those actions involve writing and […]

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. The attacks were spotted in Ukraine by the country’s CERT team last month. Based on the forensic evidence, targets may also include representatives of the Defense Forces. CERT-UA has attributed […]

Signed software abused to deploy antivirus-killing scripts

A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. In a single day, researchers observed more than 23,500 infected hosts in 124 countries trying to connect to the operator’s infrastructure, with hundreds of infected endpoints present in […]