SolarWinds patches six severe vulnerabilities in Web Help Desk, including four critical flaws (CVSS 9.8) enabling unauthenticated remote code execution and authentication bypass. Organizations should update to WHD 2026.1 immediately.
Security researchers discovered 16 malicious browser extensions claiming to enhance ChatGPT that actually steal session tokens, giving attackers full access to accounts and conversation history.
Google Threat Intelligence Group disrupts IPIDEA, the world’s largest residential proxy network, used by 550+ threat groups including nation-state actors from China, Russia, Iran, and North Korea.
Music streaming platform SoundCloud confirmed a data breach affecting 29.8 million user accounts. The December 2025 incident exposed emails and profile data, creating risks for phishing and credential stuffing attacks.
Fortinet confirms CVE-2026-24858, a critical FortiCloud SSO authentication bypass zero-day actively exploited in the wild. The company has blocked FortiCloud SSO from vulnerable devices while patches are being developed.
A malicious VS Code extension impersonating the popular Clawdbot AI assistant has been caught deploying ScreenConnect RAT on Windows machines. The trojanized extension worked as a functional AI coding tool while silently installing remote access software.
Trend Micro researchers have discovered PeckBirdy, a flexible JScript-based C2 framework used by China-linked APT actors to target gambling industries and Asian government entities since 2023.
Russian APT group Sandworm attempted to deploy destructive DynoWiper malware against Polish power plants in late December 2025. The attack was thwarted, but highlights ongoing threats to critical infrastructure from state-sponsored actors.
Security researchers have identified sophisticated attack vectors leveraging Microsoft Office documents to bypass security measures and deliver malicious payloads. Learn about the latest threats and defensive strategies.
Source: Hackread | Author: Deeba Ahmed Poland has narrowly avoided a massive energy crisis following what officials are calling the largest cyberattack on the country in years. Between 29 and 30 December 2025, hackers attempted to break into the nation’s energy infrastructure, specifically targeting two combined heat and power (CHP) plants and systems that manage…
