Latest Internet & Cybersecurity News
Ivanti Discloses Two Critical Zero-Day Vulnerabilities in Endpoint Manager Mobile
Ivanti confirmed actively exploited pre-authentication remote code-execution flaws in its Endpoint Manager Mobile (EPMM) platform. Attackers can hijack internet-facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale.
Google Disrupts Massive IPIDEA Residential Proxy Botnet
Google crippled the IPIDEA residential proxy network used by over 550 threat groups, including state-linked actors from China, Russia, Iran, and North Korea. Legal actions seized or sinkholed C2 domains, reducing the botnet's device pool by millions, primarily in the US, Canada, and Europe.
Microsoft Patches High-Severity Office Zero-Day Vulnerability
Microsoft released out-of-band patches for CVE-2026-21509, a zero-day in Office with CVSS 7.8, actively exploited in attacks. The flaw enables system compromise and is part of ongoing threat actor campaigns.
Coordinated Cyberattacks Target Polish Energy Infrastructure
Russian-linked actors attacked 30 wind/photovoltaic farms, a manufacturer, and a CHP plant in Poland on December 29, 2025, using wiper malware like Dino Wiper. Attacks aimed at destruction during cold weather but were thwarted by defenses, causing no outages.
Exposed C2 Server Reveals BYOB Botnet Infrastructure
Researchers found an open directory on C2 server 38.255.43.60:8081 serving malicious payloads for the Build Your Own Botnet (BYOB) framework. It demonstrates active abuse for system compromise, web shells, and persistent access.
Malicious Google Ads Deliver Stealer Malware to macOS Users
Sponsored Google ads for 'Mac cleaner' redirect to fake sites on Google Docs and Medium, tricking users into ClickFix-style installs of stealer malware. Targets sensitive data theft via social engineering.
Everest Ransomware Gang Claims 1.4 TB Theft from Iron Mountain
Russia-linked Everest posted on its leak site claiming access to 1.4 TB of Iron Mountain client data, including personal documents. They threaten leaks by February 11 unless ransom paid, sharing folder screenshots.
eScan Antivirus Updates Abused to Deliver Malware
Attackers compromised eScan antivirus updates with malicious reload.exe, tampering with user systems. Discovered January 29 by Morphec, it highlights supply chain risks in security software.
Open VSX Supply Chain Attack Deploys GlassWorm Malware
Compromised VS Code extensions on Open VSX delivered GlassWorm malware, stealing macOS data, crypto, and developer credentials. Targets developers via trusted extension repositories.
Exposed MongoDB Databases Hit with Ransomware Notes
Threat actors targeted over 1,400 misconfigured MongoDB instances, dropping ransom notes demanding Bitcoin. Analysis shows 208,500 exposed servers, with 3,100 unauthenticated and 100,000 leaking operational data.