Scam-checking just got easier: Malwarebytes is now in ChatGPT
If you’ve ever stared at a suspicious text, email, or link and thought “Is this a scam… or am I overthinking it?” Well, you’re not alone. Scams are getting harder to spot, and…
Month: February 2026
InsertScript: PDF – How to steal PDFs by injecting JavaScript
Intro Quite some time has passed since my last blog post, so I decided to present a nice feature of PDF. I will use a…
Autonomous AI Agents Are Becoming the New Operating System of Cybercrime
The cybersecurity landscape has entered a dangerous new phase where autonomous AI agents are transforming from simple automation tools into sophisticated criminal operators. These self-directed…
1-Click Flaw in ClawDBot Allows Remote Code Execution
A high-severity authentication bypass vulnerability has been discovered in ClawDBot, a popular npm package, enabling attackers to achieve remote code execution through a single malicious…
How state-sponsored attackers hijacked Notepad++ updates
Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for…
Securing the Mid-Market Across the Complete Threat Lifecycle
The Hacker NewsFeb 02, 2026Threat Detection / Endpoint Security For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to…
Benefits Of Executive Monitoring Platforms For Business Growth
When a CEO’s deepfake appears in a fraudulent investor call, when stolen credentials surface on dark web marketplaces, or when executive impersonation attempts trick employees…
DLL Hijacking via URL files
This blogpost describes how I got annoyed by vulnerabilities in 3rd party Windows applications, which allowed to execute local files but without parameters. So I…
Gakido CRLF Injection Vulnerability Let Attackers Bypass Security Controls
A critical vulnerability in Gakido, an HTTP client library by HappyHackingSpace, has been discovered that allows attackers to inject arbitrary HTTP headers through CRLF (Carriage…
Arsink RAT Targets Android Devices to Steal Sensitive Data and Enable Remote Access
Arsink is a cloud-native Android Remote Access Trojan (RAT) that steals sensitive data and grants attackers deep control over infected devices. In several builds, larger…
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates Pierluigi Paganini February 02, 2026 Notepad++ maintainer says nation-state attackers hijacked the app’s update system by…
InsertScript: Adobe Reader – PDF callback via XSLT stylesheet in XFA
I have seen on twitter that there is use for another PDF callback Proof-of-Concept in Adobe Reader. Last year a PDF file called “BadPDF” was…