China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.…
Category: TheHackerNews
Badges, Bytes and Blackmail
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and…
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
Ravie LakshmananJan 30, 2026Vulnerability / Email Security SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could…
Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup
Ravie LakshmananJan 30, 2026Artificial Intelligence / Economic Espionage A former Google engineer accused of stealing thousands of the company’s confidential documents to build a startup…
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Ravie LakshmananJan 30, 2026Vulnerability / Enterprise Security Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that…
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast “unmanaged, publicly accessible…
Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps
A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on…
3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026
The Hacker NewsJan 29, 2026Threat Intelligence / Incident Response Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly…
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
Ravie LakshmananJan 29, 2026Vulnerability / Software Security SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical…
Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks
Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks…
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims…
Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid
Ravie LakshmananJan 28, 2026Critical Infrastructure / Threat Intelligence The “coordinated” cyber attack targeting multiple sites across the Polish power grid has been attributed with medium…