Microsoft sets a path to switch off NTLM across Windows
Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been…
Latest Cybersecurity News — Page 418
View all →
InsertScript: ImageMagick – Shell injection via PDF password
“Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG,…
Hackers Attacking MongoDB Instances to Delete Database and Add Ransom Note
Threat actors are actively targeting internet-exposed MongoDB instances in large-scale automated ransomware campaigns. The attacks follow a consistent pattern: attackers scan for unsecured MongoDB databases…
Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers
Notepad++ fell victim to a sophisticated supply chain attack orchestrated by state-sponsored threat actors who compromised its update infrastructure over a six-month campaign. Security experts…
How fake party invitations are being used to install remote access tools
“You’re invited!” It sounds friendly, familiar and quite harmless. But in a scam we recently spotted, that simple phrase is being used to trick victims into installing a full remote access tool on their Windows computers—giving attackers complete control…
Britain And Japanese Cybersecurity Strategy Strengthens
Japan and Britain have agreed to expand cooperation on cybersecurity and critical mineral supply chains, framing the move as a strategic response to intensifying geopolitical,…
Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION
Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION Pierluigi Paganini February 02, 2026 A new round of the weekly Security Affairs newsletter…
InsertScript: Blink – DoS of tab via SVG in img tag / CSS context
This is just a quick blogpost to document a behavior in the Blink engine in regards to the processing of SVG images in the context…
Voice channels are the next major attack vector that security teams can’t monitor
For years, cybersecurity teams have worked to close gaps across email, endpoints, cloud infrastructure, and application layers. But as new threats like deepfake voices infiltrate…
NationStates confirms data breach, shuts down game site
NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. The government…
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed…
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
Ravie LakshmananFeb 02, 2026Threat Intelligence / Malware The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility’s update mechanism to redirect update traffic…