Security & IT News

The “fast16” malware may have been used to target Iran’s nuclear program prior to Stuxnet

Researchers uncover a new data theft and extortion group dubbed “BlackFile”

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is believed to

Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft.

Itron, Inc. has disclosed, via an 8-K filing with the U.S. Securities and Exchange Commission (SEC), a cybersecurity incident in which an unauthorized third party accessed certain internal systems. [...]

Microsoft says it's rolling out a revamped Windows Insider Program experience as part of the broader plans to address performance and reliability concerns affecting Windows 11. [...]

A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. [...]

Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts.

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2024-57726 (CVSS score: 9.9) - A missing authorization vulnerability in

Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]

Science news : Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago, surviving mass extinction events by retreating into oxygen-rich deep-sea refuges. For millions of years, their evolution barely changed—until a dramatic post-extinction boom sparked rapid diversification as they moved into new shallow-water habitats. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. [...]

Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target as “vulnerable” unless the vulnerability is leveraged as part of the check method, reserving the “appears” status for version checks. The different check codes a module is capable of returning and the logic to select among them varies from exploit to exploit and is not always the easiest to understand. Aligning with the consistent feedback that Metasploit has received that module actions should be more transparent, adfoster-r7 has been adding reasoning information en masse to the check codes returned by a variety of exploits. This information will help users understand why a particular vulnerability status was determined, making troubleshooting efforts easier and increasing confidence in the results. Legacy SMB Improvements This week, community member g0tm1lk made multiple improvements for legacy and non-Windows SMB targets. Version information is now more reliably extracted from targets running SMB 1, and a variety of minor bugs were fixed across multiple modules that would have affected users targeting systems the module was not intended to target as is often the case when the module is used to scan an entire network. New module content (4) Camaleon CMS Directory Traversal CVE-2024-46987 Authors: Goultarde, Peter Stockli, and bootstrapbool Type: Auxiliary Pull request: #21122 contributed by bootstrapbool Path: gather/camaleon_download_private_file AttackerKB reference: CVE-2024-46987 Description: This adds an auxiliary module to exploit an arbitrary file vulnerability, CVE-2024-46987, on Camaleon CMS = 2.8.0 as well as 2.9.0. Langflow RCE Authors: Takahiro Yokoyama and weblover12 Type: Exploit Pull request: #21260 contributed by Takahiro-Yoko Path: multi/http/langflow_rce_cve_2026_27966 AttackerKB reference: CVE-2026-27966 Description: Adds exploit module for CVE-2026-27966, a prompt injection RCE vulnerability in Langflow 1.8.0. By creating and sending a specially-crafted flow containing python code, the LangChain will execute that code because LangChain's Read-Eval-Print Loop (REPL) is exposed by default and runs any Python code it is given. WebDAV PHP Upload Authors: g0tmi1k and theLightCosine [email protected] Type: Exploit Pull request: #21256 contributed by g0tmi1k Path: multi/http/webdav_upload_php AttackerKB reference: CVE-2012-10062 Description: Updates code and adds features: Linux support, check() method, and cleanup after exploit. Linux Chmod Author: bcoles [email protected] Type: Payload (Single) Pull request: #21238 contributed by bcoles Path: linux/loongarch64/chmod Description: Adds a new linux/loongarch64/chmod payload to change the permissions of a specified file. Enhancements and features (11) #21019 from g0tmi1k - This adds support for phpM

Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent or poorly timed restarts. [...]

Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows

A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. [...]

Microsoft will roll out passkey support for phishing-resistant passwordless authentication to Microsoft Entra‑protected resources from Windows devices starting late April. [...]

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K.'s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access