6 February 2026
A PowerShell-based malware named TAMECAT targeting login credentials stored in Microsoft Edge and Chrome browsers.
A PowerShell-based malware named TAMECAT targeting login credentials stored in Microsoft Edge and Chrome browsers.
CVE-2026-24858 (CVSS score: 9.4) affects FortiManager and FortiAnalyzer; may also include FortiWeb and FortiSwitch Manager.
Web shell named “EncystPHP.” enhance remote command execution, persistence mechanisms, and web shell deployment to resolve FreePBX vulnerability CVE-2025-64328.
Unpatched IIS servers are injected malicious web shells, executed PowerShell scripts, and deployed the BadIIS malware, including hardcoded regional configurations tailored to specific countries.
WorldLeaks claims 1.4TB Nike design and manufacturing data stolen; WorldLeaks (successor to Hunters International) do file theft over encryption.
Clawdbot, open-source AI agent gateway having 900+ unauthenticated instances exposed online and multiple code flaws that enable credential theft and remote code execution.
CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads.
Version 144.0.7559.96/.97 for Windows & Mac and 144.0.7559.96 for Linux addresses V8 JavaScript engine.
CVE-2024-37079 of the DCERPC Distributed Computing Environment/Remote Procedure Calls protocol allows software to invoke procedures and services on a remote system across a network.
CVE-2025-59718 vulnerability to compromise fully patched firewalls.
CVE-2026-24061 (9.8) – critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is “trivial” to exploit.
CVE-2025-14533, affects plugin versions including 0.9.2.1; carries a CVSS score of 9.8 (Critical).
CVE-2026-23550 allowing WordPress admin bypass; Vendor released fix in version 2.5.2; users urged to upgrade immediately.
Google Calendar’s privacy controls hiding a dormant malicious payload within a standard calendar invite; the bypass enabled unauthorized access to private meeting data and the creation of deceptive calendar events.
Flaw in Windows Kerberos authentication expands the attack surface for credential relay attacks in Active Directory environments.
Microsoft security updates for 114 flaws (incl 1 actively exploited & 2 publicly disclosed zero-day vulnerabilities); addresses 8 “Critical” vulnerabilities (6 for remote code execution & 2 are elevation-of-privilege).
Organizations AI systems services are often exposed through APIs, webhooks, or proxy layers, creating new opportunities for attackers to probe for misconfigurations and abuse; using server-side request forgery (SSRF) techniques.
Veeam has released security updates to issues including result in remote code execution (RCE). CVE-2025-59470, carries a CVSS score of 9.0 allows a Backup or Tape Operator.
CVE-2025-43530 allow attackers to bypass macOS Transparency, User Consent, and Control (TCC) protections entirely.
CVE-2025-68615 allows remote attackers to trigger a buffer overflow, leading to a service crash or potentially a more severe system compromise.
