Malicious packages flood OpenClaw registry in malware campaign
Masquerading as legitimate cryptocurrency trading automation tools, the packages, known as “skills,” deliver data-stealing malware.
Cybersecurity News - Page 1
Ukraine’s government entities targeted in attacks exploiting recent MS Office flaw
According to CERT-UA, the flaw was weaponized within a day of Microsoft’s disclosure.
Supply chain attack hits Open VSX registry, malicious updates spread via trusted extensions
The malicious updates embedded the GlassWorm malware loader and were pushed to users through normal update mechanisms.
State-sponsored hackers hijacked Notepad++ update mechanism
The attack involved an infrastructure-level breach at Notepad++’s hosting provider, not vulnerabilities in the application’s source code.
ShinyHunters SaaS breaches linked to Vishing and SSO phishing campaign
Mandiant is tracking the activity across multiple threat clusters, including UNC6661, UNC6671, and UNC6240.
Threat actor targets exposed MongoDB databases in low-cost extortion scheme
Flare says it found more than 208,500 publicly exposed MongoDB servers, including 3,100 that required no authentication.
Cyber Security Week in Review: January 30, 2026
In brief: Ivanti, Microsoft and Fortinet fix zero-days, eScan hit with a supply chain attack, and more.
Google disrupts one of the world’s largest residential proxy networks IPIDEA
In a separate development, US authorities have seized the dark web and clearnet domains of the RAMP cybercrime forum.
Russia-affiliated Electrum hackers linked to cyberattack on Polish power grid
Dragos assessed that Electrum works closely with another threat cluster Kamacite that focuses on initial access.
Fortinet begins rolling out fixes for critical FortiOS zero-day
The flaw (CVE-2026-24858) was actively exploited in the wild by two malicious FortiCloud accounts.
Showing elements 1 - 10