Cybersecurity News

UAC-0145 Uses ClickFix CAPTCHAs to Infect Ukrainian Devices wih Malware

Sun, 19 Jul 2026 19:00:55 +0530
The Hacker News

Russian state-sponsored threat actors have been observed leveraging the infamous ClickFix strategy to trick Ukrainian targets into infecting their own machines with data-stealing malware. According to the Computer Emergency Response Team of Ukraine (CERT-UA), the activity has been attributed to UAC-0145, a sub-cluster within Sandworm, an advanced hacking unit affiliated with GRU, Russia's

SonicWall SMA Zero-Days Exploited Before Disclosure to Gain Root Access

Sun, 19 Jul 2026 18:48:56 +0530
The Hacker News

A previously undocumented threat actor has been attributed to the exploitation of recently disclosed SonicWall Secure Mobile Access (SMA) 1000 series VPN appliances as zero-days prior their public disclosure since June 22, 2026. Cybersecurity company Volexity is tracking the activity under the moniker UTA0533. The discovery was made following an incident response investigation earlier this

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

Sat, 18 Jul 2026 02:50:10 +0530
The Hacker News

Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

Sat, 18 Jul 2026 01:50:53 +0530
The Hacker News

Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry pointing at it. Okta's Red Team, which reported the denial-of-service bug and named it, published the

Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

Sat, 18 Jul 2026 00:24:51 +0530
The Hacker News

Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack. The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using an "unprecedented" four-tier blockchain-based command-and-control (C2) infrastructure spanning Tron,

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

Fri, 17 Jul 2026 22:42:23 +0530
The Hacker News

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and firewall late. The intel feed behind that counter

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

Fri, 17 Jul 2026 22:09:16 +0530
The Hacker News

Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group known for its targeting of the gambling and gaming sectors using

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

Fri, 17 Jul 2026 19:18:56 +0530
The Hacker News

North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. "Any user who ran the project ended up with a four-stage payload aligned with OtterCookie: a browser credential and crypto wallet stealer, a file stealer, a