Cyber Security News

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortly

A sophisticated espionage campaign attributed to the Chinese Advanced Persistent Threat (APT) group Lotus Blossom (also known as Billbug). The threat actors compromised the infrastructure hosting the popular text editor Notepad++ to deliver a custom, previously undocumented backdoor named “Chrysalis”. This campaign, discovered by Rapid7 researcher Ivan Feigl, primarily targets organizations in the government, telecommunications, The post Notepad++ Hack Detailed Along With the IoCs and Custom Malware Used appeared first on Cyber Security News.

A malware-free phishing campaign targets corporate inboxes and asks employees to view "request orders," ultimately leading to Dropbox credential theft.

Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises.

State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.

A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It's an extension to the OpenClaw project, a self-hosted artificial intelligence (AI) assistant

A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when security researchers detected its deployment at a Polish energy firm. Unlike typical ransomware that encrypts files for monetary gain, DynoWiper operates with a single The post DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data appeared first on Cyber Security News.

On December 29, 2025, Poland faced a coordinated assault targeting more than 30 wind and solar farms, alongside a large combined heat and power plant and a manufacturing facility. The attacks occurred during severe winter weather, when temperatures dropped and snowstorms threatened the nation’s energy stability. All operations had purely destructive intentions, designed to damage The post 30 Wind and Solar Farms in Poland Faced Coordinated Cyberattacks appeared first on Cyber Security News.

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to

A newly formed Russian hacker alliance known as Russian Legion has launched a coordinated cyberattack campaign against Denmark, threatening critical infrastructure and government services. The alliance, which includes Cardinal, The White Pulse, Russian Partizan, and Inteid, publicly announced its formation on January 27, 2026, marking a significant escalation in state-aligned hacktivist operations targeting Western nations. The post Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack appeared first on Cyber Security News.

Following its attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.

Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options. The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad

A previously unknown hacktivist group called Punishing Owl has emerged with sophisticated cyberattacks targeting Russian government security agencies. The group first surfaced on December 12, 2025, when it announced the successful breach of a Russian government security agency’s network. The attackers published stolen internal documents on a data leak site and duplicated the files on The post New Punishing Owl Hacker Group Targeting Networks of Russian Government Security Agency appeared first on Cyber Security News.

21,000+ publicly exposed instances of an open-source personal AI assistant, raising significant concerns about unprotected access to sensitive user configurations and personal data. OpenClaw, a rapidly emerging personal AI assistant created by Austrian developer Peter Steinberger, has experienced explosive growth since late January 2026. The project, which underwent multiple branding iterations, initially launched as Clawdbot The post 21,000+ OpenClaw AI Instances With Personal Configurations Exposed Online appeared first on Cyber Security News.

A long-running online nation simulation game has been taken temporarily offline following a security breach that compromised its central production server. The team estimates the downtime will last 2 to 5 days as they rebuild core infrastructure and audit the codebase for additional issues. According to an official disclosure posted on 30 January 2026 at The post NationStates Suffers Databreach – Game site Temporarily Offline appeared first on Cyber Security News.