Ticker feed

Cisco patched a critical zero-day vulnerability (CVE-2026-20045) being actively exploited by hackers targeting unified communications products. The flaw affects Cisco Unified Communications Manager, Session Management Edition, Unity Connection, and Webex Calling systems.

Attackers can exploit the vulnerability remotely without authentication by sending crafted HTTP requests to management interfaces. Successful attacks grant user-level access that can escalate to root privileges on the underlying operating system.

CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, giving federal agencies until February 11 to patch. Hunter shows roughly 1,300 internet-exposed Cisco Unified CM instances, with nearly half located in the United States.

Source: Security Week

LastPass customers are being targeted in an ongoing phishing campaign that began around January 19, strategically timed during the Martin Luther King Jr. Day holiday weekend when security teams have reduced staffing.

The attackers are sending convincing emails from addresses like support@lastpass[.]server8, urging users to "back up their vaults" due to fake scheduled maintenance. Subject lines include "LastPass Infrastructure Update: Secure Your Vault Now" and "Protect Your Passwords: Backup Your Vault (24-Hour Window)."

These emails lead to phishing sites designed to steal login credentials, potentially giving criminals access to entire password vaults. LastPass emphasizes they never ask for master passwords and advises customers to report suspicious emails to abuse@lastpass.com. While no accounts appear compromised yet, the company recommends enabling multifactor authentication for added protection.

Source: Dark Reading

Marks & Spencer's chief technology officer Josie Smith is stepping down just 18 months after joining the company, following a devastating cyber attack last year. Her departure comes four months after chief digital and technology officer Rachel Higham also left the retailer.

The April cyber attack by hacker group Scattered Spider cost M&S hundreds of millions of pounds and shut down online operations for weeks. The company still blames lingering effects from the breach for recent drops in Christmas clothing sales.

Smith, previously at BT Group and Vodafone, will be replaced by Darren Gibson. Chief product officer Krista Nordlund is also leaving in July.

Source: Sky News

Cybercriminals are using a sophisticated new attack called "CrashFix" that deliberately crashes victims' browsers before offering a fake solution. The scam starts with a malicious Chrome extension called NexShield, disguised as the popular uBlock Origin Lite ad blocker.

Once installed, the extension waits an hour then floods the browser with connection requests, causing it to crash. When users try to restart, they see a fake security warning instructing them to run a "repair" command that's actually malware.

Huntress Labs discovered corporate networks receive ModeloRAT, a sophisticated backdoor, while home users get test payloads. The threat actor "KongTuke" clearly prioritizes business targets over individual users.

Source: Dark Reading

Cybercrime has entered a dangerous new era powered by AI, according to Group-IB's latest report. Since 2022, criminals can buy "synthetic identity kits" with AI video actors and cloned voices for just $5, while deepfake services start at $10 monthly.

Dark web discussions about AI crime tools exploded from under 50,000 messages annually (2020-2022) to 300,000 per year since 2023. Criminals now use "agentized" phishing that personalizes attacks and adapts in real-time using AI feedback.

Most concerning are "dark LLMs" - unrestricted AI models like Nytheon AI that help generate malware, scams, and exploits without ethical guardrails. These subscription services ($30-200 monthly) serve over 1,000 criminal users, making sophisticated attacks accessible to anyone with basic technical skills.

Source: Infosecurity Magazine

Five coordinated Chrome extensions are attacking major enterprise platforms like Workday, NetSuite, and SuccessFactors, affecting over 2,300 users. Published under names "databycloud1104" and "softwareaccess," these fake productivity tools steal authentication tokens and hijack user sessions.

The most dangerous feature involves bidirectional cookie injection, letting attackers access victim accounts without passwords or bypassing multi-factor authentication. The extensions extract session tokens every 60 seconds and block up to 56 administrative pages, preventing security teams from resetting passwords or disabling compromised accounts.

When administrators try to respond, the extensions replace security pages with blank content, creating a scenario where breaches are detected but can't be stopped through normal procedures.

Source: Cybersecurity News

In October 2020, Aleksanteri Kivimäki hacked Vastaamo, Finland's largest psychotherapy company, stealing intimate therapy notes from 33,000 patients. The self-proclaimed "untouchable hacker god" demanded €200-500 in bitcoin from each victim, threatening to publish their deepest secrets online.

Kivimäki had already leaked records of politicians and public figures on the dark web, exposing details of adultery, suicide attempts, and sexual violence. Some records belonged to children. At least two victims took their own lives after learning their therapy notes were compromised.

Police traced bitcoin payments and server records back to Kivimäki, arresting him in Paris in 2023. He was sentenced to over six years in prison in 2024. Vastaamo went bankrupt, and the government now compensates victims while copies of the stolen files continue circulating online.

Source: The Guardian

IT giant Ingram Micro suffered a ransomware attack on July 3, 2025, compromising personal information of 42,521 employees and job applicants. Hackers accessed internal systems for two days, stealing names, Social Security numbers, passport numbers, driver's licenses, and employment records.

The attack forced Ingram Micro to take systems offline, causing widespread service outages until operations resumed July 9. The Safepay ransomware group claimed responsibility and allegedly stole 3.5 terabytes of data, later releasing it publicly in August when Ingram Micro apparently refused to pay ransom.

The company is offering affected individuals 24 months of free credit monitoring and identity protection services.

Source: Security Week

Nicholas Moore, a 24-year-old from Springfield, Tennessee, pleaded guilty Friday to hacking the U.S. Supreme Court's filing system on 25 separate occasions in 2023. Using stolen credentials, Moore accessed personal records and bragged about his exploits on Instagram under the handle "@ihackedthegovernment."

Moore also admitted to illegally accessing AmeriCorps computer servers and a Department of Veterans Affairs veteran's health platform, posting screenshots of the stolen information online. He faces up to one year in prison on a misdemeanor computer fraud charge, with sentencing scheduled for April 17 before U.S. District Judge Beryl Howell in Washington, D.C.

Source: Security Week

Security researchers at XM Cyber discovered that Google's Vertex AI contains dangerous default configurations allowing low-privileged users to hijack powerful Service Agent roles. The vulnerability affects two components: the Vertex AI Agent Engine and Ray on Vertex AI.

Attackers can exploit these flaws through "confused deputy" scenarios, starting with minimal read-only permissions but escalating to remote code execution and credential theft. In one attack path, hackers upload malicious code disguised as legitimate tools, then trigger execution to steal Service Agent tokens from instance metadata.

Google dismissed the findings as "working as intended," despite the risks. The Service Agents receive broad project permissions by default, potentially exposing Cloud Storage, BigQuery, and other sensitive resources to unauthorized access.

Source: Cybersecurity News