Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-27 07:00 PST
- ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The Hacker News • 2026-02-27 04:43 • thehackernews.com
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks.
The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware
https://thehackernews.com/2026/02/scarcruft-uses-zoho-workdrive-and-usb.html - Ukrainian man pleads guilty to running AI-powered fake ID site
BleepingComputer • 2026-02-27 04:30 • www.bleepingcomputer.com
A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide. […]
https://www.bleepingcomputer.com/news/security/ukrainian-man-pleads-guilty-to-running-ai-powered-fake-id-site/ - Fake Fedex Email Delivers Donuts!, (Fri, Feb 27th)
SANS ISC Diary (full) • 2026-02-27 04:22 • isc.sans.eduIt's Friday, let's have a look at another simple piece of malware to close a busy week! I received a Fedex notification about a delivery. Usually, such emails are simple phishing attacks that redirect you to a fake login page to collect your credentials. Here, it was a bit different:
- Why Tehran’s Two-Tiered Internet Is So Dangerous
Schneier on Security • 2026-02-27 04:05 • www.schneier.comIran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the stand…
https://www.schneier.com/blog/archives/2026/02/why-tehrans-two-tiered-internet-is-so-dangerous.html - Phishing Attacks Against People Seeking Programming Jobs
Schneier on Security • 2026-02-27 04:04 • www.schneier.comThis is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run the code they are supposed to work on, it installs malware on their system.
News article.
- Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
The Hacker News • 2026-02-27 02:06 • thehackernews.com
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT).
“A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar,” the Microsoft Threat Intelligence team said in a post on X. “This downloader used PowerShell
https://thehackernews.com/2026/02/trojanized-gaming-tools-spread-java.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
