Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-05 02:00 PST
- Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
Securelist • 2026-02-05 01:00 • securelist.com
We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.
https://securelist.com/stan-ghouls-in-uzbekistan/118738/ - Broken Phishing URLs, (Thu, Feb 5th)
SANS ISC Diary (full) • 2026-02-05 00:43 • isc.sans.eduFor a few days, many phishing emails that landed into my mailbox contain strange URLs. They are classic emails asking you to open a document, verify your pending emails, …
- Malicious Script Delivering More Maliciousness, (Wed, Feb 4th)
SANS ISC Diary (full) • 2026-02-04 23:58 • isc.sans.eduToday, I received an interesting email with a malicious attachment. When I had a look at the automatic scan results, it seemed to be a malicious script to create a Chrome Injector to steal data. Because InfoStealers are very common these days, it looked “legit†but there was something different. The .bat file looks to be a fork of the one found in many GitHub repositories[1].
- Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
The Hacker News • 2026-02-04 22:16 • thehackernews.com
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands.
The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that
https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html - Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
The Hacker News • 2026-02-04 20:56 • thehackernews.com
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker’s infrastructure.
Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX
https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
