Browsing: Cyber Incidents

A serious security flaw has been discovered in a popular WordPress plugin called Modular DS, and attackers are already abusing it to take control of websites. The vulnerability allows anyone on the internet to gain administrator access to a site without needing a username or password. Because of this, affected websites can be fully hijacked — content can be changed, malicious code can be inserted, users can be redirected to scam pages, and private data can be stolen. The issue exists in all versions of Modular DS up to version 2.5.1 and has been fixed in version 2.5.2. The plugin…

In late 2025, cybersecurity teams in Ukraine uncovered a highly targeted cyber-espionage campaign aimed at personnel connected to the country’s defense sector. The operation relied on a previously unseen malware strain known as PLUGGYAPE and marked a shift in how attackers deliver malicious software — by abusing trusted messaging platforms rather than traditional email. The campaign ran quietly for several weeks before being detected, and it was specifically designed to blend into normal daily communication patterns, making it extremely difficult for victims to identify the attack. How the Attack Worked Instead of using obvious phishing emails, the attackers reached out…

Security researchers have identified a new supply chain attack targeting the n8n workflow automation platform, where attackers uploaded multiple malicious packages to the npm registry disguised as legitimate community nodes. These packages were crafted to resemble official integrations, including connectors for Google Ads and performance monitoring services. Once installed, they presented standard configuration interfaces, encouraging users to authorize external accounts. The provided OAuth credentials were then covertly extracted and transmitted to attacker-controlled infrastructure. One of the malicious packages imitated a Google Ads connector and prompted users to link their advertising account through what appeared to be a genuine authorization form.…

In January 2026, cybersecurity researchers reported that personal data belonging to approximately 17.5 million Instagram users was being circulated and traded on underground cybercrime forums and illicit data marketplaces. The dataset was discovered on invitation-only forums and dark web platforms commonly used by cybercriminal groups to exchange stolen databases, phishing resources, and access credentials. According to researchers monitoring these forums, the dataset was advertised as an “Instagram user records dump” and was being shared either for direct sale, exchanged for other stolen data, or distributed to selected forum members to build reputation within cybercrime communities. The exposed data reportedly includes…

A sophisticated cyberattack campaign targeting VMware ESXi environments has been uncovered, in which Chinese-speaking threat actors exploited previously unknown vulnerabilities to escape from virtual machines and gain control of the underlying hypervisor. Cybersecurity researchers at Huntress detected the activity in December 2025 and stopped the intrusion before it could reach its final stage. Analysts believe the operation could have been used to deploy ransomware or maintain long-term access to enterprise infrastructure. The attackers initially gained access by compromising a SonicWall VPN appliance. After establishing a foothold, they deployed a custom exploit toolkit designed specifically to target VMware ESXi systems at…

Cybersecurity researchers have uncovered a coordinated abuse of the Google Chrome Web Store involving two browser extensions that were secretly designed to collect and exfiltrate user conversations from artificial intelligence platforms such as ChatGPT and DeepSeek, along with detailed browsing information. The extensions appeared as legitimate AI productivity tools and were marketed as helpers that integrate multiple AI models into the browser. However, behind the scenes, they operated as surveillance tools that quietly harvested sensitive data and transmitted it to servers controlled by unknown threat actors. Investigators confirmed that the two extensions together had been installed by more than 900,000…

The first days of 2026 have already shown that cyber threats didn’t reset with the new year. Instead of dramatic headline-grabbing attacks, most incidents this week followed a familiar pattern — quiet abuse of trusted systems that people use every day. Browser extensions, software updates, login notifications, and even AI tools were misused in ways that felt normal to users, but harmful in reality. That is what made these attacks effective. Below is a summary of the most important cybersecurity developments from this week, explained in simple terms. A Silent Botnet Campaign Is Still Growing Security researchers confirmed that a…

Leduc County, a local government authority in Alberta, Canada, has confirmed that it was the victim of a ransomware cyberattack that disrupted its internal IT systems. The incident was detected on December 25, 2025, when officials noticed unusual activity and partial system outages. A forensic investigation later confirmed that the disruption was caused by a malicious ransomware attack. What Happened? According to county officials, attackers attempted to compromise internal digital systems and restrict access to critical services. As a precaution, several systems were taken offline to prevent further damage and to secure sensitive information. The county immediately engaged a professional…

A cyber espionage group tracked as Transparent Tribe has been linked to a new wave of targeted attacks against Indian government agencies, academic institutions, and strategic research organizations. The campaign uses socially engineered delivery mechanisms and living-off-the-land binaries to deploy a remote access trojan (RAT) that enables long-term access and data collection from compromised systems. Initial Access The attack chain begins with spear-phishing emails carrying compressed archives that contain Windows shortcut (LNK) files disguised as legitimate PDF documents. The LNK files are crafted to execute hidden commands while simultaneously displaying a decoy document to avoid raising suspicion. When opened, the…

What happened? Initial investigation indicates that approximately 6–7% of registered users — estimated at about 108,000 to 126,000 people — may have been affected by this breach. Data at risk Response and investigation Extortion and threat activity