Passwords remain one of the most fragile points in modern security. Organizations often strengthen authentication by adding complexity length requirements, special characters, rotation rules but these controls frequently clash with human behavior. When passwords become hard to remember, users fall back on what feels familiar. In many environments, that familiarity comes directly from the organization itself. Company names, product terms, locations, and internal language quietly shape how users create passwords, even when they believe they’re choosing something unique.Attackers have long understood this pattern. Instead of relying on artificial intelligence or massive generic dictionaries, many credential attacks begin with something far…
Author: V Diwahar
V Diwahar
V Diwahar is a final-year B.E Cybersecurity student, independent security researcher, and founder of CyberInfos.in an - global cybersecurity analysis blog delivering technical depth, expert threat intelligence, and actionable security guidance to readers across the US, UK, Europe, Asia, and beyond. With hands-on academic and practical experience in ethical hacking, network security, malware analysis, penetration testing, vulnerability research, and digital forensics, I brings a practitioner's perspective to every article going beyond headlines to analyse what vulnerabilities and breaches actually mean, who is genuinely at risk, and what every reader should do about it right now. Every article published on CyberInfos.in is built on verified technical research CVE details cross-referenced with nvd.nist.gov, attack mechanics explained using real tools and lab environments, and expert analysis that challenges official statements when the evidence demands it. I founded CyberInfos.in with a single mission: to fill the gap between generic press-release rewrites and inaccessible technical papers delivering cybersecurity analysis that is deep enough for security professionals, clear enough for business owners, and actionable enough for everyone.
Flickr has confirmed a potential data breach involving a third-party email service provider, raising concerns that user account metadata may have been exposed. While there is no evidence of a direct compromise of Flickr’s core systems, the incident could still affect a significant portion of its user base estimated at around 35 million monthly users. The incident was disclosed on 5 February 2026, with public reporting emerging over 5–6 February. Flickr says it acted quickly after being alerted, but investigations are still ongoing. Below is a clear breakdown of what happened, what data is at risk, and what users should…
A newly attributed record-breaking distributed denial-of-service (DDoS) attack has underscored just how extreme modern cyberattacks have become. The AISURU/Kimwolf botnet is now believed to be behind a 31.4 (Tbps) terabits-per-second assault that lasted just 35 seconds, making it one of the most powerful DDoS attacks ever observed. The attack occurred in November 2025 and was automatically detected and mitigated by Cloudflare, preventing disruption despite its unprecedented scale. According to Cloudflare, this incident was part of a broader surge in hyper-volumetric HTTP DDoS attacks throughout Q4 2025, a trend that shows no signs of slowing. What Happened and Why It Matters DDoS…
More than 3,280,081 Fortinet devices are currently exposed online with internet-facing web properties, leaving a significant number of organizations at serious risk of compromise. The exposure is linked to CVE-2026-24858, a critical FortiCloud SSO authentication-bypass vulnerability that is already being actively exploited in the wild. The flaw carries a CVSS score of 9.4, placing it among the most severe Fortinet vulnerabilities disclosed in 2026. It impacts widely deployed products including FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb. With attackers already abusing the weakness, security teams are under increasing pressure to act quickly to prevent unauthorized access and potential network-wide compromise. What…
ClawdBot, now operating under the name Moltbot, has quickly moved from a niche developer project to one of the most talked-about examples of an autonomous AI agent in 2026. Often promoted as a self-hosted, always-on AI employee, ClawdBot AI is designed to stay running in the background, remember context over time, and carry out real actions on behalf of its user. At the same time, growing attention around ClawdBot security risks has triggered serious concern across the cybersecurity and AI research communities. Many experts now point to Moltbot AI as a real-world illustration of broader agentic AI security challenges situations…
The discovery of a new malicious VS Code extension is another reminder that developer tools especially AI-driven ones are increasingly being abused by attackers. Security researchers recently uncovered a fake Moltbot VS Code extension malware campaign that made its way into Microsoft’s official Visual Studio Code Marketplace, quietly turning a supposed AI coding assistant into a backdoor. At first glance, the extension appeared to be tied to Moltbot, also known as Clawdbot, and promised developers a free AI-powered coding experience. In reality, the Moltbot AI coding assistant malware installed a remote access component that allowed attackers to maintain long-term control…