A recently uncovered AiTM phishing campaign shows how modern cyberattacks are increasingly designed to look and feel like routine business activity. According to researchers at Microsoft, threat actors deliberately abused familiar collaboration tools to gain access, remain unnoticed, and eventually turn compromised accounts into launchpads for large-scale fraud. By misusing Microsoft SharePoint, attackers blended seamlessly into everyday workflows—making it extremely difficult for employees to tell the difference between legitimate work and a malicious operation. Why This AiTM Phishing Campaign Worked So Well This adversary-in-the-middle phishing attack did not rely on obvious red flags. Instead, it took advantage of habits employees…
Author: V Diwahar
V Diwahar
V Diwahar is a final-year B.E Cybersecurity student, independent security researcher, and founder of CyberInfos.in an - global cybersecurity analysis blog delivering technical depth, expert threat intelligence, and actionable security guidance to readers across the US, UK, Europe, Asia, and beyond. With hands-on academic and practical experience in ethical hacking, network security, malware analysis, penetration testing, vulnerability research, and digital forensics, I brings a practitioner's perspective to every article going beyond headlines to analyse what vulnerabilities and breaches actually mean, who is genuinely at risk, and what every reader should do about it right now. Every article published on CyberInfos.in is built on verified technical research CVE details cross-referenced with nvd.nist.gov, attack mechanics explained using real tools and lab environments, and expert analysis that challenges official statements when the evidence demands it. I founded CyberInfos.in with a single mission: to fill the gap between generic press-release rewrites and inaccessible technical papers delivering cybersecurity analysis that is deep enough for security professionals, clear enough for business owners, and actionable enough for everyone.
A widespread FortiGate firewall hacked campaign is actively unfolding, as threat actors carry out automated attacks designed to steal sensitive configuration data from exposed devices. Since January 15, 2026, security teams have observed attackers gaining unauthorized administrative access, exporting firewall configurations, and quietly creating new accounts to retain long-term control. This FortiGate firewall attack in 2026 is especially concerning because it closely mirrors activity first seen in December 2025, shortly after Fortinet disclosed critical authentication bypass vulnerabilities related to FortiCloud single sign-on (SSO). Researchers warn that even organizations that patched promptly may still be exposed if attackers established persistence before…
A widespread kernel driver ransomware attack is actively being used by threat actors to shut down security defenses before ransomware is deployed. What makes this campaign especially dangerous isn’t flashy malware or zero-day exploits it’s the quiet misuse of trust. Attackers are loading legitimate drivers to pull the plug on security tools, clearing the path for encryption and long-term compromise. In the first stages of this kernel driver ransomware attack, victims often see nothing unusual, even as protection is systematically dismantled behind the scenes. Incident Overview and Timeline Here’s the thing: this activity didn’t appear overnight. Researchers first noticed attackers…
The North Korea VS Code malware attack is drawing urgent attention from security teams this week after researchers confirmed that developers are being targeted through fake job interview assignments. According to published reports, North Korean state-linked actors are distributing malicious repositories that abuse everyday developer workflows. The activity matters now because affected developers often work in cryptocurrency and fintech, where a single compromised machine can expose sensitive code, credentials, and digital assets Key Facts Box Date disclosed: December 2025 – January 2026 Threat actors: DPRK-linked Contagious Interview campaign Primary targets: Software developers Attack classification: developer supply chain attack Initial access…
The LinkedIn RAT malware campaign uncovered in January 2026 is a clear sign that phishing has outgrown email. Cybersecurity researchers revealed that attackers are now using LinkedIn private messages to distribute malware through DLL sideloading, quietly targeting professionals who rely on the platform for daily business communication. Here’s the thing LinkedIn feels safe. Familiar. Routine. That assumption is exactly what makes this campaign effective. By exploiting trust rather than software flaws, attackers have found a low-friction path into corporate environments, one that many organizations still fail to monitor. This article breaks down what’s happening, how the attack works, and what…
This cybersecurity weekly report for 11–17 January 2026 documents a week defined by scale, speed, and systemic exposure. Across industries, attackers demonstrated that exploiting trust relationships—APIs, third-party vendors, and automation platforms—remains more effective than breaching hardened perimeters. High-impact data exposures in social media, healthcare, and e-commerce created immediate downstream risks, particularly phishing, identity fraud, and account takeover attempts. At the same time, defendersansomware operators accelerated activity despite declining ransom payments, signaling a shift toward volume-driven campaigns, double- and triple-extortion models, and monetization through data resale rather than encryption alone. The disclosure of a critical unauthenticated remote code execution vulnerability in…