Cyber Security – Page 30 – Simply Secure Group

SloppyLemming Espionage Campaign Uses BurrowShell Backdoor and Rust RAT to Hit Pakistan and Bangladesh Targets

A suspected India-aligned threat group known as SloppyLemming has been conducting a sustained espionage campaign against government agencies, defense organizations, nuclear oversight bodies, and critical infrastructure operators in Pakistan and Bangladesh. Active since 2021 and also tracked as Outrider Tiger and Fishing Elephant, the group deployed two newly documented tools between January 2025 and January […]

Hackers Leverage Telegram for Initial Access to Corporate VPN, RDP, and Cloud Environments

Telegram, once widely recognized as a privacy-focused messaging application, has quietly transformed into one of the most powerful operational platforms used by cybercriminals today. What dark web forums once offered — anonymity, exclusive access, and a marketplace for stolen data — Telegram now delivers at a much faster pace, with far less technical knowledge required […]

Threat Actors Exploit OpenVSX Aqua Trivy with Malicious AI Prompts to Hijack Local Coding Tools

A supply chain attack targeting developers surfaced on March 2, 2026, when unauthorized code was found inside two versions of the Aqua Trivy VS Code extension on the OpenVSX registry. The compromised versions — 1.8.12 and 1.8.13 — were uploaded on February 27 and 28, 2026, under the aquasecurityofficial.trivy-vulnerability-scanner namespace. The attack introduced hidden natural-language prompts designed […]

Chrome Gemini Vulnerability Lets Attackers Access Victims Camera and Microphone Remotely

Chrome Gemini Vulnerability A high-severity security vulnerability has been discovered in Google Chrome’s integrated Gemini AI assistant, exposing users to unauthorized camera and microphone access, local file theft, and phishing attacks, all without requiring any user interaction beyond launching the browser’s built-in AI panel. Tracked as CVE-2026-0628, the flaw was uncovered by researchers at Palo […]

Pixel Perfect Extension Abuse Enables Covert Script Injection and Security Header Removal

A browser extension that once earned a Featured badge from Google quietly turned into a remote code execution tool after its ownership changed hands, exposing thousands of users to covert script injection and full browser security header stripping. The campaign, centered on a legitimate-looking Google Lens wrapper called QuickLens, highlights how even a well-reviewed, functional […]

OpenClaw 0-Click Vulnerability Allows Malicious Websites to Hijack Developer AI Agents

A critical zero-interaction vulnerability in OpenClaw, one of the fastest-growing open-source AI agent frameworks in history, has been discovered by Oasis Security researchers, allowing any malicious website to silently seize full control of a developer’s AI agent without requiring plugins, extensions, or any user action. OpenClaw, a self-hosted AI agent formerly known as Clawdbot and […]

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Hackers Abuse Windows File Explorer WebDAV Cybercriminals are increasingly abusing a legacy feature within Windows File Explorer to distribute malware, bypassing traditional web browser security and endpoint detection controls. According to a threat report by Kahng An of the Cofense Intelligence Team, threat actors are leveraging Web-based Distributed Authoring and Versioning (WebDAV) to trick victims […]

Metasploit Adds New Modules Targeting Linux RC4, BeyondTrust, and Registry Persistence

Metasploit Adds New Modules Targeting Linux RC4 The latest Metasploit update, released on February 27, 2026, brings significant firepower to security professionals and penetration testers. The release introduces seven new modules, nine feature enhancements, and critical bug fixes. Standout additions include unauthenticated remote code execution (RCE) exploits for Ollama, BeyondTrust, and Grandstream VoIP devices, alongside […]

Trump Bans Anthropic AI in Federal Agencies Pentagon Flags Claude as Security Risk

The U.S. government has taken unprecedented action against domestic AI firm Anthropic, directing all federal agencies to immediately stop using its AI model Claude and officially designating the company a supply chain risk to national security, a classification historically reserved for foreign adversaries like Huawei. The standoff reached a critical point on February 28, 2026, […]

Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features

For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain, and watching the network go dark. Law enforcement used this method to dismantle major operations like Emotet, TrickBot, and QakBot. A newly discovered botnet loader called Aeternum C2 has been built specifically to close that door, storing all of its […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.