Cyber Security Badge

CyberNetSec.io

Daily Cybersecurity Threat Briefings

Home Publications

Security Advisories & Threat Intelligence

Real-time cybersecurity alerts, vulnerability advisories, and threat analysis

Filter by Category

Showing 1 - 10 of 776 articles
1 / 78
Per page:

New '0APT' Extortion Group Fakes Data Breach in Bluff Attack on Australian Hospital

MEDIUM

Fake Ransomware Group '0APT' Targets Epworth HealthCare with Extortion Bluff

A new extortion group calling itself '0APT' has targeted Australia's Epworth HealthCare, claiming to have stolen 920GB of sensitive patient and financial data. The group listed the hospital on its darknet leak site on February 4, 2026, threatening to publish the data if a ransom was not paid. However, Epworth HealthCare conducted a thorough investigation with external cybersecurity experts and found "no verified evidence of any impact to our systems or data." Cybersecurity researchers have corroborated this, assessing that 0APT is likely a "fake" ransomware operation. The group's modus operandi involves posting a high volume of victims without providing credible proof of a breach, instead using empty files or random data streams. This tactic relies on psychological pressure and the threat of reputational damage to extort payment, representing a shift from technical intrusion to pure intimidation.

Feb 9, 2026
5 min read
Ransomware
Threat Actor
Data Breach
0APTRansomwareExtortionBluff AttackHealthcare +2 more
New '0APT' Extortion Group Fakes Data Breach in Bluff Attack on Australian Hospital

KillSec Ransomware Group Claims Attack on Nigerian Tech Startup Getly

MEDIUM

Nigerian Startup Getly Targeted by KillSec Ransomware Group

The ransomware group known as KillSec has claimed responsibility for a cyberattack on Getly, a Nigerian technology startup. On February 9, 2026, the group posted the claim on its platform, stating it had breached the company and exfiltrated sensitive data. KillSec has threatened to leak the stolen information if its unspecified ransom demands are not met. Getly, which operates the `getly.app` domain, has not yet publicly commented on the alleged breach, and the claims have not been independently verified. The incident highlights the global reach of ransomware gangs and the increasing risk they pose to startups and small businesses in emerging markets, not just large enterprises.

Feb 9, 2026
4 min read
Ransomware
Threat Actor
Cyberattack
KillSecRansomwareNigeriaStartupCybercrime
KillSec Ransomware Group Claims Attack on Nigerian Tech Startup Getly

Australia Post Phishing Scam Harvests Credit Card and OTP Data

MEDIUM

Phishing Campaign Impersonating Australia Post Aims to Steal Payment Data and One-Time Passcodes

A widespread phishing campaign is actively targeting Australians by impersonating Australia Post. Cybersecurity firm MailGuard intercepted the scam on February 9, 2026, which uses emails with the subject line "Parcel Awaiting Instructions." The emails claim a delivery has failed due to an incomplete address and trick recipients into clicking a link to pay a small, fraudulent shipping fee of 1.99 AUD. The link leads to a sophisticated, multi-stage credential harvesting site designed to look like an official Australia Post portal. The site first captures the victim's full credit card details and phone number, and then, in a final crucial step, prompts for the one-time passcode (OTP) sent to their mobile. This allows the attackers to authorize fraudulent transactions immediately. The sender's email address is a clear giveaway, and users are advised to be vigilant.

Feb 9, 2026
5 min read
Phishing
Cyberattack
PhishingAustralia PostScamCredential HarvestingOTP Theft +1 more
Australia Post Phishing Scam Harvests Credit Card and OTP Data

AI Supply Chain Attack: Hundreds of Malicious 'Skills' on ClawHub Marketplace Steal Credentials

HIGH

Supply Chain Attack Hits OpenClaw AI Ecosystem via Malicious 'Skills' on ClawHub

A significant software supply chain attack is targeting users of the OpenClaw AI assistant through its community marketplace, ClawHub. Security researchers have discovered hundreds of malicious 'skills'—add-ons that extend the AI's functionality—that have been published by threat actors. These skills masquerade as useful tools, such as wallet trackers or content summarizers, but their installation instructions trick users into downloading malware. The primary payloads include the Atomic Stealer infostealer for macOS and other backdoors and keyloggers for Windows. The attack leverages the trusted, open-source nature of the marketplace, which lacked a formal review process for submissions. In response to the discovery by KOI Security and SlowMist, the OpenClaw team has partnered with VirusTotal to automatically scan all skills uploaded to ClawHub to prevent further abuse.

Feb 9, 2026
5 min read
Supply Chain Attack
Malware
Cloud Security
Supply Chain AttackAIArtificial IntelligenceOpenClawClawHub +2 more
AI Supply Chain Attack: Hundreds of Malicious 'Skills' on ClawHub Marketplace Steal Credentials

'Bloody Wolf' APT Deploys NetSupport RAT in Espionage Campaign

HIGH

'Bloody Wolf' APT Targets Russia and Uzbekistan with NetSupport RAT in Financial and Espionage Attacks

Security researchers have uncovered an active spear-phishing campaign attributed to the threat actor 'Bloody Wolf' (also tracked as Stan Ghouls). The campaign targets organizations primarily in Uzbekistan and Russia, with a focus on manufacturing, finance, and IT sectors, though government and other entities have also been targeted. The attackers use phishing emails with password-protected ZIP archives containing a malicious LNK file. When executed, this file downloads and installs the legitimate remote administration tool, NetSupport RAT, which gives the attackers full control over the victim's system. The motives appear to be mixed, pointing towards both financially motivated cybercrime and state-aligned cyber espionage. This campaign marks a shift in tooling for the group, which previously used the STRRAT malware.

Feb 9, 2026
5 min read
Threat Actor
Cyberattack
Malware
Bloody WolfAPTNetSupport RATSpear-phishingUzbekistan +2 more
'Bloody Wolf' APT Deploys NetSupport RAT in Espionage Campaign

China-Linked UNC3886 Hits All Major Singapore Telcos in Coordinated Zero-Day Attack

CRITICAL

Coordinated Espionage Campaign by UNC3886 Targets All Major Singapore Telecommunication Providers

Singaporean authorities have revealed that all four of the nation's major telecommunication providers were targeted in a sophisticated and coordinated cyber espionage campaign. The attack is attributed to UNC3886, a Chinese-linked advanced persistent threat (APT) group known for targeting critical infrastructure. The attackers exploited a zero-day vulnerability in the telcos' perimeter firewalls to gain initial access. Once inside, the group stole a limited amount of technical data and used advanced techniques to evade detection. While the attackers have not yet penetrated the core networks, officials noted their capability to deploy tools that could disrupt internet and telecommunications services. In response, Singapore has launched one of its largest-ever coordinated cyber defense operations, involving government agencies and the affected telcos working together to hunt for the intruders and harden national infrastructure.

Feb 9, 2026
5 min read
Threat Actor
Cyberattack
Vulnerability
UNC3886APTZero-DaySingaporeTelecommunications +2 more
China-Linked UNC3886 Hits All Major Singapore Telcos in Coordinated Zero-Day Attack

BeyondTrust Patches Critical 9.9 CVSS RCE Zero-Day in Remote Access Tools

CRITICAL

BeyondTrust Patches Critical 9.9 CVSS Zero-Day (CVE-2026-1731) in Remote Support and Privileged Remote Access Products

BeyondTrust has patched a critical zero-day vulnerability, CVE-2026-1731, affecting its self-hosted Remote Support (RS) and Privileged Remote Access (PRA) products. The flaw is a pre-authentication remote code execution (RCE) vulnerability with a CVSS score of 9.9, indicating extreme severity. It allows an unauthenticated attacker to execute arbitrary OS commands on a vulnerable appliance by sending a specially crafted network request, requiring no user interaction. This could lead to a full server compromise. The vulnerability affects RS versions 25.3.1 and earlier, and PRA versions 24.3.4 and earlier. BeyondTrust has already secured its cloud instances, but is urging all on-premise customers to upgrade to the patched versions immediately. The flaw was discovered and responsibly disclosed by a security researcher.

Feb 9, 2026
5 min read
Vulnerability
Patch Management
BeyondTrustCVE-2026-1731Zero-DayRCEVulnerability +2 more
BeyondTrust Patches Critical 9.9 CVSS RCE Zero-Day in Remote Access Tools

CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

CRITICAL

Ivanti Issues Emergency Patches for Two Critical, Actively Exploited RCE Vulnerabilities in Endpoint Manager Mobile (EPMM)

Ivanti has released urgent security patches for two critical remote code execution (RCE) vulnerabilities, CVE-2026-1281 and CVE-2026-1340, affecting its Endpoint Manager Mobile (EPMM) solution, formerly MobileIron Core. Both flaws are rated 9.8 out of 10 on the CVSS scale and are confirmed to be actively exploited in the wild as zero-days. An unauthenticated attacker can exploit these vulnerabilities to execute arbitrary code on an affected appliance, granting them access to sensitive mobile device management data. Given the active exploitation, administrators are urged to apply the temporary RPM script patches immediately while awaiting a permanent fix in the upcoming version 12.8.0.0.

Updated: Feb 9, 2026
5 min read
Vulnerability
Patch Management
Cyberattack
Zero-DayRCERemote Code ExecutionMobileIronMDM +2 more
CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

Nationwide Outage: BridgePay Payment Gateway Confirms Ransomware Attack Crippled Production Systems

CRITICAL

BridgePay Confirms Ransomware Attack Responsible for Crippling Nationwide Payment Gateway Outage

U.S. payment gateway provider BridgePay Network Solutions has confirmed a ransomware attack was the cause of a massive service outage that began on February 6, 2026. The attack took down numerous production systems, including the BridgePay Gateway API, virtual terminals, and hosted payment pages, disrupting credit and debit card processing for merchants across the United States in sectors like retail, hospitality, and government. Many businesses were forced to revert to cash-only operations. BridgePay has engaged the FBI and U.S. Secret Service. While the company states that an initial investigation suggests no usable payment card data was exposed due to encryption, a timeline for full service restoration has not been provided, and the process is expected to be lengthy.

Feb 8, 2026
4 min read
Ransomware
Cyberattack
Data Breach
RansomwareBridgePayPayment GatewayCyberattackOutage +1 more
Nationwide Outage: BridgePay Payment Gateway Confirms Ransomware Attack Crippled Production Systems

EDR-Killer Malware Weaponizes Decade-Old EnCase Driver in BYOVD Attacks

HIGH

Attackers Abuse Revoked EnCase Driver ('EnPortv.sys') in BYOVD Attack to Disable EDR and Deploy Ransomware

Threat actors are using a new EDR-killing malware that leverages a 'Bring Your Own Vulnerable Driver' (BYOVD) technique to disable endpoint security products. Researchers at Huntress discovered the malware during an intrusion that began with compromised SonicWall SSL VPN credentials. The attackers abuse `EnPortv.sys`, a legitimate but long-revoked kernel driver from Guidance Software's EnCase forensic toolkit. Despite its certificate being revoked in 2010, a gap in Windows' driver signature enforcement allows it to be loaded, granting the attackers kernel-level privileges. The malware uses these privileges to terminate 59 different processes associated with major EDR vendors like CrowdStrike, SentinelOne, and Microsoft, clearing the way for ransomware deployment.

Feb 8, 2026
4 min read
Malware
Ransomware
Threat Actor
BYOVDEDRMalwareRansomwareEnCase +3 more
EDR-Killer Malware Weaponizes Decade-Old EnCase Driver in BYOVD Attacks
Showing 1 - 10 of 776 articles
1 / 78