N8n webhooks abused since October 2025, with phishing volume up 686%, enabling malware delivery and device tracking.
Category: cybercrime/malcode – Page 7
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest.
Tom Gallagher, Vice President of Engineering at Microsoft Security Response Center (MSRC), said that over 80 flaws found during the live event at Microsoft’s Redmond campus were high-impact cloud and AI security vulnerabilities.
“During the 2026 live hacking event, Microsoft partnered with the global security research community, representing more than 20 countries and a wide range of professional backgrounds, from high school students to college professors,” Gallagher said.
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
A malicious actor planted the backdoor code last year but only recently started pushing it to users via updates, generating spam pages and causing redirects, as per the instructions received from the command-and-control (C2) server.
The compromise affects plugins with hundreds of thousands of active installations and was spotted by Austin Ginder, the founder of managed WordPress hosting provider Anchor Hosting, after receiving a tip about one add-on containing code that allowed third-party access.
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited.
According to Socket, the extensions (complete list here) are published under five distinct publisher identities – Yana Project, GameGen, SideGames, Rodeo Games, and InterAlt – and have collectively amassed about 20,000 installs in the Chrome Web Store.
“All 108 route stolen credentials, user identities, and browsing data to servers controlled by the same operator,” security researcher Kush Pandya said in an analysis.
Crypto-exchange Kraken extorted by hackers after insider breach
The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data.
The company’s Chief Security Officer, Nick Percoco, stated that the incident did not put client funds at risk and involved an insider threat, with two instances of improper access to limited customer data by support employees.
Kraken says that it will not pay or negotiate with the threat actor.
Microsoft adds Windows protections for malicious Remote Desktop files
Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default.
RDP files are commonly used in enterprise environments to connect to remote systems because admins can preconfigure them to automatically redirect local resources to the remote host.
Threat actors have increasingly abused this functionality in phishing campaigns. The Russian state-sponsored APT29 hacking group has previously used rogue RDP files to remotely steal data and credentials from victims.
Stolen Rockstar Games analytics data leaked by extortion gang
Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site.
The threat actors claim the data was taken from Snowflake environments using authentication tokens stolen during a recent Anodot security incident.
They have now published what they say is Rockstar Games data containing more than 78.6 million records.
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation.
According to a joint advisory issued by multiple U.S. federal agencies on Tuesday, Iranian state-backed hacking groups have been targeting Rockwell Automation/Allen-Bradley PLC devices since March 2026, causing operational disruptions and financial losses.
“Iranian-affiliated APT targeting campaigns against U.S. organizations have recently escalated, likely in response to hostilities between Iran, and the United States and Israel,” the authoring agencies warned.
