VulnHub

Real-time Cybersecurity News

Phorpiex malware delivers global group ransomware via phishing

SCM feed for Latest
Actively Exploited
RansomwarePhishingMalware

Overview

A new phishing campaign linked to the Phorpiex malware is targeting users globally, delivering ransomware through emails with malicious attachments. These emails often use deceptive double extensions, such as Document.doc.lnk, to trick recipients into opening them. Once activated, the malware can spread across networks, potentially locking files and demanding ransom payments from affected organizations. This ongoing threat, active throughout 2024 and 2025, poses significant risks to businesses and individuals alike, as it can lead to the loss of sensitive data and financial resources. Users need to remain vigilant about email attachments and ensure robust security measures are in place to defend against such attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Action Required: Users should avoid opening unexpected email attachments, implement email filtering solutions, and maintain updated antivirus software to help mitigate the risk.
  • Timeline: Ongoing since 2024

Original Article Summary

The campaign, active throughout 2024 and 2025, begins with emails containing attachments disguised as documents, often using double extensions like Document.doc.lnk.

Impact

Not specified

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2024

Remediation

Users should avoid opening unexpected email attachments, implement email filtering solutions, and maintain updated antivirus software to help mitigate the risk.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Phishing, Malware.

Read Original Article

Related Coverage

Idoru, Singapore, Gambling, Smartertools, Ivanti, ZeroDayRat, Twiki, Aaran Leyland... - SWN #554

SCM feed for Latest

A recent cybersecurity incident has raised concerns involving multiple companies, including Ivanti and SmarterTools. Researchers discovered a malware strain named ZeroDayRat that targets users of certain gambling platforms in Singapore. This malware is designed to steal sensitive data, potentially impacting users' personal and financial information. The incident is particularly alarming as it highlights the risks associated with online gambling and the importance of securing personal data against such threats. Users are advised to remain vigilant and ensure their devices are protected against this evolving malware.

Feb 10, 2026

In Bypassing MFA, ZeroDayRAT Is 'Textbook Stalkerware'

darkreading

The article discusses the threat posed by a malware known as ZeroDayRAT, which has been identified as a form of stalkerware. This malware can bypass multi-factor authentication (MFA) by gaining access to users' SIM cards, location data, and recent text messages. With this information, attackers can take over accounts or conduct targeted social engineering attacks. The implications are serious, as individuals' privacy and security can be compromised, leading to potential identity theft or harassment. Users need to be vigilant about their mobile security and consider additional protective measures to safeguard their information.

Feb 10, 2026

European Commission hit by cyberattack linked to Ivanti software flaws

SCM feed for Latest

The European Commission recently experienced a cyberattack that took advantage of two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allowed attackers to potentially compromise sensitive information and systems within the Commission. As a key institution in the EU, any breach could have significant implications for data security and operational integrity. The exploitation of these flaws underscores the urgent need for organizations using Ivanti EPMM to assess their security measures and apply necessary updates promptly. This incident serves as a reminder of the ongoing risks associated with unpatched software vulnerabilities.

Feb 10, 2026

Compilers undermine cryptographic software security

SCM feed for Latest

Researchers have identified vulnerabilities in compilers, particularly GCC, that can compromise the security of cryptographic software. The issue arises from how these compilers optimize code, potentially undoing constant-time implementations that are designed to prevent timing attacks. Timing attacks allow attackers to infer sensitive information, like passwords, based on how long it takes a system to respond to requests. This is a significant concern for developers of cryptographic software who rely on constant-time operations to secure user data. Companies that use GCC for their software development should be aware of these vulnerabilities and consider reviewing their code to ensure it remains secure against timing analysis attacks.

Feb 10, 2026

Photo identification apps leak sensitive data of 152,000 users

SCM feed for Latest

A recent security incident has exposed sensitive data of about 152,000 users of various photo identification apps. Researchers from Cybernews discovered that the breaches were due to misconfigured Firebase instances within these applications. The lack of proper authentication and access controls left their databases vulnerable and open to unauthorized access. This incident raises significant concerns about user privacy and the safety of personal information, as such data breaches can lead to identity theft and other malicious activities. Users of these apps should be aware of the risks and take steps to secure their information.

Feb 10, 2026

Critical vulnerability in BeyondTrust software requires urgent patching

SCM feed for Latest

A newly discovered vulnerability, identified as CVE-2026-1731, poses a serious risk to users of BeyondTrust software. This flaw allows for remote code execution without the need for user interaction, meaning that attackers could exploit it through relatively straightforward methods. Organizations using BeyondTrust products should take this threat seriously as it could lead to unauthorized access and control over their systems. Timely patching is crucial to mitigate the risks associated with this vulnerability, especially since it can be exploited before any authentication takes place. Users are advised to check for updates and apply any available patches immediately to protect their systems from potential attacks.

Feb 10, 2026