Weekly INK

Hackers Exploiting Acrobat Reader Zero-Day Flaw Since December Source: BleepingComputer Security researcher Haifei Li discovered that attackers have been actively exploiting an unpatched zero-day vulnerability in Adobe Reader since at least December 2025, using a sophisticated fingerprinting-style PDF exploit that requires no user interaction beyond opening a file. The flaw enables attackers to steal local information via privileged Acrobat APIs and potentially launch follow-

New EvilTokens Service Fuels Microsoft Device Code Phishing Attacks Source: BleepingComputer A new phishing-as-a-service platform called EvilTokens has emerged on Telegram, providing cybercriminals with a turnkey Microsoft device code phishing kit that abuses the OAuth 2.0 device authorization flow to harvest both short-lived access tokens and long-lasting refresh tokens — granting persistent account access without triggering password-based alerts. The kit includes pre-built

FBI Links Signal Phishing Attacks to Russian Intelligence Services Source: BleepingComputer The FBI issued a public service announcement directly attributing widespread campaigns that hijack Signal and WhatsApp accounts to Russian intelligence-linked threat actors, making it the first formal US government attribution of these attacks. Rather than breaking end-to-end encryption, the campaign exploits legitimate device-linking features to silently add attacker-controlled device

FBI Seizes Handala Data Leak Site After Stryker Cyberattack Source: BleepingComputer The FBI has seized two websites operated by the Handala hacktivist group following the group's destructive cyberattack on medical technology giant Stryker, which remotely wiped approximately 80,000 devices. Both the group's clearnet domains now display a federal seizure notice issued under a warrant from the US District Court for the District of Maryland. The seizure follows confirmation that

Medtech giant Stryker offline after Iran-linked wiper malware attack Source: BleepingComputer Iranian-backed hacktivist group Handala claimed responsibility for a devastating wiper malware attack against medical technology giant Stryker, reportedly wiping over 200,000 systems, servers, and mobile devices across offices in 79 countries. The group also claims to have stolen 50 terabytes of data before triggering the destructive wipe. Stryker confirmed the incident in an SEC fil

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets Source: The Hacker News Attackers are abusing legitimate OAuth redirection behavior to route victims from seemingly trusted identity-provider URLs to attacker-controlled pages. Campaigns target public-sector organizations and use links that trigger malware delivery via ZIP payloads, PowerShell execution, and DLL sideloading. Key mitigations include tightening user consent and reviewing OAuth app permi

Attackers Now Need Just 29 Minutes to Own a Network Source: Dark Reading Attack chains are compressing. This piece highlights how modern intrusions move from initial access to full environment control in under an hour by abusing stolen credentials, remote tools, and weak identity controls. For SMBs, the takeaway is clear: focus on MFA, credential hygiene, monitoring, and fast containment playbooks. Link to article CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

Supply Chain Attack Embeds Malware in Android Devices Source: Dark Reading Researchers found malware embedded at the Android firmware level through a supply chain compromise. The threat can copy itself into apps and then pull down additional payloads for ad fraud, browser hijacking, and other remote actions. The key risk is that users may receive devices or updates already compromised. Link to article Flaws in popular VSCode extensions expose developers to attacks Source: Ble

Shai-hulud: The Hidden Costs of Supply Chain Attacks Source: Dark Reading A new breed of self propagating supply chain malware in open source ecosystems can rapidly alter thousands of software packages and create downstream damage well beyond the initial victim. The article explains how these campaigns spread, why detection is difficult, and what organizations must do to reduce software dependency risk. Link to article CISA warns of SmarterMail RCE flaw used in ransomware att