Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
by info@thehackernews.com (The Hacker News) on January 31, 2026 at 12:02 pm
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It's said to coincide with the nationwide unrest in Iran that began towards the end of 2025,
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
by info@thehackernews.com (The Hacker News) on January 31, 2026 at 7:58 am
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim
CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
by info@thehackernews.com (The Hacker News) on January 31, 2026 at 7:05 am
CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country. The incident took place on December 29, 2025. The agency has attributed the attacks to
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
by info@thehackernews.com (The Hacker News) on January 30, 2026 at 1:42 pm
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
by info@thehackernews.com (The Hacker News) on January 30, 2026 at 12:08 pm
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently