Cybersecurity on Tenu Tech Brief

Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)

Thu, 26 Feb 2026 02:11:08 +0000

• Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary] [This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS • edu

Chinese Police Use ChatGPT to Smear Japan PM Takaichi

Thu, 26 Feb 2026 00:00:00 +0000

• A Chinese keyboard warrior inadvertently leaked information about politically motivated influence operations through a ChatGPT account

Flaws in Claude Code Put Developers' Machines at Risk

Wed, 25 Feb 2026 22:02:32 +0000

• The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains

Fake Next.js job interview tests backdoor developer's devices

Wed, 25 Feb 2026 21:47:12 +0000

• js job interview tests backdoor developer’s devices February 25, 2026 04:47 PM 0 A coordinated campaign targeting software developers with job-themed lures is using malicious rep

RAMP Forum Seizure Fractures Ransomware Ecosystem

Wed, 25 Feb 2026 21:14:21 +0000

• Researchers suggest defenders monitor how these malicious groups re-form and leverage the useful threat intel to guide their next moves

The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary], (Wed,...

Wed, 25 Feb 2026 21:09:28 +0000

• The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] [This is a guest diary contributed by Claire Perry (Linked

PCI Council Says Threats to Payments Systems Are Speeding Up

Wed, 25 Feb 2026 19:15:33 +0000

• The PCI Security Standards Council experienced a record year in many regards, but its first annual report shows it needs to work even faster to stay ahead of attackers

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Wed, 25 Feb 2026 17:46:00 +0000

• Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure

Chinese cyberspies breached dozens of telecom firms, govt agencies

Wed, 25 Feb 2026 17:00:15 +0000

• Chinese cyberspies breached dozens of telecom firms, govt agencies February 25, 2026 12:00 PM 0 Google’s Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a glob

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Wed, 25 Feb 2026 16:42:00 +0000

• Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent access to infected machines

The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI

Wed, 25 Feb 2026 16:16:40 +0000

• Weak access controls, AI confusion, and the interconnection of business continue to expand Threat • More than half (56%) of the 400,000 vulnerabilities IBM X-Force tracked in 202

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments

Wed, 25 Feb 2026 16:01:45 +0000

• Google announced on Wednesday that it has disrupted a significant China-linked cyberespionage campaign targeting telecoms and government organizations worldwide • The threat acto

Marquis sues SonicWall over backup breach that led to ransomware attack

Wed, 25 Feb 2026 15:54:44 +0000

• Marquis sues SonicWall over backup breach that led to ransomware attack February 25, 2026 10:54 AM 0 Marquis Software Solutions has filed a lawsuit against SonicWall, accusing th

SLH Offers $500-$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

Wed, 25 Feb 2026 15:06:00 +0000

• SLH Offers $500-$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks The notorious cybercrime collective known asScattered LAPSUS$ Hunters(SLH) has been observed off

The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web

Wed, 25 Feb 2026 15:01:11 +0000

• The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web February 25, 2026 10:01 AM 0 OpenClaw started as a side project of a developer who wanted to make his (a

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Wed, 25 Feb 2026 14:30:00 +0000

• Triage is supposed to make things simpler • In a lot of teams, it does the opposite • When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-for

Why 'Call This Number' TOAD Emails Beat Gateways

Wed, 25 Feb 2026 14:00:00 +0000

• Attackers are bypassing email gateways through telephone-oriented attack delivery (TOAD), in which the only email payload is a phone number

Medical Device Maker UFP Technologies Hit by Cyberattack

Wed, 25 Feb 2026 13:40:46 +0000

• Medical device manufacturer UFP Technologies on Tuesday disclosed a cybersecurity incident that involved the theft of files and the disruption of some IT systems • UFP Technologi

Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia

Wed, 25 Feb 2026 12:59:30 +0000

• An Australian national was sentenced to 87 months in a US prison for stealing trade secrets from a defense contractor and selling them to a Russian cyber-exploit broker • Accordi

Zyxel warns of critical RCE flaw affecting over a dozen routers

Wed, 25 Feb 2026 12:53:02 +0000

• Zyxel warns of critical RCE flaw affecting over a dozen routers February 25, 2026 07:53 AM 0 Taiwan networking provider Zyxel has released security updates to address a critical

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Wed, 25 Feb 2026 12:43:00 +0000

• Malicious NuGet Packages Stole ASP • NET Data; npm Package Dropped Malware Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP

Over 12 Million Users Impacted by CarGurus Data Breach

Wed, 25 Feb 2026 12:32:59 +0000

• More than 12 million users have been affected by a data breach at automotive research and shopping website CarGurus.The incident was disclosed last week, when the infamous extort

'Richter Scale' Model Measures Magnitude of OT Cyber Incidents

Wed, 25 Feb 2026 12:00:00 +0000

• ICS/OT experts have devised a scoring system for rating the severity and effects of cybersecurity events in operational technology environments.

Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems

Wed, 25 Feb 2026 12:00:00 +0000

• Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) today issuedEme

Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site

Wed, 25 Feb 2026 11:35:48 +0000

• Las Vegas-based high-end casino and hotel operator Wynn Resorts has confirmed that hackers have stolen employee data.‘We have learned that an unauthorized third party acquired ce

Manual Processes Are Putting National Security at Risk

Wed, 25 Feb 2026 11:00:00 +0000

• Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive

Astelia Raises $35 Million for Exposure Management

Wed, 25 Feb 2026 10:38:33 +0000

• Cybersecurity startup Astelia has announced raising $35 million in seed and Series A funding. • The investment was led by Index Ventures and Team8, with additional support from H

US sanctions Russian broker for buying stolen zero-day exploits

Wed, 25 Feb 2026 10:31:13 +0000

• US sanctions Russian broker for buying stolen zero-day exploits February 25, 2026 05:31 AM 0 The U.S. • Treasury Department has sanctioned a Russian exploit broker who bought sto

Reddit Hit With $20 Million UK Data Privacy Fine Over Child Safety Failings

Wed, 25 Feb 2026 10:04:16 +0000

• Britain’s data privacy watchdog slapped online forum Reddit on Tuesday with a fine worth nearly $20 million for failures involving children’s personal information • The Informati

Claude's New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging

Wed, 25 Feb 2026 09:44:02 +0000

• The stocks of major cybersecurity companies have fallen sharply after AI firm Anthropic unveiled a new security capability for its Claude LLM.Anthropic announced on Friday that i

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

Wed, 25 Feb 2026 08:49:00 +0000

• Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker A 39-year-old Australian national who was previously employed at U.S. • defense contractor L3Harris h

Ad Tech Company Optimizely Targeted in Cyberattack

Wed, 25 Feb 2026 08:23:55 +0000

• Ad tech firm Optimizely has confirmed that threat actors accessed certain internal business systems through a sophisticated voice phishing (vishing) attack.The incident, the comp

Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker

Wed, 25 Feb 2026 08:21:40 +0000

• Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker February 25, 2026 03:21 AM 0 The former head of Trenchant, a specialized U.S. • defense contractor unit, w

Operation Red Card 2.0 Leads to 651 Arrests in Africa

Wed, 25 Feb 2026 08:00:00 +0000

• In the latest operation targeting cybercrime groups, African law enforcement agencies cooperated with Interpol and cybersecurity firms to recover more than USD 4.3 million.

Windows 11 KB5077241 update improves BitLocker, adds Sysmon tool

Wed, 25 Feb 2026 07:51:51 +0000

• Windows 11 KB5077241 update improves BitLocker, adds Sysmon tool February 25, 2026 02:51 AM 0 Microsoft has released the KB5077241 optional cumulative update for Windows 11, whic

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

Wed, 25 Feb 2026 07:04:00 +0000

• SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution SolarWinds hasreleased updatesto address four critical security flaws in its Serv-U file transfer sof

Phishing campaign targets freight and logistics orgs in the US, Europe

Tue, 24 Feb 2026 23:57:58 +0000

• Phishing campaign targets freight and logistics orgs in the US, Europe February 24, 2026 06:57 PM 0 A financially motivated threat group dubbed ‘Diesel Vortex’ is stealing creden

Wynn Resorts confirms employee data breach after extortion threat

Tue, 24 Feb 2026 21:51:20 +0000

• Wynn Resorts confirms employee data breach after extortion threat February 24, 2026 04:51 PM 0 Wynn Resorts has confirmed that a hacker stole employee data from its systems after

1Campaign platform helps malicious Google ads evade detection

Tue, 24 Feb 2026 21:45:05 +0000

• 1Campaign platform helps malicious Google ads evade detection February 24, 2026 04:45 PM 0 A newly identified cybercrime service known as 1Campaign is enabling threat actors to r

Attackers Now Need Just 29 Minutes to Own a Network

Tue, 24 Feb 2026 21:38:15 +0000

• Credential misuse, AI tools, and security blind spots help attackers move through breached networks faster than ever, CrowdStrike finds.

Lazarus Group Picks a New Poison: Medusa Ransomware

Tue, 24 Feb 2026 21:18:04 +0000

• Cyberattacks & Data Breaches Cyber Risk Endpoint Security Threat Intelligence News Lazarus Group Picks a New Poison: Medusa Ransomware The North Korean threat group also leverage

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

Tue, 24 Feb 2026 18:52:00 +0000

• RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN A vulnerability inGitHub Codespacescould have been exploited by bad actors to seize control of repositor

CarGurus data breach exposes information of 12.4 million accounts

Tue, 24 Feb 2026 18:08:20 +0000

• CarGurus data breach exposes information of 12.4 million accounts February 24, 2026 01:08 PM 0 The ShinyHunters extortion group has published personal information in more than 12

Open Redirects: A Forgotten Vulnerability?, (Tue, Feb 24th)

Tue, 24 Feb 2026 18:04:01 +0000

• Open Redirects: A Forgotten Vulnerability? • In 2010, OWASP added ‘Unvalidated Redirects and Forwards’ to its Top 10 list and merged it into ‘Sensitive Data Exposure’ in 2013 [ow

Microsoft adds Copilot data controls to all storage locations

Tue, 24 Feb 2026 17:30:10 +0000

• Microsoft adds Copilot data controls to all storage locations February 24, 2026 12:30 PM 0 Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 C

Developer-targeting campaign using malicious Next.js repositories

Tue, 24 Feb 2026 17:28:24 +0000

• Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical a

'Arkanix Stealer' Malware Disappears Shortly After Debut

Tue, 24 Feb 2026 15:20:06 +0000

• A new infostealer named ‘Arkanix Stealer’ operated as a malware-as-a-service (MaaS) enterprise in a one-shot campaign, Kaspersky says.Implemented in both C++ and Python, the malw

Identity-First AI Security: Why CISOs Must Add Intent to the Equation

Tue, 24 Feb 2026 15:02:12 +0000

• Identity-First AI Security: Why CISOs Must Add Intent to the Equation February 24, 2026 10:02 AM 0 Author: Itamar Apelblat, CEO and Co-Founder, Token Security Not long ago, AI de

UK fines Reddit $19 million for using children's data unlawfully

Tue, 24 Feb 2026 14:54:24 +0000

• UK fines Reddit $19 million for using children’s data unlawfully February 24, 2026 09:54 AM 0 The UK Information Commissioner’s Office (ICO) has fined Reddit £14.47 million (over

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Tue, 24 Feb 2026 14:30:00 +0000

• Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.The most important of the newly patched vulnerabilities

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

Tue, 24 Feb 2026 14:21:00 +0000

• UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware A Russia-aligned threat actor has been observed targeting a European financial institution as

Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security

Tue, 24 Feb 2026 14:00:40 +0000

• Why OT Defenses Often Start Too Late Industrial organizations are facing a growing paradox in cybersecurity. • While operational technology (OT) environments are increasingly con

CISO Conversations: Timothy Youngblood; 4x Fortune 500 CISO/CSO

Tue, 24 Feb 2026 14:00:00 +0000

• Timothy Youngblood didn’t set out to be a CISO, but he became CISO at four major enterprises, took on angel investing and won the Most Valued Member award at the Summer Investor

New 'Sandworm_Mode' Supply Chain Attack Hits NPM

Tue, 24 Feb 2026 13:40:35 +0000

• Security researchers have uncovered a new supply chain attack targeting the NPM registry with malicious code that exhibits worm-like propagation capabilities.DubbedSandworm_Mode,

As Cybersecurity Firms Chase AI, VC Market Skyrockets

Tue, 24 Feb 2026 13:04:04 +0000

• Investments in cybersecurity startups took off in 2025, as venture capital firms focused not just on AI-native tech, but talent as well.

Scaling security operations with Microsoft Defender autonomous defense and expert-led services

Tue, 24 Feb 2026 13:00:00 +0000

• Share Link copied to clipboard! • Content types Best practices Products and services Microsoft Defender Microsoft Security Experts Topics AI and agents Security management Securi

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Tue, 24 Feb 2026 12:26:53 +0000

• A vulnerability in GitHub Codespaces could have allowed attackers to take over repositories by injecting malicious Copilot instructions in a GitHub issue.The attack, Orca Securit

Is AI Good for Democracy?

Tue, 24 Feb 2026 12:06:13 +0000

• Is AI Good for Democracy? • Politicians fixate on the global race for technological supremacy between US and China. • They debate geopolitical implications of chip exports, lates

Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs

Tue, 24 Feb 2026 12:00:51 +0000

• The Taiwan-based cybersecurity firm TeamT5 has confirmed that the vulnerability added recently by CISA to its Known Exploited Vulnerabilities (KEV) catalog was likely exploited b

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

Tue, 24 Feb 2026 11:58:00 +0000

• Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or ‘what failed a control check.’ That approach breaks the moment your envir

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Tue, 24 Feb 2026 11:52:00 +0000

• Lazarus Group Uses Medusa Ransomware in Middle East and U.S. • Healthcare Attacks The North Korea-linkedLazarus Group(aka Diamond Sleet and Pompilus) has been observed using Medu

ShinyHunters extortion gang claims Odido breach affecting millions

Tue, 24 Feb 2026 11:40:20 +0000

• ShinyHunters extortion gang claims Odido breach affecting millions February 24, 2026 06:40 AM 0 The ShinyHunters extortion gang has claimed responsibility for breaching Dutch tel

North Korean Lazarus group linked to Medusa ransomware attacks

Tue, 24 Feb 2026 11:00:00 +0000

• North Korean Lazarus group linked to Medusa ransomware attacks February 24, 2026 06:00 AM 0 North Korean state-backed hackers associated with the Lazarus threat group are targeti

Anonymous Fénix Members Arrested in Spain

Tue, 24 Feb 2026 10:05:57 +0000

• Spanish authorities this week announced the arrest of four members of the Anonymous Fénix group for their involvement in distributed denial-of-service (DDoS) attacks.The suspects

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

Tue, 24 Feb 2026 09:54:00 +0000

• UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors The threat activity cluster known asUnsolicitedBookerhas been observed targeting telecommun

CrowdStrike 2026 Global Threat Report AI Evasive Adversary

Tue, 24 Feb 2026 08:32:40 +0000

• 2026 Global Threat Report highlights AI‑driven adversaries employing evasive tactics across industries. • Report identifies 59 zero‑day CVEs patched in February, underscoring rap

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Tue, 24 Feb 2026 06:04:00 +0000

• Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model Anthropic on Monday said it identified ‘industrial-scale campaigns’ mounted by three artificial intel

ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822, (Tue, Feb 24th)

Tue, 24 Feb 2026 02:00:02 +0000

• ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822 Handler on Duty: Johannes Ullrich Threat Level: green My next class: Application Security:

Android mental health apps with 14.7M installs filled with security flaws

Mon, 23 Feb 2026 22:59:04 +0000

• Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information. • In one of t

Spitting Cash: ATM Jackpotting Attacks Surged in 2025

Mon, 23 Feb 2026 22:20:08 +0000

• The attacks cost banks more than $20 million in losses last year, as criminals used many of the same tools and tactics they have wielded for more than a decade. • The attacks cos

More Than Dashboards: AI Decisions Must Be Provable

Mon, 23 Feb 2026 22:18:18 +0000

• AI systems have to be able to show a record of what happened and how.

Spain arrests suspected hacktivists for DDoSing govt sites

Mon, 23 Feb 2026 21:59:42 +0000

• Spain arrests suspected hacktivists for DDoSing govt sites February 23, 2026 04:59 PM 0 Spanish authorities have arrested four alleged members of a hacktivist group believed to h

Iran's MuddyWater Targets Orgs With Fresh Malware as Tensions Mount

Mon, 23 Feb 2026 20:35:12 +0000

• Threat Intelligence Cyberattacks & Data Breaches Endpoint Security Remote Workforce News Breaking cybersecurity news, news analysis, commentary, and other content from around the

Enigma Cipher Device Still Holds Secrets for Cyber Pros

Mon, 23 Feb 2026 20:11:27 +0000

• The Nazi relic’s history is riddled with resilience errors, and those lessons still apply to defending against modern cyber threats. • The Nazi relic’s history is riddled with re

APT28 Targeted European Entities Using Webhook-Based Macro Malware

Mon, 23 Feb 2026 19:41:00 +0000

• APT28 Targeted European Entities Using Webhook-Based Macro Malware The Russia-linkedstate-sponsored threat actortracked asAPT28has been attributed to a new campaign targeting spe

Microsoft says bug in classic Outlook hides the mouse pointer

Mon, 23 Feb 2026 19:40:42 +0000

• Microsoft says bug in classic Outlook hides the mouse pointer February 23, 2026 02:40 PM 1 Microsoft is investigating a known issue that causes the mouse pointer to disappear in

600+ FortiGate Devices Hacked by AI-Armed Amateur

Mon, 23 Feb 2026 19:37:59 +0000

• A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks. • A Russian-speak

Ad tech firm Optimizely confirms data breach after vishing attack

Mon, 23 Feb 2026 18:04:01 +0000

• Ad tech firm Optimizely confirms data breach after vishing attack February 23, 2026 01:04 PM 0 New York-based ad tech company Optimizely has notified an undisclosed number of cus

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Mon, 23 Feb 2026 17:59:00 +0000

• Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromise

The Art of Deception: How Threat Actors Master Typosquatting Campaigns to Bypass Detection

Mon, 23 Feb 2026 16:30:19 +0000

• FeaturedThe Art of Deception: How Threat Actors Master Typosquatting Campaigns to Bypass DetectionFeb 23, 2026Introducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interact

US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach

Mon, 23 Feb 2026 15:35:32 +0000

• Nearly 140,000 people are affected by a data breach disclosed by healthcare diagnostic company Vikor Scientific.The number of affected individuals came to light in recent days on

When identity isn't the weak link, access still is

Mon, 23 Feb 2026 15:00:10 +0000

• For years, identity has been treated as the foundation of workforce security. • If an organization could reliably confirm who a user was, the assumption followed that access coul

Another day, another malicious JPEG, (Mon, Feb 23rd)

Mon, 23 Feb 2026 14:26:39 +0000

• Another day, another malicious JPEG In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. • At that po

Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud

Mon, 23 Feb 2026 13:38:19 +0000

• A Ukrainian national was sentenced to five years in a US prison for selling stolen identities to fraudulent North Korean workers and for facilitating the operation of laptop farm

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Mon, 23 Feb 2026 13:00:00 +0000

• Security news rarely moves in a straight line. • This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public vie

Autonomous AI Agents Provide New Class of Supply Chain Attack

Mon, 23 Feb 2026 12:30:00 +0000

• Found in Clawhub, promoted on Moltbook, Bob-ptp is an ongoing active agent-based crypto scam.It’s ironic that new technology often defies the fundamental security rule of zero tr

On the Security of Password Managers

Mon, 23 Feb 2026 12:03:33 +0000

• On the Security of Password Managers Good article on password managers that secretly have a backdoor. • New research shows that these claims aren’t true in all cases, particularl

How Exposed Endpoints Increase Risk Across LLM Infrastructure

Mon, 23 Feb 2026 11:58:00 +0000

• How Exposed Endpoints Increase Risk Across LLM Infrastructure As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and

Romanian Hacker Pleads Guilty to Selling Access to US State Network

Mon, 23 Feb 2026 11:53:35 +0000

• A Romanian national pleaded guilty in a US court to selling unauthorized access to an Oregon state government office’s network.The man, Catalin Dragomir, 45, of Constanta, Romani

Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS

Mon, 23 Feb 2026 11:34:35 +0000

• Over 600 Fortinet FortiGate firewall instances have been hacked in an AI-powered campaign that exploits exposed ports and weak credentials, AWS reports.The attacks, observed betw

Mississippi Hospital System Closes All Clinics After Ransomware Attack

Mon, 23 Feb 2026 10:29:13 +0000

• A ransomware attack forced the University of Mississippi Medical Center to close all of its roughly three dozen clinics around the state and cancel elective procedures for a seco

CrowdStrike Named a Customers’ Choice in 2026 Gartner Peer Insights™ Voice of the Customer for Application Security Posture Management Tools

Mon, 23 Feb 2026 10:24:20 +0000

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

What Security Teams Need to Know About OpenClaw, the AI Super Agent

Mon, 23 Feb 2026 10:24:20 +0000

• OpenClaw is CrowdStrike’s AI super agent for automated threat hunting. • It orchestrates data from multiple sensors to identify suspicious activity. • AI models continuously lear

Advanced Web Shell Detection and Prevention: A Deep Dive into CrowdStrike's Linux Sensor Capabilities

Mon, 23 Feb 2026 10:24:19 +0000

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

CrowdStrike Named Customers' Choice Attack Surface Management

Mon, 23 Feb 2026 10:24:19 +0000

• Gartner named CrowdStrike the sole Customers’ Choice for External Attack Surface Management. • Falcon X provides continuous visibility into cloud, on‑prem, and SaaS attack surfac

Human‑AI Feedback Loop Powering CrowdStrike Agentic Security

Mon, 23 Feb 2026 10:24:16 +0000

• Human‑AI feedback loop enhances threat detection by combining analyst intuition with machine learning insights. • CrowdStrike’s Agentic Security framework empowers analysts to gu

Scale SOC Automation Falcon Fusion SOAR

Mon, 23 Feb 2026 10:24:16 +0000

• Falcon Fusion SOAR automates SOC workflows across security tools. • Low‑code platform accelerates incident response times. • AI‑powered playbooks prioritize high‑impact alerts. •

CrowdStrike Named Customers' Choice 2026 Gartner Peer Insights Voice User Authentication

Mon, 23 Feb 2026 10:24:15 +0000

• CrowdStrike awarded Customers’ Choice for user authentication in 2026. • Recognition reflects high customer satisfaction and product reliability. • Falcon platform offers multi‑f

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Mon, 23 Feb 2026 10:20:00 +0000

• Cybersecurity researchers have disclosed what they say is an active ‘Shai-Hulud-like’ supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm package

PayPal Data Breach Led to Fraudulent Transactions

Mon, 23 Feb 2026 09:13:25 +0000

• PayPal disclosed a data breach affecting personal info of ~100 customers. • Breach caused by coding error in PayPal Working Capital loan application. • Exposed data included name

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

Mon, 23 Feb 2026 07:25:00 +0000

• MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP The Iranian hacking group known asMuddyWater(aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targ

ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820, (Mon, Feb 23rd)

Mon, 23 Feb 2026 02:45:11 +0000

• ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820 Handler on Duty: Johannes Ullrich Threat Level: green My next class: Application Security: S

Arkanix Stealer pops up as short-lived AI info-stealer experiment

Sun, 22 Feb 2026 15:33:26 +0000

• Arkanix Stealer pops up as short-lived AI info-stealer experiment February 22, 2026 10:33 AM 0 An information-stealing malware operation named Arkanix Stealer, promoted on multip

Predator spyware hooks iOS SpringBoard to hide mic, camera activity

Sat, 21 Feb 2026 16:13:24 +0000

• Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. • The malware does not exploit any iOS vulne

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

Sat, 21 Feb 2026 14:49:00 +0000

• AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercia

Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks

Sat, 21 Feb 2026 13:50:58 +0000

• Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks February 21, 2026 08:50 AM 0 Amazon is warning that a Russian-speaking hacker used multiple generative AI s

Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks

Sat, 21 Feb 2026 13:50:58 +0000

• Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks February 21, 2026 08:50 AM 0 Article updated at the bottom with additional technical details about this camp

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Sat, 21 Feb 2026 07:58:00 +0000

• Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Clau

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

Sat, 21 Feb 2026 07:21:00 +0000

• CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog The U.S. • Cybersecurity and Infrastructure Security Agency (CISA) on Fridayaddedtwo security flaws impacting Roun

Japanese-Language Phishing Emails, (Sat, Feb 21st)

Sat, 21 Feb 2026 06:03:36 +0000

• Japanese-Language Phishing Emails Introduction For at least the past year or so, I’ve been receiving Japanese-language phishing emails to my blog email addresses at @malware-traf

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

Sat, 21 Feb 2026 04:30:00 +0000

• EC-Council Expands AI Certification Portfolio to Strengthen U.S. • AI Workforce Readiness and Security With $5.5 trillion in global AI risk exposure and 700,000 U.S. • workers ne

Friday Squid Blogging: Squid Cartoon

Fri, 20 Feb 2026 22:05:15 +0000

• Friday Squid Blogging: Squid Cartoon I like this one. • As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. • As usu

Attackers Use New Tool to Scan for React2Shell Exposure

Fri, 20 Feb 2026 21:07:07 +0000

• Researchers say threat actors wielded the sophisticated - and unfortunately named - toolkit to target high-value networks for React2Shell exploitation • Cybersecurity researchers

'Starkiller' Phishing Service Proxies Real Login Pages, MFA

Fri, 20 Feb 2026 20:00:30 +0000

• Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and securi

'God-Like' Attack Machines: AI Agents Ignore Security Policies

Fri, 20 Feb 2026 18:31:58 +0000

• Microsoft Copilot recently summarized and leaked user emails; but any AI agent will go above and beyond to complete assigned tasks, even breaking through their carefully designed

Japanese tech giant Advantest hit by ransomware attack

Fri, 20 Feb 2026 18:30:44 +0000

• Japanese tech giant Advantest hit by ransomware attack February 20, 2026 01:30 PM 0 Advantest Corporation disclosed that its corporate network has been targeted in a ransomware a

Lessons From AI Hacking: Every Model, Every Layer Is Risky

Fri, 20 Feb 2026 18:02:02 +0000

• Application Security Cyber Risk Cybersecurity Operations Vulnerabilities & Threats News Lessons From AI Hacking: Every Model, Every Layer Is Risky After two years of finding flaw

Data breach at French bank registry impacts 1.2 million accounts

Fri, 20 Feb 2026 16:20:40 +0000

• Data breach at French bank registry impacts 1.2 million accounts February 20, 2026 11:20 AM 0 The French Ministry of Finance has disclosed a cybersecurity incident that impacted

NIST's Quantum Breakthrough: Single Photons Produced on a Chip

Fri, 20 Feb 2026 15:48:12 +0000

• NIST has developed a chip that reliably emits a single photon on demand. • This ability will improve the efficiency of QKD (quantum key distribution) as we prepare for the arriva

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Fri, 20 Feb 2026 15:45:00 +0000

• BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTru

In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI

Fri, 20 Feb 2026 15:30:00 +0000

• SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.We provide a valuable summary of stories th

Why the shift left dream has become a nightmare for security and developers

Fri, 20 Feb 2026 14:45:54 +0000

• Why the shift left dream has become a nightmare for security and developers February 20, 2026 09:45 AM 0 Written by Ivan Milenkovic, Vice President Risk Technology EMEA, Qualys F

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Fri, 20 Feb 2026 14:20:00 +0000

• Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered cod

Latin America's Cyber Maturity Lags Threat Landscape

Fri, 20 Feb 2026 14:00:00 +0000

• Threat Intelligence Cyber Risk Cybersecurity Operations Cyberattacks & Data Breaches News Breaking cybersecurity news, news analysis, commentary, and other content from around th

PayPal discloses data breach that exposed user info for 6 months

Fri, 20 Feb 2026 13:12:01 +0000

• PayPal disclosed a data breach affecting PPWC loan app, exposing sensitive info for 6 months. • Breach spanned July 1 to December 13, 2025, revealing names, emails, phone, busine

Ring Cancels Its Partnership with Flock

Fri, 20 Feb 2026 12:08:51 +0000

• • February 20, 2026 11:39 AM Can we read something that is not behind a paywall? • Clive Robinson • February 20, 2026 2:57 PM @ Who?, ALL, ‘Can we read something that is not behi

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

Fri, 20 Feb 2026 11:55:00 +0000

• ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware Cybersecurity researchers have disclosed details of a newClickFixcampaign that abuses compromised legitimate

Mississippi medical center closes all clinics after ransomware attack

Fri, 20 Feb 2026 11:50:14 +0000

• The University of Mississippi Medical Center (UMMC) closed all its clinic locations statewide on Thursday following a ransomware attack. • UMMC has over 10,000 employees and, as

FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025

Fri, 20 Feb 2026 11:05:26 +0000

• A flash alert published on Thursday by the FBI warns of an increase in malware-enabled ATM jackpotting attacks in the United States.According to the agency, roughly 1,900 ATM jac

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026

Fri, 20 Feb 2026 10:30:00 +0000

• One in three cyber-attacks now involve compromised employee accounts, driving insurers to focus on identity posture. • Password hygiene, privileged access management, and MFA cov

FBI: Over $20 million stolen in surge of ATM malware attacks in 2025

Fri, 20 Feb 2026 10:08:49 +0000

• The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM ‘jackpotting’ attacks, in which criminals use malware to force cash machines to dis

Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case

Fri, 20 Feb 2026 09:52:00 +0000

• Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case A 29-year-old Ukrainian national has beensentenced to five years in prisonin the U.S. • for his role i

Chip Testing Giant Advantest Hit by Ransomware

Fri, 20 Feb 2026 09:31:29 +0000

• Japanese chip testing giant Advantest Corporation (TSE: 6857) has been targeted in a ransomware attack.Advantest makes automatic test equipment for the semiconductor industry. •

CrowdStrike Named a Customers’ Choice in 2026 Gartner Peer Insights™ Voice of the Customer for Application Security Posture Management Tools

Fri, 20 Feb 2026 09:30:28 +0000

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

Advanced Web Shell Detection and Prevention: A Deep Dive into CrowdStrike's Linux Sensor Capabilities

Fri, 20 Feb 2026 09:30:27 +0000

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

What Security Teams Need to Know About OpenClaw, the AI Super Agent

Fri, 20 Feb 2026 09:30:27 +0000

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

CrowdStrike Is the Only Vendor to Be Named a Customers’ Choice in 2025 Gartner® Voice of the Customer for External Attack Surface Management

Fri, 20 Feb 2026 09:30:26 +0000

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

Inside the Human-AI Feedback Loop Powering CrowdStrike’s Agentic Security

Fri, 20 Feb 2026 09:30:25 +0000

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

Ukrainian gets 5 years for helping North Koreans infiltrate US firms

Fri, 20 Feb 2026 09:00:15 +0000

• Ukrainian gets 5 years for helping North Koreans infiltrate US firms February 20, 2026 04:00 AM 0 A Ukrainian national was sentenced to five years in prison for providing North K

FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025

Fri, 20 Feb 2026 08:05:00 +0000

• FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 The U.S. • Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents

Former Google Engineers Indicted Over Trade Secret Transfers to Iran

Fri, 20 Feb 2026 05:27:00 +0000

• Former Google Engineers Indicted Over Trade Secret Transfers to Iran Two former Google engineers and one of their husbands have beenindictedin the U.S. • for allegedly committing

Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran

Fri, 20 Feb 2026 05:27:00 +0000

• Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran Two former Google engineers and one of their husbands have beenindictedin the U.S. • for allegedly comm

ISC Stormcast For Friday, February 20th, 2026 https://isc.sans.edu/podcastdetail/9818, (Fri, Feb 20th)

Fri, 20 Feb 2026 02:00:02 +0000

• ISC Stormcast For Friday, February 20th, 2026 https://isc.sans.edu/podcastdetail/9818 Handler on Duty: Johannes Ullrich Threat Level: green My next class: Application Security: S

Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges

Thu, 19 Feb 2026 23:17:19 +0000

• As scaled-down circuits with limited functions redefine computing for AI systems and autonomous vehicles, their flexibility demands new approaches to safeguard critical infrastru

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

Thu, 19 Feb 2026 23:00:55 +0000

• Executive Summary On Feb. • 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. • BeyondTrust is an identity and access management platform. • This specifi

PromptSpy is the first known Android malware to use generative AI at runtime

Thu, 19 Feb 2026 22:36:25 +0000

• PromptSpy is the first known Android malware to use generative AI at runtime February 19, 2026 05:36 PM 0 Researchers have discovered the first known Android malware to use gener

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

Thu, 19 Feb 2026 22:33:59 +0000

• Application Security Cyber Risk Cyberattacks & Data Breaches Vulnerabilities & Threats News Supply Chain Attack Secretly Installs OpenClaw for Cline Users The malicious version o

Best-in-Class 'Starkiller' Phishing Kit Bypasses MFA

Thu, 19 Feb 2026 22:06:58 +0000

• A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites.

Abu Dhabi Finance Week Exposed VIP Passport Details

Thu, 19 Feb 2026 20:50:14 +0000

• Unprotected cloud data sends the wrong signal at a time when the emirate’s trying to attract investors and establish itself as a global financial center.

Under the Hood of DynoWiper, (Thu, Feb 19th)

Thu, 19 Feb 2026 19:43:30 +0000

• Under the Hood of DynoWiper [This is a Guest Diary contributed by John Moutos] Overview In this post, I’m going over my analysis of DynoWiper, a wiper family that was discovered

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

Thu, 19 Feb 2026 17:52:00 +0000

• PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence Cybersecurity researchers have discovered what they say is the first Android malware that abuses Ge

INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown

Thu, 19 Feb 2026 17:50:00 +0000

• INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown An international cybercrime operation against online scams has led to 651 arrests and recovered more t

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Thu, 19 Feb 2026 17:40:00 +0000

• Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an atta

Google blocked over 1.75 million Play Store app submissions in 2025

Thu, 19 Feb 2026 17:00:00 +0000

• Google blocked over 1.75 million Play Store app submissions in 2025 February 19, 2026 12:00 PM 0 Google says that through 2025, it blocked more than 255,000 Android apps from obt

New e-book: Establishing a proactive defense with Microsoft Security Exposure Management

Thu, 19 Feb 2026 17:00:00 +0000

• Share Link copied to clipboard! • Content types Best practices Topics Data security Network security Security management Effective exposure management begins by illuminating and

Running OpenClaw safely: identity, isolation, and runtime risk

Thu, 19 Feb 2026 16:27:00 +0000

• Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. • The

Connected & Compromised: When IoT Devices Turn Into Threats

Thu, 19 Feb 2026 15:18:23 +0000

• Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things’ attack surfaces more dangerous.

Connected and Compromised: When IoT Devices Turn Into Threats

Thu, 19 Feb 2026 15:18:23 +0000

• Reused passwords, a lack of network segmentation, and poor sanitization processes make the Internet of Things’ attack surfaces more dangerous.

How infostealers turn stolen credentials into real identities

Thu, 19 Feb 2026 15:05:15 +0000

• How infostealers turn stolen credentials into real identities February 19, 2026 10:05 AM 0 Modern infostealers have expanded credential theft far beyond usernames and passwords.

French Government Says 1.2 Million Bank Accounts Exposed in Breach

Thu, 19 Feb 2026 15:02:58 +0000

• France’s Ministry of Economy on Wednesday disclosed a breach that exposed information on 1.2 million bank accounts.Investigators discovered unauthorized access to the national ba

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

Thu, 19 Feb 2026 14:35:00 +0000

• OpenSSL RCE vulnerability threatens legacy systems, demanding urgent patching across enterprises. • Foxit PDF zero-days expose document readers to remote code execution, affectin

Nigerian man gets eight years in prison for hacking tax firms

Thu, 19 Feb 2026 13:51:49 +0000

• Nigerian man gets eight years in prison for hacking tax firms February 19, 2026 08:51 AM 0 A Nigerian national was sentenced to eight years in prison for hacking multiple tax pre

Nearly 1 Million User Records Compromised in Figure Data Breach

Thu, 19 Feb 2026 13:19:08 +0000

• Nearly 1 million user records have been compromised in a data breach at blockchain-powered lender Figure Technology Solutions.The companyconfirmedto TechCrunch that it suffered a

Texas sues TP-Link over Chinese hacking risks, user deception

Thu, 19 Feb 2026 12:36:51 +0000

• Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware v

Hackers target Microsoft Entra accounts in device code vishing attacks

Thu, 19 Feb 2026 12:30:37 +0000

• Hackers target Microsoft Entra accounts via device code vishing, exploiting OAuth 2.0 flow. • Attack uses legitimate OAuth client IDs, bypassing phishing sites and standard login

Venice Security Emerges From Stealth With $33M Funding for Privileged Access Management

Thu, 19 Feb 2026 12:23:41 +0000

• Venice Security on Wednesday emerged from stealth mode with $33 million in funding for its adaptive enterprise privileged access management platform.The company, formerly named V

Malicious AI

Thu, 19 Feb 2026 12:05:39 +0000

• Malicious AI Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reput

From Exposure to Exploitation: How AI Collapses Your Response Window

Thu, 19 Feb 2026 11:55:00 +0000

• From Exposure to Exploitation: How AI Collapses Your Response Window We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just

Police arrests 651 suspects in African cybercrime crackdown

Thu, 19 Feb 2026 11:24:17 +0000

• Police arrests 651 suspects in African cybercrime crackdown February 19, 2026 06:24 AM 0 African law enforcement agencies arrested 651 suspects and recovered over $4.3 million in

Arkanix Stealer: a C++ & Python infostealer

Thu, 19 Feb 2026 11:00:49 +0000

• Introduction In October 2025, we discovered a series of forum posts advertising a previously unknown stealer, dubbed ‘Arkanix Stealer’ by its authors. • It operated under a MaaS

OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts

Thu, 19 Feb 2026 11:00:00 +0000

• OpenClaw is rarely out of the news, but not necessarily under that name. • This ‘autonomous personal assistant’ started life as Clawdbot, changed its name to Moltbot, and is now

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Thu, 19 Feb 2026 10:24:00 +0000

• Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users Cybersecurity researchers have disclosed details of a new Android trojan calledMassivthat’s designed t

New 'Massiv' Android banking malware poses as an IPTV app

Thu, 19 Feb 2026 10:00:00 +0000

• New ‘Massiv’ Android banking malware poses as an IPTV app February 19, 2026 05:00 AM 0 A new Android banking malware, which researchers named Massiv, is posing as an IPTV app to

German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack

Thu, 19 Feb 2026 09:16:20 +0000

• Deutsche Bahn, Germany’s national rail operator, has been dealing with a large-scale distributed denial-of-service (DDoS) attack that has disrupted some of its IT systems.Regular

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

Thu, 19 Feb 2026 08:13:00 +0000

• CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware Cybersecurity researchers have disclosed details of a new campaign dubbedCRESCENTHARVEST, likely targeti

February 2026 Patch Tuesday: Six Zero-Days Among 59 CVEs Patched

Thu, 19 Feb 2026 07:30:39 +0000

• Patch Tuesday 2026 fixed 59 CVEs, including six critical zero‑days. • CVE‑2026‑21533: Windows Remote Desktop elevation of privilege, CVSS 7.8. • Exploit modifies service config k

More Than 40% of South Africans Were Scammed in 2025

Thu, 19 Feb 2026 07:00:00 +0000

• Survey underscores the reality that scammers follow ‘scalable opportunities and low friction,’ rather than rich targets that tend to be better protected.

ISC Stormcast For Thursday, February 19th, 2026 https://isc.sans.edu/podcastdetail/9816, (Thu, Feb 19th)

Thu, 19 Feb 2026 02:00:03 +0000

• ISC Stormcast For Thursday, February 19th, 2026 https://isc.sans.edu/podcastdetail/9816 Handler on Duty: Johannes Ullrich Threat Level: green My next class: Application Security:

Exposing Insider Threats through Data Protection, Identity, and HR Context

Wed, 18 Feb 2026 22:30:29 +0000

• Insider threats pose a growing risk to organizations. • Whether insiders take malicious actions, exhibit negligent behavior, or make accidental errors, they have the potential to

Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto

Wed, 18 Feb 2026 21:47:01 +0000

• A convincing presale site for phony ‘Google Coin’ features an AI assistant that engages victims with a slick sales pitch, funneling payment to attackers.

Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot

Wed, 18 Feb 2026 21:15:08 +0000

• CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw

Wed, 18 Feb 2026 20:58:20 +0000

• Critical infra Honeywell CCTVs vulnerable to auth bypass flaw February 18, 2026 03:58 PM 0 The U.S. • Cybersecurity and Infrastructure Security Agency (CISA) is warning of a crit

Threat Intelligence Has a Human-Shaped Blind Spot

Wed, 18 Feb 2026 20:56:22 +0000

• How I realized what I was taught to about threat intelligence was missing something crucial.

Dell's Hard-Coded Flaw: A Nation-State Goldmine

Wed, 18 Feb 2026 20:49:36 +0000

• A China-related attacker has exploited the vendor flaw since mid-2024, allowing it to move laterally, maintain persistent access, and deploy malware.

AI platforms can be abused for stealthy malware communication

Wed, 18 Feb 2026 20:18:24 +0000

• AI platforms can be abused for stealthy malware communication February 18, 2026 03:18 PM 0 AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabi

A CISO's Playbook for Defending Data Assets Against AI Scraping

Wed, 18 Feb 2026 19:13:33 +0000

• Cyber Risk Commentary Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry expe

AI Unlocked Decoding Prompt Injection Interactive Challenge

Wed, 18 Feb 2026 18:30:25 +0000

• AI Unlocked challenge focuses on detecting and mitigating prompt injection attacks. • Participants learn to craft prompts that resist malicious manipulation by LLMs. • Interactiv

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist's Phone in Police Custody

Wed, 18 Feb 2026 17:30:00 +0000

• Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody New research from the Citizen Lab has found signs that Kenyan authorities used a commercialfor

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Wed, 18 Feb 2026 16:35:00 +0000

• Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 seri

Telegram channels expose rapid weaponization of SmarterMail flaws

Wed, 18 Feb 2026 16:27:38 +0000

• SmarterMail CVE-2026-24423 and CVE-2026-23760 enable remote code execution and auth bypass. • Attackers weaponized these flaws within days of disclosure, sharing exploits on Tele

Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages

Wed, 18 Feb 2026 16:26:53 +0000

• Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages February 18, 2026 11:26 AM 0 Microsoft says an Exchange Online issue that mistakenly quarantined legitima

New Keenadu Android Malware Found on Thousands of Devices

Wed, 18 Feb 2026 15:41:25 +0000

• Researchers at Kaspersky have analyzed a recently discovered Android malware that enables its operators to remotely control compromised devices.DubbedKeenadu, the backdoor has be

Cogent Security Raises $42 Million for AI-Driven Vulnerability Management

Wed, 18 Feb 2026 14:47:07 +0000

• Cogent Security raises $42M Series A, total funding now $53M. • Funding led by Bain Capital Ventures, joined by Greylock, OpenAI execs, Datadog. • Company develops autonomous AI

Data breach at fintech firm Figure affects nearly 1 million accounts

Wed, 18 Feb 2026 14:01:08 +0000

• Hackers breached Figure Technology Solutions, stealing personal data of nearly 1 million accounts. • Attack was a social‑engineering phishing that tricked an employee into giving

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Wed, 18 Feb 2026 13:16:19 +0000

• 16 critical, high, and medium‑severity vulnerabilities found in Foxit and Apryse PDF platforms. • Flaws include DOM XSS, SSRF, path traversal, and OS command injection. • Attacke

AI Found Twelve New Vulnerabilities in OpenSSL

Wed, 18 Feb 2026 12:03:10 +0000

• AI Found Twelve New Vulnerabilities in OpenSSL The title of the post is’What AI Security Research Looks Like When It Works,’ and I agree: In the latest OpenSSL security release>

Microsoft says bug causes Copilot to summarize confidential emails

Wed, 18 Feb 2026 12:03:05 +0000

• Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies th

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

Wed, 18 Feb 2026 11:58:00 +0000

• In 2025, navigating the digital seas still felt like a matter of direction. • Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resi

Glendale man gets 5 years in prison for role in darknet drug ring

Wed, 18 Feb 2026 10:50:50 +0000

• Glendale man gets 5 years in prison for role in darknet drug ring February 18, 2026 05:50 AM 0 A Glendale man was sentenced to nearly five years in federal prison for his role i

3 Ways to Start Your Intelligent Workflow Program

Wed, 18 Feb 2026 10:30:00 +0000

• 3 Ways to Start Your Intelligent Workflow Program Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock

Palo Alto Networks to Acquire Koi in Reported $400 Million Transaction

Wed, 18 Feb 2026 08:24:46 +0000

• Palo Alto Networks announced on Tuesday that it has entered into a definitive agreement to acquire endpoint security company Koi.Financial details have not been disclosed by the

Tracking Malware Campaigns With Reused Material, (Wed, Feb 18th)

Wed, 18 Feb 2026 08:19:42 +0000

• Tracking Malware Campaigns With Reused Material A few days ago I wrote a diary called ‘Malicious Script Delivering More Maliciousness’[1]. • In the malware infection chain, there

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Wed, 18 Feb 2026 07:40:00 +0000

• Notepad++ released 8.9.2 patch to fix hijacked update mechanism exploited by Chinese threat actor. • Introduces ‘double lock’ design, verifying signed installer and XML from upda

Singapore & Its 4 Major Telcos Fend Off Chinese Hackers

Wed, 18 Feb 2026 01:00:00 +0000

• Singapore’s CSA and four telcos launched ‘Cyber Guardian’ to counter China-linked UNC3886.\n• 100+ incident responders coordinated across government and M1, Singtel, StarHub, Sim

Spain orders NordVPN and ProtonVPN to block LaLiga stream piracy

Tue, 17 Feb 2026 23:15:49 +0000

• Spanish court orders NordVPN and ProtonVPN to block 16 sites facilitating LaLiga match piracy. • Restrictions apply to a dynamic IP list in Spain, with no appeal rights for VPNs.

Supply Chain Attack Embeds Malware in Android Devices

Tue, 17 Feb 2026 22:06:36 +0000

• Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.

Poland Energy Survives Attack on Wind, Solar Infrastructure

Tue, 17 Feb 2026 21:31:50 +0000

• Russia-aligned groups are probable culprits behind the wiper attacks against renewable energy farms, a manufacturer, and a heating and power plant.

Flaws in popular VSCode extensions expose developers to attacks

Tue, 17 Feb 2026 21:27:12 +0000

• Flaws in popular VSCode extensions expose developers to attacks February 17, 2026 04:27 PM 0 Vulnerabilities with high to critical severity ratings affecting popular Visual Studi

RMM Abuse Explodes as Hackers Ditch Malware

Tue, 17 Feb 2026 21:01:26 +0000

• RMM tools are increasingly used as primary attack vectors, replacing traditional malware. • Attackers leverage RMM’s remote access to maintain stealth and persistence. • RMM’s bu

ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT

Tue, 17 Feb 2026 21:01:02 +0000

• ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

Critical Vulnerabilities in Ivanti EPMM Exploited

Tue, 17 Feb 2026 20:35:02 +0000

• Executive Summary Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild

Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster

Tue, 17 Feb 2026 19:08:00 +0000

• Cloud attacks outpace traditional incident response, infrastructure vanishes in minutes. • Manual log stitching gives attackers advantage; automated, context-aware forensics need

Notepad++ boosts update security with 'double-lock' mechanism

Tue, 17 Feb 2026 18:29:18 +0000

• Notepad++ introduces a double‑lock update system, verifying signed installers from GitHub and XML from its domain. • The new design eliminates DLL side‑loading by removing libcur

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Tue, 17 Feb 2026 18:08:00 +0000

• AI assistants like Copilot and Grok can be hijacked as stealthy C2 proxies, blending into legitimate traffic. • Check Point researchers demonstrated the technique using anonymous

Unify now or pay later: New research exposes the operational cost of a fragmented SOC

Tue, 17 Feb 2026 17:00:00 +0000

• Share Link copied to clipboard! • Content types Industry trends Topics AI and agents Defending against advanced tactics Security management Security operations SIEM and XDR Secur

Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

Tue, 17 Feb 2026 16:41:00 +0000

• Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates A new Android backdoor that’s embedded deep into the device firmware can silently harvest data and remote

VulnCheck Raises $25 Million in Series B Funding to Scale Vulnerability Intelligence

Tue, 17 Feb 2026 16:00:04 +0000

• Vulnerability intelligence company VulnCheck announced on Tuesday that it has raised $25 million to meet demand for its solutions.The Series B funding round, which brings the tot

Microsoft Teams outage affects users in United States, Europe

Tue, 17 Feb 2026 15:37:45 +0000

• Microsoft Teams experiencing widespread outage across US and Europe, disrupting meetings and chat functionality. • Users report delays and failures when sending or receiving inli

What 5 Million Apps Revealed About Secrets in JavaScript

Tue, 17 Feb 2026 14:40:49 +0000

• What 5 Million Apps Revealed About Secrets in JavaScript February 17, 2026 09:40 AM 0 Leaked API keys are nothing new, but the scale of the problem in front-end code has been lar

New Keenadu backdoor found in Android firmware, Google Play apps

Tue, 17 Feb 2026 14:05:25 +0000

• Keenadu: sophisticated Android malware embedded in firmware across multiple device brands. • Distributes via OTA firmware, system apps, unofficial sources, and Google Play apps.

API Threats Grow in Scale as AI Expands the Blast Radius

Tue, 17 Feb 2026 14:00:00 +0000

• Application Programming Interfaces (APIs) remain an attacker-favored exploit route. • Aggressors continuously target common failures in identity, access control and exposed inter

Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems

Tue, 17 Feb 2026 14:00:00 +0000

• SecurityWeek’s Cyber Insights 2026 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. • We spoke to

Man Linked to Phobos Ransomware Arrested in Poland

Tue, 17 Feb 2026 12:54:34 +0000

• A 47-year-old man arrested by police in Poland for allegedly being involved in cybercriminal activities has been linked to the Phobos ransomware operation.According to Poland’s C

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Tue, 17 Feb 2026 12:42:00 +0000

• SmartLoader uses a trojanized Oura MCP server to deliver the StealC infostealer. • Threat actors cloned legitimate Oura MCP, creating fake forks to build credibility. • StealC st

Side-Channel Attacks Against LLMs

Tue, 17 Feb 2026 12:01:45 +0000

• Side-Channel Attacks Against LLMs Here are three papers describing different side-channel attacks against LLMs. • ‘Remote Timing Attacks on Efficient Language Model Inference’: A

Poland arrests suspect linked to Phobos ransomware operation

Tue, 17 Feb 2026 11:31:37 +0000

• Poland arrests suspect linked to Phobos ransomware operation February 17, 2026 06:31 AM 0 Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware

My Day Getting My Hands Dirty with an NDR System

Tue, 17 Feb 2026 11:30:00 +0000

• My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. • My g

3 Threat Groups Started Targeting ICS/OT in 2025: Dragos

Tue, 17 Feb 2026 11:05:26 +0000

• Dragos 9th Annual Report reveals three new OT/ICS threat groups active in 2025. • Sylvanite rapidly weaponizes n‑day vulnerabilities, enabling Voltzite to infiltrate critical inf

Ireland now also investigating X over Grok-made sexual images

Tue, 17 Feb 2026 10:02:21 +0000

• Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intel

Microsoft Finds 'Summarize with AI' Prompts Manipulating Chatbot Recommendations

Tue, 17 Feb 2026 09:31:00 +0000

• Microsoft Finds ‘Summarize with AI’ Prompts Manipulating Chatbot Recommendations New research from Microsoft has revealed that legitimate businesses are gaming artificial intelli

Password Managers Vulnerable to Vault Compromise Under Malicious Server

Tue, 17 Feb 2026 09:30:46 +0000

• ETH Zurich researchers tested zero‑knowledge password managers against fully malicious servers. • Bitwarden, Dashlane, LastPass, and 1Password were evaluated. • Attacks targeted

Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

Tue, 17 Feb 2026 09:00:35 +0000

• In April 2025, we reported on a then-new iteration of the Triada backdoor that had compromised the firmware of counterfeit Android devices sold across major marketplaces. • The m

CrowdStrike Falcon Scores Perfect 100% in SE Labs’ Most Challenging Ransomware Test

Tue, 17 Feb 2026 08:33:17 +0000

• FeaturedCrowdStrike Named a Customers’ Choice in 2026 Gartner® Peer Insights™ Voice of the Customer for User AuthenticationFeb 12, 2026How to Scale SOC Automation with Falcon Fus

Secure AI with CrowdStrike: Real-World Stories of Protecting AI Workloads and Data

Tue, 17 Feb 2026 08:33:17 +0000

• FeaturedCrowdStrike Named a Customers’ Choice in 2026 Gartner® Peer Insights™ Voice of the Customer for User AuthenticationFeb 12, 2026How to Scale SOC Automation with Falcon Fus

CrowdStrike Enhances Linux Sensor for Web Shell Detection

Tue, 17 Feb 2026 08:33:16 +0000

• CrowdStrike expands Linux sensor to detect malicious web shells in real time. • New detection engine uses behavioral analytics and signature matching for zero‑day threats. • Prev

CrowdStrike Wins 2026 Gartner Peer Insights Customer Choice

Tue, 17 Feb 2026 08:33:16 +0000

• CrowdStrike awarded Customer’s Choice in 2026 Gartner Peer Insights for user authentication. • Recognition reflects strong customer satisfaction and product performance across se

OpenClaw AI Super Agent: Key Insights for Security Teams

Tue, 17 Feb 2026 08:33:16 +0000

• OpenClaw automates threat detection and response across enterprise environments. • Seamless integration with CrowdStrike Falcon boosts SOC efficiency. • Human‑AI feedback loops r

CrowdStrike Named Customers' Choice in 2026 Gartner Voice

Tue, 17 Feb 2026 08:33:15 +0000

• CrowdStrike earns Customers’ Choice award in 2026 Gartner Peer Insights Voice of the Customer for User Authentication. • The accolade reflects strong customer satisfaction and pr

CrowdStrike's Agentic Security Powered by Human‑AI Feedback Loop

Tue, 17 Feb 2026 08:33:08 +0000

• CrowdStrike’s new Agentic Security framework blends human oversight with AI‑driven threat detection. • The system uses a continuous feedback loop where analysts refine AI models

CrowdStrike Named Customers' Choice User Authentication

Tue, 17 Feb 2026 08:33:07 +0000

• CrowdStrike recognized as Customers’ Choice for User Authentication in Gartner Peer Insights. • Falcon Identity Security delivers zero‑trust authentication across web, mobile, an

Scale SOC Automation with Falcon Fusion SOAR

Tue, 17 Feb 2026 08:33:07 +0000

• Falcon Fusion SOAR scales SOC automation by integrating AI‑driven playbooks and real‑time incident response. • The platform supports multi‑cloud environments, enabling consistent

Fake Incident Report Used in Phishing Campaign, (Tue, Feb 17th)

Tue, 17 Feb 2026 07:41:46 +0000

• Fake Incident Report Used in Phishing Campaign This morning, I received an interesting phishing email. • I’ve a ’love & hate’ relation with such emails because I always have the

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Tue, 17 Feb 2026 06:44:00 +0000

• Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (

ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812, (Tue, Feb 17th)

Tue, 17 Feb 2026 02:00:02 +0000

• ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812 Handler on Duty: Jan Kopriva Threat Level: green My next class: Application Security: Secur

Washington Hotel in Japan discloses ransomware infection incident

Mon, 16 Feb 2026 21:10:38 +0000

• Washington Hotel in Japan discloses ransomware infection incident February 16, 2026 04:10 PM 0 The Washington Hotel brand in Japan has announced that that its servers were compro

Man arrested for demanding reward after accidental police data leak

Mon, 16 Feb 2026 19:13:39 +0000

• Man arrested for demanding reward after accidental police data leak February 16, 2026 02:13 PM 1 Dutch authorities arrested a 40-year-old man after he downloaded confidential doc

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Mon, 16 Feb 2026 18:43:00 +0000

• Infostealer variant of Vidar exfiltrated OpenClaw AI agent config files. • Stolen files include openclaw.json, device.json, soul.md with tokens, keys, operational principles. • T

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Mon, 16 Feb 2026 18:06:00 +0000

• A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditi

Operation DoppelBrand: Weaponizing Fortune 500 Brands

Mon, 16 Feb 2026 18:05:55 +0000

• GS7 group exploits Fortune 500 brand trust, creating near‑perfect corporate portal replicas. • Targeted U.S. financial institutions, luring employees into credential theft. • Att

Infostealer malware found stealing OpenClaw secrets for first time

Mon, 16 Feb 2026 17:32:26 +0000

• Infostealer malware found stealing OpenClaw secrets for first time February 16, 2026 12:32 PM 0 With the massive adoption of the OpenClaw agentic AI assistant, information-steali

Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches

Mon, 16 Feb 2026 15:09:13 +0000

• South Korea’s Personal Information Protection Commission (PIPC) announced last week that it has issued significant fines to several major luxury brands over a recent hacker attac

Passwords to passkeys: Staying ISO 27001 compliant in a passwordless era

Mon, 16 Feb 2026 15:02:12 +0000

• One morning, you wake up and realize that your business has grown to the point where you can no longer afford to get into that old, worn-out diesel subcompact. • Instead, you sch

260K+ Chrome Users Duped by Fake AI Browser Extensions

Mon, 16 Feb 2026 14:00:00 +0000

• 30 copycat apps tricked users, and Google itself, into thinking they’re legitimate AI tools.

Android 17 Beta Strengthens Secure-by-Default Design for Privacy and App Security

Mon, 16 Feb 2026 13:50:36 +0000

• Google announced the first beta version of Android 17, which includes several privacy and security enhancements.Android developers have described several improvements related to

CISA Navigates DHS Shutdown With Reduced Staff

Mon, 16 Feb 2026 13:49:03 +0000

• CISAwill remain operational during the DHS shutdown that commenced at 12:01 a.m. • on Saturday, February 14, 2026, although at a reduced capacity. • KEV is one area that remains.

CISA gives feds 3 days to patch actively exploited BeyondTrust flaw

Mon, 16 Feb 2026 12:33:11 +0000

• CISA gives feds 3 days to patch actively exploited BeyondTrust flaw February 16, 2026 07:33 AM 1 The U.S. • Cybersecurity and Infrastructure Security Agency (CISA) ordered federa

The Promptware Kill Chain

Mon, 16 Feb 2026 12:04:01 +0000

• The Promptware Kill Chain Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. • Yet discussions around these attacks a

Microsoft Warns of ClickFix Attack Abusing DNS Lookups

Mon, 16 Feb 2026 11:56:12 +0000

• Microsoft has warned users that threat actors are leveraging a new variant of the ClickFix technique to deliver malware.TheClickFixattack method has been increasingly used in the

Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud

Mon, 16 Feb 2026 11:55:00 +0000

• Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud Technologies are evolving fast, reshaping economies, governance, and daily life. • Yet, as innova

Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash

Mon, 16 Feb 2026 11:40:34 +0000

• Amazon’s Ring ends partnership with police surveillance firm Flock Safety amid public backlash. • The decision follows a 30‑second Super Bowl ad featuring a lost dog and camera n

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Mon, 16 Feb 2026 10:24:00 +0000

• Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that’s being advertised on Telegram as a way to grab sensitive data and facili

2026 64-Bits Malware Trend, (Mon, Feb 16th)

Mon, 16 Feb 2026 07:46:36 +0000

• 2026 64-Bits Malware Trend In 2022 (time flies!), I wrote a diary about the 32-bits VS. • 64-bits malware landscape[1]. • It demonstrated that, despite the growing number of 64-b

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack - Patch Released

Mon, 16 Feb 2026 06:38:00 +0000

• New Chrome Zero-Day (CVE-2026-2441) Under Active Attack - Patch Released Google on Friday released security updates for its Chrome browser to address a security flaw that it said

Canada Goose investigating as hackers leak 600K customer records

Mon, 16 Feb 2026 04:45:32 +0000

• Canada Goose investigating as hackers leak 600K customer records February 15, 2026 11:45 PM 0 ShinyHunters, a well-known data extortion group, claims to have stolen more than 600

ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810, (Mon, Feb 16th)

Mon, 16 Feb 2026 02:00:02 +0000

• ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810 Handler on Duty: Jan Kopriva Threat Level: green My next class: Application Security: Securi

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Mon, 16 Feb 2026 00:29:00 +0000

• Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaign

Windows 11 KB5077181 fixes boot failures linked to failed updates

Sun, 15 Feb 2026 22:08:53 +0000

• Windows 11 KB5077181 fixes boot failures linked to failed updates February 15, 2026 05:08 PM 0 Microsoft says it has resolved a Windows 11 bug that caused some commercial systems

CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups

Sun, 15 Feb 2026 16:30:41 +0000

• CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups February 15, 2026 11:30 AM 0 CTM360 reports that more than 4,000 malicious Google Groups and 3,500

Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps

Sun, 15 Feb 2026 15:17:27 +0000

• Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps February 15, 2026 10:17 AM 0 Threat actors are abusing Pastebin comments to distribute a new ClickFix-sty

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Sun, 15 Feb 2026 14:10:00 +0000

• Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a

Upcoming Speaking Engagements

Sat, 14 Feb 2026 17:04:59 +0000

• Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking atOntario Tech Universityin Oshawa, Ontario, Canada, at 2 PM ET on Th

One threat actor responsible for 83% of recent Ivanti RCE attacks

Sat, 14 Feb 2026 16:02:34 +0000

• One threat actor responsible for 83% of recent Ivanti RCE attacks February 14, 2026 11:02 AM 0 Update: The article initially listed the wrong CVEs. • This has now been corrected

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

Sat, 14 Feb 2026 15:15:25 +0000

• Snail mail letters target Trezor and Ledger users in crypto-theft attacks February 14, 2026 10:15 AM 1 Threat actors are sending physical letters pretending to be from Trezor and

Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data

Sat, 14 Feb 2026 12:00:00 +0000

• Security researchers have discovered more than 300 Chrome extensions that leak browser data, spy on their users, or outright steal users’ data.Research focused on the analysis of

Phishing on the Edge of the Web and Mobile Using QR Codes

Fri, 13 Feb 2026 23:00:48 +0000

• Executive Summary This article explores the misuse of QR codes in today’s threat landscape, covering three areas of concern: - QR codes using URL shorteners to disguise malicious

Fake job recruiters hide malware in developer coding challenges

Fri, 13 Feb 2026 22:35:37 +0000

• Fake job recruiters hide malware in developer coding challenges February 13, 2026 05:35 PM 0 A new variation of the fake recruiter campaign from North Korean threat actors is tar

Friday Squid Blogging: Do Squid Dream?

Fri, 13 Feb 2026 22:08:39 +0000

• Friday Squid Blogging: Do Squid Dream? • An exploration of the interesting question. • An exploration of the interesting question. • Clive Robinson • February 14, 2026 2:08 AM @

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Fri, 13 Feb 2026 17:27:00 +0000

• Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organiz

Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks

Fri, 13 Feb 2026 17:08:59 +0000

• Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targete

Nation-State Hackers Put Defense Industrial Base Under Siege

Fri, 13 Feb 2026 17:07:24 +0000

• Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors’ networks.

AI Agents 'Swarm,' Security Complexity Follows Suit

Fri, 13 Feb 2026 16:49:39 +0000

• As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface.

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Fri, 13 Feb 2026 16:23:00 +0000

• Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations Several state-sponsored actors, hacktivist entities, and criminal groups from China,

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

Fri, 13 Feb 2026 15:23:00 +0000

• UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors A previously unknown threat actor tracked asUAT-9921has been observed leveraging a new modular framew

In Other News: Google Looks at AI Abuse, Trump Pauses China Bans, Disney's $2.7M Fine

Fri, 13 Feb 2026 15:01:16 +0000

• SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.We provide a valuable summary of stories th

Check Point Announces Trio of Acquisitions Amid Solid 2025 Earnings Beat

Fri, 13 Feb 2026 12:35:11 +0000

• Israeli cybersecurity firm Check Point Software Technologies (NASDAQ: CHKP) reported strong fourth-quarter and full-year 2025 financial performance while announcing three strateg

Dutch Carrier Odido Discloses Data Breach Impacting 6 Million

Fri, 13 Feb 2026 12:02:20 +0000

• Dutch mobile phone carrier Odido has disclosed a data breach impacting the personal information of over 6 million customers.The incident, the company said in anotice, occurred on

CISA Announces New Town Halls to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure

Fri, 13 Feb 2026 12:00:00 +0000

• CISA Announces New Town Halls to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure WASHINGTON - The Cybersecurity and Infrastructure Security Agenc

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Fri, 13 Feb 2026 11:25:00 +0000

• Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. • T

npm's Update to Harden Their Supply Chain, and Points to Consider

Fri, 13 Feb 2026 10:45:00 +0000

• npm’s Update to Harden Their Supply Chain, and Points to Consider In December 2025, in response to the Sha1-Hulud incident, npm completed amajor authentication overhaulintended t


AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)

Fri, 13 Feb 2026 03:04:48 +0000

• AI-Powered Knowledge Graph Generator & APTs Unstructured text to interactive knowledge graph via LLM & SPO triplet extraction Courtesy of TLDR InfoSec Launches & Tools again, ano

Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy - Again

Thu, 12 Feb 2026 22:05:32 +0000

• Endpoint Security Cyberattacks & Data Breaches Vulnerabilities & Threats Perimeter News Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy - Again It’s time to phase out the ‘patch a

Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense

Thu, 12 Feb 2026 21:23:06 +0000

• The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.

SpecterOps Launches BloodHound Scentry to Accelerate the Practice of Identity Attack Path Management

Thu, 12 Feb 2026 21:11:52 +0000

• Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging t

Gone With the Shame: One in Two Americans Are Reluctant to Talk About Romance Scam Incidents

Thu, 12 Feb 2026 21:04:25 +0000

• Men should take extra care on Valentine’s Day because they are nearly twice as likely as women to fall victim to romance scams.

Those 'Summarize With AI' Buttons May Be Lying to You

Thu, 12 Feb 2026 20:47:39 +0000

• Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull off.

Copilot Studio agent security: Top 10 risks you can detect and prevent

Thu, 12 Feb 2026 20:38:49 +0000

• Organizations are rapidly adopting Copilot Studio agents, but threat actors are equally fast at exploiting misconfigured AI workflows. • Mis-sharing, unsafe orchestration, and we

Detecting and mitigating common agent misconfigurations

Thu, 12 Feb 2026 20:38:49 +0000

• Organizations are rapidly adopting agents, but attackers are equally fast at exploiting misconfigured AI workflows. • Mis-sharing, unsafe orchestration, and weak authentication c

Top 10 actions to build agents securely with Microsoft Copilot Studio

Thu, 12 Feb 2026 20:38:49 +0000

• Organizations are rapidly adopting Copilot Studio agents, but threat actors are equally fast at exploiting misconfigured AI workflows. • Mis-sharing, unsafe orchestration, and we

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Thu, 12 Feb 2026 17:57:00 +0000

• Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support Google on Thursday said it observed the North Korea-linked threat actor known asUNC2970using its

Your complete guide to Microsoft experiences at RSAC™ 2026 Conference

Thu, 12 Feb 2026 17:00:00 +0000

• The era of AI is reshaping both opportunity and risk faster than any shift security leaders have seen. • Every organization is feeling the momentum; and for security teams, the q

Your complete guide to Microsoft experiences at RSAC™ 2026 Conference

Thu, 12 Feb 2026 17:00:00 +0000

• The era of AI is reshaping both opportunity and risk faster than any shift security leaders have seen. • Every organization is feeling the momentum; and for security teams, the q

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Thu, 12 Feb 2026 16:55:00 +0000

• Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign

3D Printer Surveillance

Thu, 12 Feb 2026 12:01:31 +0000

• NY’s 2026-27 budget bill mandates 3D printers to include blocking tech that blocks firearm designs. • The algorithm scans every print file, refusing prints flagged as potential f

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

Thu, 12 Feb 2026 10:30:00 +0000

• The CTEM Divide: Why 84% of Security Programs Are Falling Behind A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark

Senegalese Data Breaches Expose Lack of Security Maturity

Thu, 12 Feb 2026 09:00:00 +0000

• Cyberattacks & Data Breaches Cyber Risk Data Privacy Cybersecurity Operations News Breaking cybersecurity news, news analysis, commentary, and other content from around the world

Bypassing Administrator Protection by Abusing UI Access

Thu, 12 Feb 2026 08:00:00 +0000

• In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didnât exist. • I described one

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

Thu, 12 Feb 2026 07:32:00 +0000

• 83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure A significant chunk of the exploitation attempts targeting a newly disclosed security flaw i

ISC Stormcast For Thursday, February 12th, 2026 https://isc.sans.edu/podcastdetail/9806, (Thu, Feb 12th)

Thu, 12 Feb 2026 02:00:02 +0000

• ISC Stormcast For Thursday, February 12th, 2026 https://isc.sans.edu/podcastdetail/9806 Handler on Duty: Guy Bruneau Threat Level: green My next class: Application Security: Secu

Four Seconds to Botnet - Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary], (Wed, Feb 11th)

Thu, 12 Feb 2026 01:56:24 +0000

• SSH worm exploited weak passwords, compromising Linux systems in seconds. • Attack used credential brute force, uploading a 4.7 KB bash script via SCP. • Script established persi

Nation-State Actors Exploit Notepad++ Supply Chain

Wed, 11 Feb 2026 23:00:54 +0000

• Executive Summary Between June and December 2025, the official hosting infrastructure for the text editor Notepad++ was compromised by a state-sponsored threat group known as Lot

North Korea's UNC1069 Hammers Crypto Firms With AI

Wed, 11 Feb 2026 21:56:11 +0000

• In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix.

How to Stay on Top of Future Threats With a Cutting-Edge SOC

Wed, 11 Feb 2026 20:36:42 +0000

• CISOs should focus on harnessing and securing AI and building new skills among their people. • Vision and change management can transform security.

Apple Patches Everything: February 2026, (Wed, Feb 11th)

Wed, 11 Feb 2026 19:36:59 +0000

• Apple Patches Everything: February 2026 Today, Apple released updates for all of its operating systems (iOS, iPadOS, macOS, tvOS, watchOS, and visionOS). • The update fixes 71 di

Automaker Secures the Supply Chain With Developer-Friendly Platform

Wed, 11 Feb 2026 19:35:53 +0000

• How a platform engineering team embeds supply chain security into infrastructure without slowing developers.

The strategic SIEM buyer's guide: Choosing an AI-ready platform for the agentic era

Wed, 11 Feb 2026 17:00:00 +0000

• Share Link copied to clipboard! • Content types Best practices Topics AI and agents Security operations SIEM and XDR As the agentic era reshapes security operations, leaders face

Kimwolf Botnet Swamps Anonymity Network I2P

Wed, 11 Feb 2026 16:08:11 +0000

• Kimwolf botnet infected millions of IoT devices, turning them into relays for malicious traffic. • In late 2025, the botnet began targeting I2P to hide control servers from taked

AI Rising: Do We Know Enough About the Data Populating It?

Wed, 11 Feb 2026 14:31:47 +0000

• Organizations remain reluctant to address the fact that AI can dangerously expose business operations as well as personal data.

The game is over: when 'free' comes at too high a price. What we know about RenEngine

Wed, 11 Feb 2026 14:00:38 +0000

• Table of Contents Incident analysis Disguise as a visual novel ‘Game’ source files analysis HijackLoader Not only games Distribution Recommendations for protection Indicators of

Top Cyber Industry Defenses Spike CO2 Emissions

Wed, 11 Feb 2026 14:00:00 +0000

• Organizations can improve their climate footprints by optimizing two specific cybersecurity protections, without incurring added risks.

WSL in the Malware Ecosystem, (Wed, Feb 11th)

Wed, 11 Feb 2026 13:28:29 +0000

• WSL lets users run a full Linux environment inside Windows, eliminating need for VMs or dual boot. • WSL2’s lightweight virtualized kernel boosts compatibility and performance fo

Prompt Injection Via Road Signs

Wed, 11 Feb 2026 12:03:22 +0000

• Prompt Injection Via Road Signs Interesting research: ‘CHAI: Command Hijacking Against Embodied AI.’ Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases

CISA's 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure

Wed, 11 Feb 2026 12:00:00 +0000

• CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) unveiled its20

Spam and phishing in 2025

Wed, 11 Feb 2026 10:00:59 +0000

• The year in figures - 44.99% of all emails sent worldwide and 43.27% of all emails sent in the Russian web segment were spam - 32.50% of all spam emails were sent from Russia - K

Asia Fumbles With Throttling Back Telnet Traffic in Region

Wed, 11 Feb 2026 02:00:00 +0000

• Only Taiwan made the top 10 list of governments, effectively blocking the threat-ridden protocol, but overall, the region lagged in curbing Telnet traffic.

A Peek Into Muddled Libra's Operational Playbook

Tue, 10 Feb 2026 23:00:41 +0000

• Executive Summary During a September 2025 incident response investigation, Unit 42 discovered a rogue virtual machine (VM) which we believe with high confidence to be used by the

SolarWinds WHD Attacks Highlight Risks of Exposed Apps

Tue, 10 Feb 2026 22:00:53 +0000

• Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets for attackers.

In Bypassing MFA, ZeroDayRAT Is 'Textbook Stalkerware'

Tue, 10 Feb 2026 21:37:15 +0000

• With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineering.

80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier

Tue, 10 Feb 2026 16:00:00 +0000

• Today, Microsoft is releasing the new Cyber Pulse report to provide leaders with straightforward, practical insights and guidance on new cybersecurity risks. • One of today’s mos

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

Tue, 10 Feb 2026 14:56:21 +0000

• That helpful ‘Summarize with AI’ button? • It might be secretly manipulating what your AI recommends. • Microsoft security researchers have discovered a growing trend of AI memor

AI-Generated Text and the Detection Arms Race

Tue, 10 Feb 2026 12:03:50 +0000

• AI-Generated Text and the Detection Arms Race In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by arti

CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication

Tue, 10 Feb 2026 12:00:00 +0000

• CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) today released

A one-prompt attack that breaks LLM safety alignment

Mon, 09 Feb 2026 17:12:11 +0000

• Share Link copied to clipboard! • Content types Research Topics Actionable threat insights AI and agents Security management Large language models (LLMs) and diffusion models now

LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days

Mon, 09 Feb 2026 12:04:29 +0000

• LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days This is amazing: Opus 4.6 is notably better at finding high-severity vulnerabilities than previous mo

Analysis of active exploitation of SolarWinds Web Help Desk

Sat, 07 Feb 2026 01:08:49 +0000

• The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk (WHD) instances to get an initial fo

Novel Technique to Detect Cloud Threat Actor Operations

Fri, 06 Feb 2026 23:00:02 +0000

• Executive Summary Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors. • The difficu

New Clickfix variant 'CrashFix' deploying Python Remote Access Trojan

Thu, 05 Feb 2026 18:51:39 +0000

• In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. • This updated tactic deliberately crashes victims’ browsers and then att

The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD

Thu, 05 Feb 2026 17:00:00 +0000

• Share Link copied to clipboard! • Content types News Topics Office of the CISO Security management Security operations Every conversation I have with information security leaders

CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats

Thu, 05 Feb 2026 12:00:00 +0000

• CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) today issuedBin

The Shadow Campaigns: Uncovering Global Espionage

Thu, 05 Feb 2026 11:00:10 +0000

• Executive Summary This investigation unveils a new cyberespionage group that Unit 42 tracks as TGR-STA-1030. • We refer to the group’s activity as the Shadow Campaigns. • We asse

Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT

Thu, 05 Feb 2026 09:00:11 +0000

• Introduction Stan Ghouls (also known as Bloody Wolf) is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, a

Detecting backdoored language models at scale

Wed, 04 Feb 2026 17:00:00 +0000

• Today, we are releasing new research on detecting backdoors in open-weight language models. • Our research highlights several key properties of language model backdoors, laying t

Why Smart People Fall For Phishing Attacks

Wed, 04 Feb 2026 00:00:43 +0000

• Threat Research Center Insights Opinions Why Smart People Fall For Phishing Attacks By:Ria Bhatia Ria Bhatia Published:February 3, 2026 Categories:Business Email CompromiseCyberc

The Notepad++ supply chain attack - unnoticed execution chains and new IoCs

Tue, 03 Feb 2026 08:10:06 +0000

• UPD 11.02.2026: added recommendations on how to use the Notepad++ supply chain attack rules package in our SIEM system. • Introduction On February 2, 2026, the developers of Note

Please Don't Feed the Scattered Lapsus ShinyHunters

Mon, 02 Feb 2026 16:15:16 +0000

• Scattered Lapsus ShinyHunters (SLSH) uses harassment, threats, even swatting to extort firms. • They notify journalists and regulators, amplifying pressure beyond typical ransomw

Privileged File System Vulnerability Present in a SCADA System

Fri, 30 Jan 2026 23:00:01 +0000

• Iconics Suite SCADA system vulnerable (CVE-2025-0921) allows privilege escalation via unnecessary file system operations. • Exploitation can corrupt critical binaries, leading to

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529

Fri, 30 Jan 2026 08:00:00 +0000

• In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-f

Understanding the Russian Cyberthreat to the 2026 Winter Olympics

Thu, 29 Jan 2026 21:30:47 +0000

• Threat Research Center Insights Opinions Understanding the Russian Cyberthreat to the 2026 Winter Olympics By:Justin Moore Justin Moore Published:January 29, 2026 Categories:Cybe

Supply chain attack on eScan antivirus: detecting and remediating malicious updates

Thu, 29 Jan 2026 15:07:35 +0000

• UPD 30.01.2026: Added technical details about the attack chain and more IoCs. • On January 20, a supply chain attack has occurred, with the infected software being the eScan anti

CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats

Wed, 28 Jan 2026 12:00:00 +0000

• CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) is calling on cri

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Tue, 27 Jan 2026 08:00:42 +0000

• HoneyMyte upgraded CoolClient backdoor with new features, enhancing persistence and stealth. • The group deployed multiple browser login data stealers across recent campaigns. •

Who Operates the Badbox 2.0 Botnet?

Mon, 26 Jan 2026 16:11:38 +0000

• Kimwolf botnet, 2M infected devices, compromised Badbox 2.0 control panel screenshot. • Badbox 2.0: China-based botnet on Android TV streaming boxes, over ten million devices, us

Bypassing Windows Administrator Protection

Mon, 26 Jan 2026 08:00:00 +0000

• A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. • The goal of this feature is to replace User Account Control (UAC) with a mo

Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense

Sat, 24 Jan 2026 00:00:53 +0000

• CTA founded in 2014, uniting Palo Alto, Fortinet, McAfee, and Symantec for shared threat intelligence. • Shifted industry from proprietary intel to collaborative defense, raising

CISA Releases Product Categories List to Propel Post-Quantum Cryptography Adoption Pursuant to President Trump's Executive Order 14306

Fri, 23 Jan 2026 12:00:00 +0000

• CISA releases first product categories list for post‑quantum cryptography (PQC) adoption. • List identifies hardware and software that support or will support PQC standards. • De

The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time

Thu, 22 Jan 2026 11:00:22 +0000

• Attackers embed a benign page that calls an LLM API to generate malicious JavaScript in real time. • Prompt engineering bypasses AI safety guardrails, producing polymorphic phish

Kimwolf Botnet Lurking in Corporate, Govt. Networks

Tue, 20 Jan 2026 18:19:13 +0000

• Kimwolf botnet has infected over 2 million IoT devices, enabling massive DDoS attacks. • It scans local networks of compromised systems to spread to additional vulnerable devices

DNS OverDoS: Are Private Endpoints Too Private?

Tue, 20 Jan 2026 17:23:33 +0000

Azure Private Endpoints can unintentionally expose resources to DoS attacks. Attack vectors include accidental admin deployments, vendor setups, and malicious actors. Over 5% of Az

Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering

Sat, 17 Jan 2026 00:00:00 +0000

• Threat Research Center Insights Anatomy of an Attack Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering By:Randy Stone Randy Stone Published:January 16

A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave

Wed, 14 Jan 2026 18:00:00 +0000

• With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland conte

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby

Wed, 14 Jan 2026 17:59:00 +0000

• Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. • One effect of this change

CISA, UK NCSC, FBI Unveil Principles to Combat Cyber Risks in OT

Wed, 14 Jan 2026 12:00:00 +0000

• CISA, UK NCSC, FBI Unveil Principles to Combat Cyber Risks in OT WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA), United Kingdom’s National Cyber

Patch Tuesday, January 2026 Edition

Wed, 14 Jan 2026 00:47:38 +0000

• Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. • Eight of the vulnerabilities earned Microsof

Threat Brief: MongoDB Vulnerability (CVE-2025-14847)

Tue, 13 Jan 2026 20:30:02 +0000

• Executive Summary On Dec. • 19, 2025, MongoDB publicly disclosed MongoBleed, a security vulnerability (CVE-2025-14847) that allows unauthenticated attackers to leak sensitive hea

Remote Code Execution With Modern AI/ML Formats and Libraries

Tue, 13 Jan 2026 11:00:39 +0000

• Executive Summary We identified vulnerabilities in three open-source artificial intelligence/machine learning (AI/ML) Python libraries published by Apple, Salesforce and NVIDIA o

Who Benefited from the Aisuru and Kimwolf Botnets?

Thu, 08 Jan 2026 23:23:43 +0000

• Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android T

CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity

Thu, 08 Jan 2026 12:00:00 +0000

• CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the succe

Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk

Thu, 08 Jan 2026 11:00:46 +0000

• Threat Research Center Insights General Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk By:Kate MiddaghMichael Spisak Kate Middagh Michael Spisak Published:

The Kimwolf Botnet is Stalking Your Local Network

Fri, 02 Jan 2026 14:20:10 +0000

• The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. • The vulnerability at issue has been exploited for months alrea

Happy 16th Birthday, KrebsOnSecurity.com!

Mon, 29 Dec 2025 20:23:26 +0000

• KrebsOnSecurity.com celebrates its 16th anniversary today! • A huge ’thank you’ to all of our readers - newcomers, long-timers and drive-by critics alike. • Your engagement this

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Mon, 29 Dec 2025 10:00:35 +0000

• Overview of the attacks In mid-2025, we identified a malicious driver file on computer systems in Asia. • The driver file is signed with an old, stolen, or leaked digital certifi

Threat landscape for industrial automation systems in Q3 2025

Thu, 25 Dec 2025 10:00:55 +0000

• Table of Contents Statistics across all threats Selected industries Diversity of detected malicious objects Main threat sources Threat categories Malicious objects used for initi

Evasive Panda APT poisons DNS requests to deliver MgBot

Wed, 24 Dec 2025 07:00:01 +0000

• Introduction The Evasive Panda APT group (also known as Bronze Highland, Daggerfly, and StormBamboo) has been active since 2012, targeting multiple industries with sophisticated,

Assessing SIEM effectiveness

Tue, 23 Dec 2025 12:00:01 +0000

• A SIEM is a complex system offering broad and flexible threat detection capabilities. • Due to its complexity, its effectiveness heavily depends on how it is configured and what

Dismantling Defenses: Trump 2.0 Cyber Year in Review

Fri, 19 Dec 2025 15:14:55 +0000

• The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum o

CISA Releases Dynamic New Guide for Stadium and Arena Owners to Fortify Operations, Mitigate Vulnerabilities and Elevate Emergency Preparedness

Wed, 17 Dec 2025 12:00:00 +0000

• CISA Releases Dynamic New Guide for Stadium and Arena Owners to Fortify Operations, Mitigate Vulnerabilities and Elevate Emergency Preparedness WASHINGTON - Today, the Cybersecur

Opening Doors to the Future: CISA Announces Participation in the CyberCorps® Scholarship for Service (SFS)

Wed, 17 Dec 2025 12:00:00 +0000

• Opening Doors to the Future: CISA Announces Participation in the CyberCorps® Scholarship for Service (SFS) WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agenc

Most Parked Domains Now Serving Malicious Content

Tue, 16 Dec 2025 14:14:48 +0000

• Direct navigation - the act of visiting a website by manually typing a domain name in a web browser - has never been riskier: A new study finds the vast majority of ‘parked’ doma

Welcome to the new Project Zero Blog

Tue, 16 Dec 2025 10:00:00 +0000

• While on Project Zero, we aim for our research to be leading-edge, our blog design was â¦ not so much. • We welcome readers to our shiny new blog! • For the occasion, we asked me

Thinking Outside The Box [dusted off draft from 2017]

Tue, 16 Dec 2025 09:00:00 +0000

• Preface Hello from the future! • This is a blogpost I originally drafted in early 2017. • I wrote what I intended to be the first half of this post (about escaping from the VM to

Windows Exploitation Techniques: Winning Race Conditions with Path Lookups

Tue, 16 Dec 2025 08:00:00 +0000

• This post was originally written in 2016 for the Project Zero blog. • However, in the end it was published separately in the journal PoC||GTFO issue #13 as well as in the second

A look at an Android ITW DNG exploit

Fri, 12 Dec 2025 10:00:00 +0000

• Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. • Thanks to a lead from Meta, these samples came to the attention of Googl

Microsoft Patch Tuesday, December 2025 Edition

Tue, 09 Dec 2025 23:18:29 +0000

• Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. • This final Patch Tuesday of 2025 tackles one zero-day

Drones to Diplomas: How Russia's Largest Private University is Linked to a $25M Essay Mill

Sat, 06 Dec 2025 14:45:03 +0000

• A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious ties to a Kremlin-connected oligarch whose Russian u

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure

Fri, 05 Dec 2025 19:35:38 +0000

• Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure Actions for Operational Technology Owners and Operators to Take Today to Mitiga

SMS Phishers Pivot to Points, Taxes, Fake Retailers

Thu, 04 Dec 2025 23:02:34 +0000

• China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday s

CISA Shares Lessons Learned from an Incident Response Engagement

Mon, 22 Sep 2025 15:12:49 +0000

• CISA Shares Lessons Learned from an Incident Response Engagement Advisory at a Glance Executive Summary | CISA began incident response efforts at a U.S. • federal civilian execut

Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System

Mon, 25 Aug 2025 13:36:40 +0000

• Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System Executive summary People’s Republic of China (PRC) state-sponsored cybe

CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization

Tue, 29 Jul 2025 17:53:52 +0000

• CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization Summary The Cybersecurity and Infrast

#StopRansomware: Interlock

Mon, 21 Jul 2025 14:11:24 +0000

• #StopRansomware: Interlock Actions for Organizations to Take Today to Mitigate Cyber Threats Related to Interlock Ransomware Activity Prevent initial access by implementing domai

Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider

Thu, 12 Jun 2025 14:29:54 +0000

• Ransomware actors target unpatched SimpleHelp RMM to breach utility billing software provider customers. • Vulnerability CVE-2024-57727, a path traversal flaw, exploited in Simpl

Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations

Tue, 20 May 2025 19:20:23 +0000

• FBI & CISA issue joint advisory on LummaC2 infostealer targeting critical infrastructure. • Malware infiltrates networks, exfiltrates sensitive data via spearphishing links and a

Russian GRU Targeting Western Logistics Entities and Technology Companies

Mon, 12 May 2025 16:49:12 +0000

• Russian GRU’s 85th GTsSS unit 26165 targets Western logistics and tech firms. • Campaign focuses on coordination, transport, delivery of foreign aid to Ukraine. • Uses known TTPs

Fast Flux: A National Security Threat

Tue, 01 Apr 2025 19:00:21 +0000

• Fast flux hides malicious server locations by rapidly changing DNS records. • Enables cybercriminals and nation-state actors to evade detection and maintain C2. • Resilient, high

#StopRansomware: Medusa Ransomware

Tue, 11 Mar 2025 14:52:42 +0000

• Patch OS, software, firmware promptly to close known vulnerabilities across all systems. • Segment networks to limit lateral movement from infected devices and protect critical a