Cybersecurity

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

• A vulnerability in GitHub Codespaces could have allowed attackers to take over repositories by injecting malicious Copilot instructions in a GitHub issue.The attack, Orca Securit

Is AI Good for Democracy?

• Is AI Good for Democracy? • Politicians fixate on the global race for technological supremacy between US and China. • They debate geopolitical implications of chip exports, lates

Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs

• The Taiwan-based cybersecurity firm TeamT5 has confirmed that the vulnerability added recently by CISA to its Known Exploited Vulnerabilities (KEV) catalog was likely exploited b

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

• Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or ‘what failed a control check.’ That approach breaks the moment your envir

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

• Lazarus Group Uses Medusa Ransomware in Middle East and U.S. • Healthcare Attacks The North Korea-linkedLazarus Group(aka Diamond Sleet and Pompilus) has been observed using Medu

ShinyHunters extortion gang claims Odido breach affecting millions

• ShinyHunters extortion gang claims Odido breach affecting millions February 24, 2026 06:40 AM 0 The ShinyHunters extortion gang has claimed responsibility for breaching Dutch tel

Telegram CEO faces Russia probe over allegations of terrorism facilitation

• Russian authorities investigate Telegram co‑founder Pavel Durov for terrorism facilitation. • Allegations stem from 155,000 channels flagged for illegal content. • Investigation

North Korean Lazarus group linked to Medusa ransomware attacks

• North Korean Lazarus group linked to Medusa ransomware attacks February 24, 2026 06:00 AM 0 North Korean state-backed hackers associated with the Lazarus threat group are targeti

Anonymous Fénix Members Arrested in Spain

• Spanish authorities this week announced the arrest of four members of the Anonymous Fénix group for their involvement in distributed denial-of-service (DDoS) attacks.The suspects

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

• UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors The threat activity cluster known asUnsolicitedBookerhas been observed targeting telecommun

CrowdStrike 2026 Global Threat Report AI Evasive Adversary

• 2026 Global Threat Report highlights AI‑driven adversaries employing evasive tactics across industries. • Report identifies 59 zero‑day CVEs patched in February, underscoring rap

Anthropic's Claude Code Security Shakes Cybersecurity Stocks

• Anthropic launches Claude Code Security, an AI code vulnerability scanner. • Tool scans entire codebase, flags vulnerabilities, suggests patches. • Market reaction: cybersecurity

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

• Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model Anthropic on Monday said it identified ‘industrial-scale campaigns’ mounted by three artificial intel

ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822, (Tue, Feb 24th)

• ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822 Handler on Duty: Johannes Ullrich Threat Level: green My next class: Application Security:

The risks of cybersecurity tool sprawl: Why consolidation is a strategic priority

• The risks of cybersecurity tool sprawl: Why consolidation is a strategic priority Jackson Connell, Mitch Pronschinske Optimize operations Risk & compliance Culture & collaboratio

GyroidOS virtualization solution aims to secure embedded devices, ease cybersecurity certification

• Maintained by Fraunhofer AISEC, GyroidOS is an open-source, multi-arch OS-level virtualization solution designed for embedded devices with hardware security features, and aiming

Android mental health apps with 14.7M installs filled with security flaws

• Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information. • In one of t

Spitting Cash: ATM Jackpotting Attacks Surged in 2025

• The attacks cost banks more than $20 million in losses last year, as criminals used many of the same tools and tactics they have wielded for more than a decade. • The attacks cos

More Than Dashboards: AI Decisions Must Be Provable

• AI systems have to be able to show a record of what happened and how.

Spain arrests suspected hacktivists for DDoSing govt sites

• Spain arrests suspected hacktivists for DDoSing govt sites February 23, 2026 04:59 PM 0 Spanish authorities have arrested four alleged members of a hacktivist group believed to h

Iran's MuddyWater Targets Orgs With Fresh Malware as Tensions Mount

• Threat Intelligence Cyberattacks & Data Breaches Endpoint Security Remote Workforce News Breaking cybersecurity news, news analysis, commentary, and other content from around the

Enigma Cipher Device Still Holds Secrets for Cyber Pros

• The Nazi relic’s history is riddled with resilience errors, and those lessons still apply to defending against modern cyber threats. • The Nazi relic’s history is riddled with re

APT28 Targeted European Entities Using Webhook-Based Macro Malware

• APT28 Targeted European Entities Using Webhook-Based Macro Malware The Russia-linkedstate-sponsored threat actortracked asAPT28has been attributed to a new campaign targeting spe

Microsoft says bug in classic Outlook hides the mouse pointer

• Microsoft says bug in classic Outlook hides the mouse pointer February 23, 2026 02:40 PM 1 Microsoft is investigating a known issue that causes the mouse pointer to disappear in

600+ FortiGate Devices Hacked by AI-Armed Amateur

• A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks. • A Russian-speak

Claude Code Security Causes A SaaS-pocalypse In Cybersecurity

• Claude Code Security Causes A SaaS-pocalypse In Cybersecurity We have seen this pattern before, even if the specifics look different. • Think back to the day AWS introduced Guard

Ad tech firm Optimizely confirms data breach after vishing attack

• Ad tech firm Optimizely confirms data breach after vishing attack February 23, 2026 01:04 PM 0 New York-based ad tech company Optimizely has notified an undisclosed number of cus

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

• Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromise

The Art of Deception: How Threat Actors Master Typosquatting Campaigns to Bypass Detection

• FeaturedThe Art of Deception: How Threat Actors Master Typosquatting Campaigns to Bypass DetectionFeb 23, 2026Introducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interact

US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach

• Nearly 140,000 people are affected by a data breach disclosed by healthcare diagnostic company Vikor Scientific.The number of affected individuals came to light in recent days on

When identity isn't the weak link, access still is

• For years, identity has been treated as the foundation of workforce security. • If an organization could reliably confirm who a user was, the assumption followed that access coul

Another day, another malicious JPEG, (Mon, Feb 23rd)

• Another day, another malicious JPEG In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. • At that po

Ukrainian Gets 5 Years in US Prison for Aiding North Korean IT Fraud

• A Ukrainian national was sentenced to five years in a US prison for selling stolen identities to fraudulent North Korean workers and for facilitating the operation of laptop farm

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

• Security news rarely moves in a straight line. • This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public vie

Autonomous AI Agents Provide New Class of Supply Chain Attack

• Found in Clawhub, promoted on Moltbook, Bob-ptp is an ongoing active agent-based crypto scam.It’s ironic that new technology often defies the fundamental security rule of zero tr

On the Security of Password Managers

• On the Security of Password Managers Good article on password managers that secretly have a backdoor. • New research shows that these claims aren’t true in all cases, particularl

How Exposed Endpoints Increase Risk Across LLM Infrastructure

• How Exposed Endpoints Increase Risk Across LLM Infrastructure As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and

Romanian Hacker Pleads Guilty to Selling Access to US State Network

• A Romanian national pleaded guilty in a US court to selling unauthorized access to an Oregon state government office’s network.The man, Catalin Dragomir, 45, of Constanta, Romani

Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS

• Over 600 Fortinet FortiGate firewall instances have been hacked in an AI-powered campaign that exploits exposed ports and weak credentials, AWS reports.The attacks, observed betw

AI for Cybersecurity: Promise, Practice, and Pitfalls

• AI for Cybersecurity: Promise, Practice, and Pitfalls Free Virtual EventNovember 19, 2025 | 11:00 AM EDT About The Event AI is revolutionizing the cybersecurity landscape. • From

Mississippi Hospital System Closes All Clinics After Ransomware Attack

• A ransomware attack forced the University of Mississippi Medical Center to close all of its roughly three dozen clinics around the state and cancel elective procedures for a seco

CrowdStrike Named a Customers’ Choice in 2026 Gartner Peer Insights™ Voice of the Customer for Application Security Posture Management Tools

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

What Security Teams Need to Know About OpenClaw, the AI Super Agent

• OpenClaw is CrowdStrike’s AI super agent for automated threat hunting. • It orchestrates data from multiple sensors to identify suspicious activity. • AI models continuously lear

Advanced Web Shell Detection and Prevention: A Deep Dive into CrowdStrike's Linux Sensor Capabilities

• FeaturedIntroducing ‘AI Unlocked: Decoding Prompt Injection,’ a New Interactive ChallengeFeb 18, 2026Exposing Insider Threats through Data Protection, Identity, and HR ContextFeb

CrowdStrike Named Customers' Choice Attack Surface Management

• Gartner named CrowdStrike the sole Customers’ Choice for External Attack Surface Management. • Falcon X provides continuous visibility into cloud, on‑prem, and SaaS attack surfac

Human‑AI Feedback Loop Powering CrowdStrike Agentic Security

• Human‑AI feedback loop enhances threat detection by combining analyst intuition with machine learning insights. • CrowdStrike’s Agentic Security framework empowers analysts to gu

Scale SOC Automation Falcon Fusion SOAR

• Falcon Fusion SOAR automates SOC workflows across security tools. • Low‑code platform accelerates incident response times. • AI‑powered playbooks prioritize high‑impact alerts. •

CrowdStrike Named Customers' Choice 2026 Gartner Peer Insights Voice User Authentication

• CrowdStrike awarded Customers’ Choice for user authentication in 2026. • Recognition reflects high customer satisfaction and product reliability. • Falcon platform offers multi‑f

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

• Cybersecurity researchers have disclosed what they say is an active ‘Shai-Hulud-like’ supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm package

PayPal Data Breach Led to Fraudulent Transactions

• PayPal disclosed a data breach affecting personal info of ~100 customers. • Breach caused by coding error in PayPal Working Capital loan application. • Exposed data included name

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

• MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP The Iranian hacking group known asMuddyWater(aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targ

ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820, (Mon, Feb 23rd)

• ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820 Handler on Duty: Johannes Ullrich Threat Level: green My next class: Application Security: S

Arkanix Stealer pops up as short-lived AI info-stealer experiment

• Arkanix Stealer pops up as short-lived AI info-stealer experiment February 22, 2026 10:33 AM 0 An information-stealing malware operation named Arkanix Stealer, promoted on multip

Predator spyware hooks iOS SpringBoard to hide mic, camera activity

• Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. • The malware does not exploit any iOS vulne

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

• AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercia

Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks

• Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks February 21, 2026 08:50 AM 0 Amazon is warning that a Russian-speaking hacker used multiple generative AI s

Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks

• Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks February 21, 2026 08:50 AM 0 Article updated at the bottom with additional technical details about this camp

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

• Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Clau

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

• CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog The U.S. • Cybersecurity and Infrastructure Security Agency (CISA) on Fridayaddedtwo security flaws impacting Roun

Japanese-Language Phishing Emails, (Sat, Feb 21st)

• Japanese-Language Phishing Emails Introduction For at least the past year or so, I’ve been receiving Japanese-language phishing emails to my blog email addresses at @malware-traf