Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

Sat Feb 28 2026

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk." "This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons," the...

The Hacker News

Security hole could let hackers take over Juniper Networks PTX core routers

Fri Feb 27 2026

Network admins with Juniper PTX series routers in their environments are being warned to patch immediately, because a newly-discovered critical vulnerability could lead to an unauthenticated threat ac

CSO Online

‘Silent’ Google API key change exposed Gemini AI data

Fri Feb 27 2026

Google Cloud API keys, normally used as simple billing identifiers for APIs such as Maps or YouTube, could be scraped from websites to give access to private Gemini AI project data, researchers from T

CSO Online

DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams

Fri Feb 27 2026

The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added. "Criminal...

The Hacker News

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

Fri Feb 27 2026

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. The non-profit entity said the compromises are likely...

The Hacker News

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

Fri Feb 27 2026

Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/crypto" codebase, but injects malicious code that's responsible for exfiltrating secrets entered via terminal password...

The Hacker News

One of the ‘most influential cybersecurity’ roles will pay under $175,000

Fri Feb 27 2026

A recent job ad  is causing plenty of head-shaking, suggesting that some government high-ups  appear to be out of touch with the current state of the cybersecurity job market.

CSO Online

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

Fri Feb 27 2026

The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware...

The Hacker News

Your personal OpenClaw agent may also be taking orders from malicious websites

Fri Feb 27 2026

If you thought running an AI agent locally kept it safely inside your machine’s walls, you’re in for a surprise.

CSO Online

US authorities punish sellers of malware and spyware

Fri Feb 27 2026

The US authorities have made it clear that they will have no truck with any individuals trying to by-pass regulations on trading cyberweapons with hostile powers.

CSO Online

Why application security must start at the load balancer

Fri Feb 27 2026

For a long time, I thought of the load balancer as a performance device.

CSO Online

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Fri Feb 27 2026

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar," the Microsoft Threat Intelligence team said in a post on X. "This downloader used PowerShell...

The Hacker News

Enterprise Spotlight: Data Center Modernization

Fri Feb 27 2026

CSO Online

Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses

Fri Feb 27 2026

A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars.

Wired

How to make LLMs a defensive advantage without creating a new attack surface

Fri Feb 27 2026

Large language models (LLMs) have arrived in security in three different forms at once: as productivity tools that sit beside analysts, as components embedded inside products and workflows and as targ

CSO Online

Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams

Fri Feb 27 2026

Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers' methods of payment have been suspended, related accounts have been disabled, and the website domain names used to pull off the scams have been blocked. Concurrently, the social...

The Hacker News

The CSO guide to top security conferences

Fri Feb 27 2026

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have

CSO Online

Ransomware groups switch to stealthy attacks and long-term access

Fri Feb 27 2026

Ransomware attackers are switching tactics in favor of more stealthy infiltration, as the threat of public exposure of sensitive corporate data is becoming the main mechanism of extortion.

CSO Online

Hacker kompromittieren immer schneller

Fri Feb 27 2026

Der Einsatz von KI-Tools macht Cyberangriffe nicht nur schneller, sondern erhöht auch die Taktzahl.

CSO Online

This AI Agent Is Designed to Not Go Rogue

Thu Feb 26 2026

The new open source project IronCurtain uses a unique method to secure and constrain AI assistant agents before they flip your digital life upside down.

Wired

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Thu Feb 26 2026

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain," Qrator Labs said in a report shared with The...

The Hacker News

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

Thu Feb 26 2026

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor. "Dohdoor utilizes the DNS-over-HTTPS (DoH)...

The Hacker News

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

Thu Feb 26 2026

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth paying attention to. AI-powered command...

The Hacker News

Expert Recommends: Prepare for PQC Right Now

Thu Feb 26 2026

Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex and highly professional criminal ecosystem. The era of the cloud brought general availability of...

The Hacker News

China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries

Thu Feb 26 2026

Google has disrupted a China-linked espionage group that used Google’s spreadsheet application as a covert spy tool to compromise telecom providers and government agencies across 42 countries, sending

CSO Online

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

Thu Feb 26 2026

A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code...

The Hacker News

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Thu Feb 26 2026

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by a user named...

The Hacker News

The farmers and the mercenaries: Rethinking the ‘human layer’ in security

Thu Feb 26 2026

There’s a phrase that’s become gospel in cybersecurity: “Employees are the last line of defense.

CSO Online

5 trends that should top CISO’s RSA 2026 agendas

Thu Feb 26 2026

RSA 2026 is still weeks away and the hype machine is humming.

CSO Online

Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

Thu Feb 26 2026

A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain...

The Hacker News

9 unverzichtbare Open-Source-Security-Tools

Thu Feb 26 2026

Diese Open-Source-Tools adressieren spezifische Security-Probleme – mit minimalem Footprint.

CSO Online

So rechtfertigen Sie Ihre Security-Investitionen

Thu Feb 26 2026

Lesen Sie, welche Aspekte entscheidend sind, um die Investitionen in die Cybersicherheit im Unternehmen zu rechtfertigen.

CSO Online

Steaelite RAT combines data theft and ransomware management capability in one tool

Thu Feb 26 2026

It’s bad enough that threat actors are leveraging AI for their attacks, but now they can also access a new remote access trojan (RAT) that makes it easy to launch data theft and ransomware attacks on

CSO Online

Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day

Wed Feb 25 2026

Cybersecurity agencies across the Five Eyes alliance have issued an emergency directive warning that a critical Cisco SD-WAN vulnerability is being actively exploited to gain unauthorized access to fe

CSO Online

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries

Wed Feb 25 2026

Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"...

The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Wed Feb 25 2026

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing...

The Hacker News

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

Wed Feb 25 2026

The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to...

The Hacker News

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Wed Feb 25 2026

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room for real threats to slip through. So where does triage go wrong? Here are five triage...

The Hacker News

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Wed Feb 25 2026

Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications....

The Hacker News

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

Wed Feb 25 2026

Microsoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.

CSO Online

Manual Processes Are Putting National Security at Risk

Wed Feb 25 2026

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is a systemic...

The Hacker News

Ukrainian convicted for helping fake North Korean IT workers

Wed Feb 25 2026

A Ukrainian man has been sentenced to five years in prison after helping North Korean IT workers infiltrate American companies using stolen identities, reports Bleepingcomputer.

CSO Online

How Mexico's ‘CJNG’ Drug Cartel Embraced AI, Drones, and Social Media

Wed Feb 25 2026

Drug kingpin Nemesio “El Mencho” Oseguera Cervantes may be dead, but the Jalisco cartel he ran for years will likely outlive him—thanks, in part, to the criminal group’s embrace of technology.

Wired

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker

Wed Feb 25 2026

A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams...

The Hacker News

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

Wed Feb 25 2026

SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary...

The Hacker News

Boards don’t need cyber metrics — they need risk signals

Wed Feb 25 2026

Security teams live in a world of numbers.

CSO Online

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

Wed Feb 25 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute...

The Hacker News

Hacker knackt 600 Firewalls in einem Monat – mit KI

Wed Feb 25 2026

Bedrohungsakteure setzen zunehmend KI-Tools ein, um ihre Angriffe durchzuführen.

CSO Online

So verändert KI Ihre GRC-Strategie

Wed Feb 25 2026

Rob Schultz / Shutterstock Da Unternehmen Cybersicherheit in ihre GRC (Governance, Risk & Compliance)-Prozesse integrieren, müssen bestehende Programme überarbeitet werden.

CSO Online

New Serv-U bugs extend SolarWinds’ run of high-severity disclosures

Wed Feb 25 2026

SolarWinds continues to be besieged by security issues, this time in its Serv-U managed file transfer server.

CSO Online

Fake Zoom meeting silently installs surveillance software, says Malwarebytes

Wed Feb 25 2026

The latest fake Zoom meeting scam silently pushes surveillance software onto the Windows computers of unwitting employees.

CSO Online

VMware fixes command injection flaw in Aria Operations

Wed Feb 25 2026

VMware has released patches for several high- and medium-risk vulnerabilities that impact its Aria Operations, Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure products.

CSO Online

Here’s What a Google Subpoena Response Looks Like, Courtesy of the Epstein Files

Tue Feb 24 2026

The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data.

Wired

What does business email compromise look like?

Tue Feb 24 2026

Business email compromise (BEC) is the digital con dressed to impress.

CSO Online

What are the types of ransomware attacks?

Tue Feb 24 2026

Ransomware isn’t an isolated, potential cyber threat—it’s like a living organism that can shapeshift with multiple strains, tactics, and targets.

CSO Online

Take control: Locking down common endpoint vulnerabilities

Tue Feb 24 2026

Attackers are constantly on the prowl, scoping out vulnerabilities of network-connected devices in your systems.

CSO Online

How to prevent business email compromise

Tue Feb 24 2026

Business email compromise (BEC) is the cyber equivalent of an expertly forged handwritten note—no malware fireworks, no flashing warnings, just a convincing request that tricks someone into wiring mon

CSO Online

Know the red flags: Business email compromise signs to look out for

Tue Feb 24 2026

When it comes to cyber threats, business email compromise (BEC) is one of the sneakiest, most costly scams out there.

CSO Online

Cyber defense: From reactive to proactive

Tue Feb 24 2026

When systems are attacked, we should respond.

CSO Online

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

Tue Feb 24 2026

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a...

The Hacker News

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

Tue Feb 24 2026

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional...

The Hacker News

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

Tue Feb 24 2026

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be...

The Hacker News

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Tue Feb 24 2026

The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare...

The Hacker News

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Tue Feb 24 2026

A massive Shai-Hulud-style npm supply chain worm is hitting the software ecosystem, burrowing through developer machines, CI pipelines, and AI coding tools.

CSO Online

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

Tue Feb 24 2026

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several...

The Hacker News

Bitcoin-Milliarden von Raubkopie-Portal im Visier der Justiz

Tue Feb 24 2026

Urheberrechtsverstöße sind ein einträglisches Geschäft.

CSO Online

It’s time to rethink CISO reporting lines

Tue Feb 24 2026

Despite inroads in the C-suite and rising prominence across the business at large, security leaders are still more likely to operate at a remove from the organization’s executive leadership when it co

CSO Online

The rise of the evasive adversary

Tue Feb 24 2026

Since the earliest days of the internet, there has never been a let-up in adversarial activity.

CSO Online

Anthropic’s Claude Code Security rollout is an industry wakeup call

Tue Feb 24 2026

When Anthropic launched a “limited research preview” of its Claude Code Security offering on Friday, Wall Street investors sent the stocks of the largest cybersecurity vendors plunging.

CSO Online

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Tue Feb 24 2026

Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms...

The Hacker News

OT-Security: Warum der Blick auf Open Source lohnt

Tue Feb 24 2026

Auch im OT-Security-Bereich stellen Open-Source-Lösungen eine kostengünstige Alternative zu kommerziellen Tools dar.

CSO Online

Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon

Tue Feb 24 2026

A Russian-speaking threat actor is using commercial generative AI services to compromise hundreds of Fortinet Fortigate firewalls, warns Amazon Threat Intelligence.

CSO Online

APT28 Targeted European Entities Using Webhook-Based Macro Malware

Mon Feb 23 2026

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. "The campaign relies on basic tooling and the exploitation of legitimate services...

The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Mon Feb 23 2026

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim...

The Hacker News

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Mon Feb 23 2026

Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools...

The Hacker News