Entwickler werden zum Angriffsvektor

Thu Feb 12 2026

Softwareentwickler sind gefragt – auch unter kriminellen Hackern.

CSO Online

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

Thu Feb 12 2026

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication.

CSO Online

Companies are using ‘Summarize with AI’ to manipulate enterprise chatbots

Thu Feb 12 2026

That handy ‘Summarize with AI’ button embedded in a growing number of websites, browsers, and apps to give users a quick overview of their content could in some cases be hiding a dark secret: a new fo

CSO Online

ICE Is Crashing the US Court System in Minnesota

Wed Feb 11 2026

Petitions demanding people get the chance to be released from ICE custody have overwhelmed courts throughout the US.

Wired

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Wed Feb 11 2026

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been...

The Hacker News

CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’

Wed Feb 11 2026

US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet.

Wired

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Wed Feb 11 2026

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often...

The Hacker News

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

Wed Feb 11 2026

It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere...

The Hacker News

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

Wed Feb 11 2026

A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware families against crypto-focused organizations.

CSO Online

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Wed Feb 11 2026

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often...

The Hacker News

EU clears Google’s $32B Wiz acquisition, intensifying cloud security competition

Wed Feb 11 2026

Google has secured unconditional EU antitrust approval for its $32 billion acquisition of cloud security firm Wiz, clearing a major regulatory hurdle and paving the way for one of the largest cybersec

CSO Online

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Wed Feb 11 2026

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code...

The Hacker News

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Wed Feb 11 2026

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of...

The Hacker News

The hard part of purple teaming starts after detection

Wed Feb 11 2026

In my recent articles for CSO, I’ve talked about the limits of current SOC models and the importance of rehearsal.

CSO Online

CISOs must separate signal from noise as CVE volume soars

Wed Feb 11 2026

In 2026, the cybersecurity industry is expected to cross a threshold it has never reached before: More than 50,000 publicly disclosed software vulnerabilities in a single year.

CSO Online

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

Wed Feb 11 2026

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated...

The Hacker News

Vorgetäuschte PDFs bergen neue Gefahren

Wed Feb 11 2026

loading="lazy" width="400px">Cyberkriminelle verschicken ihre Malware als PDF-Dateien getarnt.

CSO Online

Der Kaufratgeber für Breach & Attack Simulation Tools

Wed Feb 11 2026

Breach & Attack Simulation Tools geben Aufschluss darüber, wie gut (oder schlecht) Ihre Sicherheitskontrollen funktionieren.

CSO Online

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Wed Feb 11 2026

Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases.

CSO Online

BeyondTrust fixes critical RCE flaw in remote access tools

Tue Feb 10 2026

Companies using self-hosted versions of BeyondTrust Remote Support (RS) or Privileged Remote Access (PRA) should deploy patches for a critical vulnerability that allows attacks to execute OS commands

CSO Online

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

Tue Feb 10 2026

The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme. "These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent...

The Hacker News

SolarWinds WHD zero-days from January are under attack

Tue Feb 10 2026

SolarWinds Web Help Desk (WHD) is under attack, with recent incidents exploiting a chain of zero-day and patched vulnerabilities dating back to late 2025, an analysis of customer reports by security c

CSO Online

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Tue Feb 10 2026

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection...

The Hacker News

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Tue Feb 10 2026

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers are no longer optimizing for...

The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Tue Feb 10 2026

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may...

The Hacker News

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

Tue Feb 10 2026

Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems.

CSO Online

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security

Tue Feb 10 2026

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI's total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates in security tools and making every alert...

The Hacker News

Single prompt breaks AI safety in 15 major language models

Tue Feb 10 2026

A single benign-sounding prompt can systematically strip safety guardrails from major language and image models, raising fresh questions about the durability of AI alignment when models are customized

CSO Online

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

Tue Feb 10 2026

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief Commercial Officer, Derek Curtis, said. "Prior to the breach, we had approximately 30 servers/VMs...

The Hacker News

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

Tue Feb 10 2026

The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday. "On January 29, the National Cyber Security Center (...

The Hacker News

How to govern agentic AI so as not to lose control

Tue Feb 10 2026

This year will mark the turning point where artificial intelligence will stop assisting and start acting.

CSO Online

69% of CISOs open to career move — including leaving role entirely

Tue Feb 10 2026

Enterprise CISOs are increasingly willing — and eager — to jump ship, with some frustrated enough to want to leave cybersecurity entirely.

CSO Online

Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges

Tue Feb 10 2026

When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Cal

CSO Online

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

Mon Feb 09 2026

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, and...

The Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Mon Feb 09 2026

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently...

The Hacker News

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Mon Feb 09 2026

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even...

The Hacker News

OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks

Mon Feb 09 2026

OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which se

CSO Online

DKnife targets network gateways in long running AitM campaign

Mon Feb 09 2026

A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traf

CSO Online

AI Is Here to Replace Nuclear Treaties. Scared Yet?

Mon Feb 09 2026

The last major nuclear arms treaty between the US and Russia just expired. Some experts believe a combination of satellite surveillance, AI, and human reviewers can take its place. Others, not so much.

Wired

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Mon Feb 09 2026

Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearer...

The Hacker News

Iran’s Digital Surveillance Machine Is Almost Complete

Mon Feb 09 2026

After more than 15 years of draconian measures, culminating in an ongoing internet shutdown, the Iranian regime seems to be staggering toward its digital surveillance endgame.

Wired

Never settle: How CISOs can go beyond compliance standards to better protect their organizations

Mon Feb 09 2026

The start of a new year means a fresh start for everyone, including cybersecurity teams.

CSO Online

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

Mon Feb 09 2026

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT...

The Hacker News

Schrödinger’s cat and the enterprise security paradox

Mon Feb 09 2026

Most security leaders quietly live with a paradox they rarely name out loud.

CSO Online

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Mon Feb 09 2026

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed...

The Hacker News

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

Mon Feb 09 2026

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company...

The Hacker News

Software developers: Prime cyber targets and a rising risk vector for CISOs

Mon Feb 09 2026

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector.

CSO Online

Customer Identity & Access Management: Die besten CIAM-Tools

Mon Feb 09 2026

Wir haben die besten Lösungen in Sachen Customer Identity & Access Management für Sie zusammengestellt.

CSO Online

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

Sun Feb 08 2026

OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now scanned using VirusTotal's threat intelligence, including their new Code Insight capability,"...

The Hacker News

Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data

Sat Feb 07 2026

Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more.

Wired

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Sat Feb 07 2026

Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. "The focus is on high-ranking targets in...

The Hacker News

ICE Agent’s ‘Dragging’ Case May Help Expose Evidence in Renee Good Shooting

Fri Feb 06 2026

The government has withheld details of the investigation of Renee Good’s killing—but an unrelated case involving the ICE agent who shot her could force new revelations.

Wired

Six more vulnerabilities found in n8n automation platform

Fri Feb 06 2026

Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes.

CSO Online

Claude AI finds 500 high-severity software vulnerabilities

Fri Feb 06 2026

Anthropic only released its latest large language model, Claude Opus 4.

CSO Online

Pretend Disk Format: PDFs harbor new dangers

Fri Feb 06 2026

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks.

CSO Online

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Fri Feb 06 2026

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to...

The Hacker News

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

Fri Feb 06 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down technical debt and minimize...

The Hacker News

Ten career-ending mistakes CISOs make and how to avoid them

Fri Feb 06 2026

The Chief Information Security Officer role has become one of the most precarious positions in the C-suite.

CSO Online

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

Fri Feb 06 2026

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155...

The Hacker News

CISA gives federal agencies 18 months to purge unsupported edge devices

Fri Feb 06 2026

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security resear

CSO Online

Zscaler extends zero-trust security to browsers with SquareX acquisition

Fri Feb 06 2026

Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup.

CSO Online

How Samsung Knox Helps Stop Your Network Security Breach

Fri Feb 06 2026

As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically tailored to their...

The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Fri Feb 06 2026

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below - @dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31&...

The Hacker News

The blind spot every CISO must see: Loyalty

Fri Feb 06 2026

The longstanding assumption that tenure, performance metrics, or expressed commitment serve as reliable indicators of the trustworthiness of an employee persists across many sectors.

CSO Online

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Fri Feb 06 2026

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday, comes with improved coding skills, including code review and debugging capabilities, along with...

The Hacker News

Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen

Fri Feb 06 2026

Mit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke.

CSO Online

Four new vulnerabilities found in Ingress NGINX

Fri Feb 06 2026

Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments.

CSO Online

New APT group breached gov and critical infrastructure orgs in 37 countries

Thu Feb 05 2026

A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that c

CSO Online

Substack data breach leaks users’ email addresses and phone numbers

Thu Feb 05 2026

Substack, a high-profile publishing platform widely used by academics, journalists, subject matter experts, and controversialists, has suffered a data breach affecting an unknown number of its creator

CSO Online

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are

Thu Feb 05 2026

ICE has used Mobile Fortify to identify immigrants and citizens alike over 100,000 times, by one estimate. It wasn't built to work like that—and only got approved after DHS abandoned its own privacy rules.

Wired