Compromised npm package silently installs OpenClaw on developer machines

Sat Feb 21 2026

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not.

CSO Online

DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies

Fri Feb 20 2026

Homeland Security aims to combine its face and fingerprint systems into one big biometric platform—after dismantling centralized privacy reviews and key limits on face recognition.

Wired

Metadata Exposes Authors of ICE’s ‘Mega’ Detention Center Plans

Fri Feb 20 2026

Comments and other data left on a PDF detailing Homeland Security’s proposal to build “mega” detention and processing centers reveal the personnel involved in its creation.

Wired

Don’t trust TrustConnect: This fake remote support tool only helps hackers

Fri Feb 20 2026

After breaking into a system, crooks often install legitimate remote admin tools to keep a foothold on the network — with the risk that the tool’s vendor spots them and locks them out.

CSO Online

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Fri Feb 20 2026

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the...

The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Fri Feb 20 2026

In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI...

The Hacker News

KI und Komplexität als Brandbeschleuniger für Cyberkriminelle

Fri Feb 20 2026

Cyberangriffe werden immer schneller, wodurch sich die Zeitspanne zwischen der ersten Kompromittierung und den negativen Folgen verkürzt.

CSO Online

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

Fri Feb 20 2026

Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage...

The Hacker News

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026

Fri Feb 20 2026

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.  For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are...

The Hacker News

Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case

Fri Feb 20 2026

A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land...

The Hacker News

Sonderkommission ermittelt zu Cyberangriff auf Kunstsammlungen Dresden

Fri Feb 20 2026

Die Staatlichen Kunstsammlungen Dresden waren Ziel einer Cyberattacke.

CSO Online

FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025

Fri Feb 20 2026

The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025. The agency said 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 took place last year. In December 2025, the U.S. Department of Justice (DoJ) said about $40.73 million has been collectively...

The Hacker News

PayPal launches latest struggle to get rid of SMS for MFA

Fri Feb 20 2026

When PayPal started emailing customers this month that it was backing off unencrypted SMS for multifactor authentication (MFA) at login, it came with the typical approach-avoidance asterisk.

CSO Online

Former Google Engineers Indicted Over Trade Secret Transfers to Iran

Fri Feb 20 2026

Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor Ghandali, 32, have been accused...

The Hacker News

10 Passwordless-Optionen für Unternehmen

Fri Feb 20 2026

Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen.

CSO Online

Jeffrey Epstein’s Ties to CBP Agents Sparked a DOJ Probe

Fri Feb 20 2026

Documents say customs officers in the US Virgin Islands had friendly relationships with Epstein years after his 2008 conviction, showing how the infamous sex offender tried to cultivate allies.

Wired

A $10K Bounty Awaits Anyone Who Can Hack Ring Cameras to Stop Sharing Data With Amazon

Fri Feb 20 2026

The Fulu Foundation, a nonprofit that pays out bounties for removing user-hostile features, is hunting for a way to keep Ring cameras from sending data to Amazon—without breaking the hardware.

Wired

New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Fri Feb 20 2026

Another device code phishing campaign that abuses OAuth device registration to bypass multifactor authentication login protections has been discovered.

CSO Online

An FBI ‘Asset’ Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years

Thu Feb 19 2026

A staffer of the Incognito dark web market was secretly controlled by the FBI—and still allegedly approved the sale of fentanyl-tainted pills, including those from a dealer linked to a confirmed death.

Wired

US dominance of agentic AI at the heart of new NIST initiative

Thu Feb 19 2026

This week, the US National Institute of Standards and Technology (NIST) announced a new listening exercise, the AI Agent Standards Initiative, which it hopes will provide a roadmap for addressing agen

CSO Online

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

Thu Feb 19 2026

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots,...

The Hacker News

INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown

Thu Feb 19 2026

An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January 30, 2026, according to INTERPOL. It targeted infrastructure and actors behind high-yield investment...

The Hacker News

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Thu Feb 19 2026

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a...

The Hacker News

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

Thu Feb 19 2026

The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about exposure, response, and preparedness right now...

The Hacker News

From Exposure to Exploitation: How AI Collapses Your Response Window

Thu Feb 19 2026

We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a "temporary" API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle. In 2026, “Eventually” is Now But today, within minutes, AI-powered...

The Hacker News

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Thu Feb 19 2026

Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications. "This new threat, while...

The Hacker News

Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn

Thu Feb 19 2026

Enterprise security teams racing to enable generative AI tools may be overlooking a new risk: attackers can abuse web-based AI assistants such as Grok and Microsoft Copilot to quietly relay malware co

CSO Online

How to Organize Safely in the Age of Surveillance

Thu Feb 19 2026

From threat modeling to encrypted collaboration apps, we’ve collected experts’ tips and tools for safely and effectively building a group—even while being targeted and tracked by the powerful.

Wired

Cybersicherheit braucht Reife und keine Checklisten

Thu Feb 19 2026

Wenn CISOs stärkere Programme, bessere Widerstandsfähigkeit und eine sicherere Zukunft wollen, müssen sie ihren Ansatz weiterentwickeln.

CSO Online

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

Thu Feb 19 2026

Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran's ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan (RAT) and...

The Hacker News

From in-house CISO to consultant. What you need to know before making the leap

Thu Feb 19 2026

For Nikoloz Kokhreidze, the move into cybersecurity consulting came gradually through a series of small steps.

CSO Online

Notepad++ author says fixes make update mechanism ‘effectively unexploitable’

Wed Feb 18 2026

The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author.

CSO Online

Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years

Wed Feb 18 2026

For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution.

CSO Online

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody

Wed Feb 18 2026

New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at the University of Toronto's Munk School of Global Affairs & Public...

The Hacker News

A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft

Wed Feb 18 2026

A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited.

Wired

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Wed Feb 18 2026

Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow that could result in remote code...

The Hacker News

Millionen Chrome-Erweiterungen geben Browserverlauf preis

Wed Feb 18 2026

width="2489" height="1400" sizes="auto, (max-width: 2489px) 100vw, 2489px">Eine Sicherheitslücke in beliebten Chrome-Erweiterungen führt dazu, dass der Browserverlauf der Anwender offengelegt ist.

CSO Online

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Wed Feb 18 2026

Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and...

The Hacker News

Flaws in four popular VS Code extensions left 128 million installs open to attack

Wed Feb 18 2026

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution,

CSO Online

Keenadu: Android malware that comes preinstalled and can’t be removed by users

Wed Feb 18 2026

There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet.

CSO Online

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

Wed Feb 18 2026

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state of continuous atmospheric instability: AI-driven threats that adapt in real time, expanding...

The Hacker News

Cyberangriff auf Bahn stört Auskunftssysteme

Wed Feb 18 2026

Der Angriff konnte zurückgeschlagen werden.

CSO Online

Discipline is the new power move in cybersecurity leadership

Wed Feb 18 2026

For years, I was fortunate to live many years, earning enough budget to deploy cybersecurity programs.

CSO Online

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

Wed Feb 18 2026

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials...

The Hacker News

3 Ways to Start Your Intelligent Workflow Program

Wed Feb 18 2026

Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers cite freeing time for high-value work as the primary AI automation motivation. Real impact comes...

The Hacker News

A new approach for GenAI risk protection

Wed Feb 18 2026

When generative AI (GenAI) hit the consumer market with the release of OpenAI’s ChatGPT, users worldwide flocked to the product and started experimenting with the tool’s capabilities across industries.

CSO Online

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Wed Feb 18 2026

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design that aims to make the update process "robust and effectively unexploitable." This includes verification...

The Hacker News

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Wed Feb 18 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap...

The Hacker News

13 Fragen gegen Drittanbieterrisiken

Wed Feb 18 2026

Drum prüfe…Miljan Zivkovic | shutterstock.

CSO Online

Cyber attacks enabled by basic failings, Palo Alto analysis finds

Tue Feb 17 2026

Cyberattacks are moving faster, shrinking the gap between initial compromise and bad consequences, and the advent of AI is accelerating their timelines in a way that human defenders can no longer keep

CSO Online

Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster

Tue Feb 17 2026

Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally...

The Hacker News

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Tue Feb 17 2026

Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok...

The Hacker News

Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

Tue Feb 17 2026

A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase....

The Hacker News

MCSC 2026: „Politik und Wirtschaft müssen zusammenarbeiten“

Tue Feb 17 2026

Das Motto der Munich Cybersecurity Conference 2026: “Command Control, Really? Confronting The Illusion Of Deterrence In The Age Of Relentless Cyber Threats.

CSO Online

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Tue Feb 17 2026

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health data – and built a deceptive...

The Hacker News

ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit

Tue Feb 17 2026

A new cross-platform spyware sold openly through Telegram is lowering the barrier for hackers seeking remote access to mobile devices.

CSO Online

My Day Getting My Hands Dirty with an NDR System

Tue Feb 17 2026

My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). Corelight’s Investigator software, part of its Open NDR Platform, is...

The Hacker News

With CISOs stretched thin, re-envisioning enterprise risk may be the only fix

Tue Feb 17 2026

A majority of enterprise security leaders view their roles as “no longer fully manageable,” according to a recent report, and security consultants concede that the increasingly over-scoped nature of c

CSO Online

Why 2025’s agentic AI boom is a CISO’s worst nightmare

Tue Feb 17 2026

By late 2025, the enterprise AI landscape had shifted.

CSO Online

Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations

Tue Feb 17 2026

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning (SEO). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant...

The Hacker News

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Tue Feb 17 2026

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "End-to-end encryption is in beta and is not available for all...

The Hacker News

Exploit available for new Chrome zero-day vulnerability, says Google

Tue Feb 17 2026

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators.

CSO Online

Open source maintainers being targeted by AI agent as part of ‘reputation farming’

Mon Feb 16 2026

AI agents able to submit huge numbers of pull requests (PRs) to open-source project maintainers risk creating the conditions for future supply chain attacks targeting important software projects, deve

CSO Online

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Mon Feb 16 2026

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [...

The Hacker News

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Mon Feb 16 2026

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said....

The Hacker News

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

Mon Feb 16 2026

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path...

The Hacker News

Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud

Mon Feb 16 2026

Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as Lithuania, as well. From e-signatures to digital health records, the country depends on secure systems.  Cybersecurity has become not only a technical challenge but a societal one – demanding...

The Hacker News

The El Paso No-Fly Debacle Is Just the Beginning of a Drone Defense Mess

Mon Feb 16 2026

Fears over a drug cartel drone over Texas sparked a recent airspace shutdown in El Paso and New Mexico, highlighting just how tricky it can be to deploy anti-drone weapons near cities.

Wired

Leaky Chrome extensions with 37M installs caught divulging your browsing history

Mon Feb 16 2026

An estimated 37 million worldwide installations of a clutch of leaky Chrome extensions are transmitting users’ browsing histories to external servers.

CSO Online