Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges

Tue Feb 10 2026

When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Cal

CSO Online

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

Mon Feb 09 2026

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, and...

The Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Mon Feb 09 2026

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently...

The Hacker News

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Mon Feb 09 2026

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even...

The Hacker News

OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks

Mon Feb 09 2026

OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which se

CSO Online

DKnife targets network gateways in long running AitM campaign

Mon Feb 09 2026

A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traf

CSO Online

AI Is Here to Replace Nuclear Treaties. Scared Yet?

Mon Feb 09 2026

The last major nuclear arms treaty between the US and Russia just expired. Some experts believe a combination of satellite surveillance, AI, and human reviewers can take its place. Others, not so much.

Wired

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Mon Feb 09 2026

Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearer...

The Hacker News

Iran’s Digital Surveillance Machine Is Almost Complete

Mon Feb 09 2026

After more than 15 years of draconian measures, culminating in an ongoing internet shutdown, the Iranian regime seems to be staggering toward its digital surveillance endgame.

Wired

Never settle: How CISOs can go beyond compliance standards to better protect their organizations

Mon Feb 09 2026

The start of a new year means a fresh start for everyone, including cybersecurity teams.

CSO Online

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

Mon Feb 09 2026

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT...

The Hacker News

Schrödinger’s cat and the enterprise security paradox

Mon Feb 09 2026

Most security leaders quietly live with a paradox they rarely name out loud.

CSO Online

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Mon Feb 09 2026

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed...

The Hacker News

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

Mon Feb 09 2026

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company...

The Hacker News

Software developers: Prime cyber targets and a rising risk vector for CISOs

Mon Feb 09 2026

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector.

CSO Online

Customer Identity & Access Management: Die besten CIAM-Tools

Mon Feb 09 2026

Wir haben die besten Lösungen in Sachen Customer Identity & Access Management für Sie zusammengestellt.

CSO Online

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

Sun Feb 08 2026

OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now scanned using VirusTotal's threat intelligence, including their new Code Insight capability,"...

The Hacker News

Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data

Sat Feb 07 2026

Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more.

Wired

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Sat Feb 07 2026

Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. "The focus is on high-ranking targets in...

The Hacker News

ICE Agent’s ‘Dragging’ Case May Help Expose Evidence in Renee Good Shooting

Fri Feb 06 2026

The government has withheld details of the investigation of Renee Good’s killing—but an unrelated case involving the ICE agent who shot her could force new revelations.

Wired

Six more vulnerabilities found in n8n automation platform

Fri Feb 06 2026

Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes.

CSO Online

Claude AI finds 500 high-severity software vulnerabilities

Fri Feb 06 2026

Anthropic only released its latest large language model, Claude Opus 4.

CSO Online

Pretend Disk Format: PDFs harbor new dangers

Fri Feb 06 2026

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks.

CSO Online

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Fri Feb 06 2026

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to...

The Hacker News

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

Fri Feb 06 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down technical debt and minimize...

The Hacker News

Ten career-ending mistakes CISOs make and how to avoid them

Fri Feb 06 2026

The Chief Information Security Officer role has become one of the most precarious positions in the C-suite.

CSO Online

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

Fri Feb 06 2026

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155...

The Hacker News

CISA gives federal agencies 18 months to purge unsupported edge devices

Fri Feb 06 2026

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security resear

CSO Online

Zscaler extends zero-trust security to browsers with SquareX acquisition

Fri Feb 06 2026

Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup.

CSO Online

How Samsung Knox Helps Stop Your Network Security Breach

Fri Feb 06 2026

As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically...

The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Fri Feb 06 2026

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below - @dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31&...

The Hacker News

The blind spot every CISO must see: Loyalty

Fri Feb 06 2026

The longstanding assumption that tenure, performance metrics, or expressed commitment serve as reliable indicators of the trustworthiness of an employee persists across many sectors.

CSO Online

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Fri Feb 06 2026

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday, comes with improved coding skills, including code review and debugging capabilities, along with...

The Hacker News

Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen

Fri Feb 06 2026

Mit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke.

CSO Online

Four new vulnerabilities found in Ingress NGINX

Fri Feb 06 2026

Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments.

CSO Online

New APT group breached gov and critical infrastructure orgs in 37 countries

Thu Feb 05 2026

A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that c

CSO Online

Substack data breach leaks users’ email addresses and phone numbers

Thu Feb 05 2026

Substack, a high-profile publishing platform widely used by academics, journalists, subject matter experts, and controversialists, has suffered a data breach affecting an unknown number of its creator

CSO Online

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are

Thu Feb 05 2026

ICE has used Mobile Fortify to identify immigrants and citizens alike over 100,000 times, by one estimate. It wasn't built to work like that—and only got approved after DHS abandoned its own privacy rules.

Wired

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

Thu Feb 05 2026

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The...

The Hacker News

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

Thu Feb 05 2026

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less visible while impact...

The Hacker News

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Thu Feb 05 2026

In a recent incident, attackers abused a legitimate but vulnerable Windows kernel driver to shut down endpoint security tools during an ongoing incident response.

CSO Online

Ransomware-Attacke auf Buhlmann Group

Thu Feb 05 2026

Die Buhlmann Group wurde von einer Ransomware-Bande angegriffen.

CSO Online

The Buyer’s Guide to AI Usage Control

Thu Feb 05 2026

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a widening...

The Hacker News

The silent security gap in enterprise AI adoption

Thu Feb 05 2026

Most security leaders believe they know where their sensitive data lives and how it is protected.

CSO Online

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

Thu Feb 05 2026

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we...

The Hacker News

Microsoft develops a new scanner to detect hidden backdoors in LLMs

Thu Feb 05 2026

Microsoft has developed a scanner designed to detect backdoors in open-weight AI models, addressing a critical blind spot for enterprises increasingly dependent on third-party LLMs.

CSO Online

Im Fokus: Emerging Technologies

Thu Feb 05 2026

CSO Online

Building trust with the board through evidence-based proof

Thu Feb 05 2026

Cybersecurity is a boardroom issue, but meaningful dialogue often breaks down at the table.

CSO Online

Kurz vor Olympia: Italien wehrt russische Hacker-Angriffe ab

Thu Feb 05 2026

width="2488" height="1399" sizes="auto, (max-width: 2488px) 100vw, 2488px">Russische Hacker haben kurz vor den Olympischen Winterspielen einige Standorte in Italien angegriffen.

CSO Online

Software supply chain risks join the OWASP top 10 list, access control still on top

Thu Feb 05 2026

Software supply chain failures and mishandling of exceptional conditions are some of the additions to the updated OWASP Top 10, a list of top web application vulnerabilities.

CSO Online

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Thu Feb 05 2026

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that...

The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Thu Feb 05 2026

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX...

The Hacker News

1.5 million AI agents are at risk of going rogue

Thu Feb 05 2026

A study released Wednesday by API management platform vendor Gravitee indicates that upwards of half of the three million agents currently in use by organizations in the US and UK “are ungoverned and

CSO Online

Threat actors hijack web traffic after exploiting React2Shell vulnerability: Report

Wed Feb 04 2026

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes.

CSO Online

Threat actors hijack web traffic after exploiting React2Shell vulnerability

Wed Feb 04 2026

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes.

CSO Online

Notepad++ Users, You May Have Been Hacked by China

Wed Feb 04 2026

Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows.

Wired

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Wed Feb 04 2026

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while maintaining a low false positive...

The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Wed Feb 04 2026

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. "The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory...

The Hacker News

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Wed Feb 04 2026

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,...

The Hacker News

Russian hackers exploited a critical Office bug within days of disclosure

Wed Feb 04 2026

Russia-linked attackers are reportedly using a new Microsoft vulnerability as part of a coordinated espionage and malware campaign, Operation Neusploit.

CSO Online

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

Wed Feb 04 2026

An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication...

The Hacker News

Hackerangriff auf Romina Mineralbrunnen

Wed Feb 04 2026

srcset="https://b2b-contenthub.

CSO Online

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Wed Feb 04 2026

Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The...

The Hacker News

Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments

Wed Feb 04 2026

Over the past three years, I’ve led passwordless migration initiatives at three Fortune 500 companies, and I can tell you with confidence that eliminating passwords from a hybrid Active Directory and

CSO Online

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Wed Feb 04 2026

Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since...

The Hacker News

Should I stay or should I go?

Wed Feb 04 2026

Even the most seasoned CISOs sometimes run into insurmountable roadblocks at their organizations.

CSO Online

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Wed Feb 04 2026

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry....

The Hacker News

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

Wed Feb 04 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote...

The Hacker News

Die besten DAST- & SAST-Tools

Wed Feb 04 2026

Tools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten.

CSO Online