Exploit available for new Chrome zero-day vulnerability, says Google

Tue Feb 17 2026

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators.

CSO Online

Open source maintainers being targeted by AI agent as part of ‘reputation farming’

Mon Feb 16 2026

AI agents able to submit huge numbers of pull requests (PRs) to open-source project maintainers risk creating the conditions for future supply chain attacks targeting important software projects, deve

CSO Online

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Mon Feb 16 2026

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [...

The Hacker News

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Mon Feb 16 2026

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said....

The Hacker News

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

Mon Feb 16 2026

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path...

The Hacker News

Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud

Mon Feb 16 2026

Presentation of the KTU Consortium Mission ‘A Safe and Inclusive Digital Society’ at the Innovation Agency event ‘Innovation Breakfast: How Mission-Oriented Science and Innovation Programmes Will Address Societal Challenges’. Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer...

The Hacker News

The El Paso No-Fly Debacle Is Just the Beginning of a Drone Defense Mess

Mon Feb 16 2026

Fears over a drug cartel drone over Texas sparked a recent airspace shutdown in El Paso and New Mexico, highlighting just how tricky it can be to deploy anti-drone weapons near cities.

Wired

Leaky Chrome extensions with 37M installs caught divulging your browsing history

Mon Feb 16 2026

An estimated 37 million worldwide installations of a clutch of leaky Chrome extensions are transmitting users’ browsing histories to external servers.

CSO Online

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Mon Feb 16 2026

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware...

The Hacker News

Finding a common language around risk

Mon Feb 16 2026

Here’s what nobody tells you about risk management: your cyber team speaks Klingon, your operations folks speak Elvish and your strategy people speak ancient Greek.

CSO Online

Neue Kooperation soll souveräne Cloud-Lösungen bringen

Mon Feb 16 2026

v.

CSO Online

CISO Julie Chatman offers insights for you to take control of your security leadership role

Mon Feb 16 2026

Julie Chatman never planned to get into cybersecurity.

CSO Online

10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons

Mon Feb 16 2026

Ten years on, the Bangladesh Bank cyberheist — a landmark cybersecurity incident that rewrote the rules of nation state–sponsored hacking — continues to offer lessons for the cybersecurity community.

CSO Online

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Mon Feb 16 2026

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after...

The Hacker News

SIEM-Kaufratgeber

Mon Feb 16 2026

Die kontextuellen Daten, die SIEM-Lösungen liefern, sind eine grundlegende Komponente moderner Security-Stacks.

CSO Online

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Sun Feb 15 2026

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslookup" (short for nameserver lookup) command to execute a custom DNS lookup triggered via the Windows...

The Hacker News

Ring Kills Flock Safety Deal After Super Bowl Ad Uproar

Sat Feb 14 2026

Plus: Meta plans to add face recognition to its smart glasses, Jared Kushner named as part of whistleblower’s mysterious national security complaint, and more.

Wired

Robot Dogs Are on Going on Patrol at the 2026 World Cup in Mexico

Sat Feb 14 2026

The Mexican city of Guadalupe, which will host portions of the 2026 World Cup, recently showed off four new robot dogs that will help provide security during matches at BBVA Stadium.

Wired

Critical BeyondTrust RS vulnerability exploited in active attacks

Fri Feb 13 2026

Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support app

CSO Online

South Korea fines Louis Vuitton, Christian Dior, Tiffany $25M for SaaS security failures

Fri Feb 13 2026

South Korea’s data protection authority has handed down a combined KRW 36 billion (approximately US$25 million) in administrative fines to the local subsidiaries of three global luxury houses, after f

CSO Online

Battling bots face off in cybersecurity arena

Fri Feb 13 2026

AI agents are increasingly seen as a way to reinforce the capabilities of cybersecurity teams — but which can do the best job? Wiz has developed a benchmark suite of 257 real-world challenges spanning

CSO Online

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Fri Feb 13 2026

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and...

The Hacker News

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Fri Feb 13 2026

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant's threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense...

The Hacker News

Four new reasons why Windows LNK files cannot be trusted

Fri Feb 13 2026

The number of ways that Windows shortcut (.

CSO Online

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

Fri Feb 13 2026

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick...

The Hacker News

BSI läutet Ende der klassischen Verschlüsselung ein

Fri Feb 13 2026

width="1743" height="980" sizes="auto, (max-width: 1743px) 100vw, 1743px">Das BSI empfiehlt traditionelle Verschlüsselungsverfahren mit Post-Quanten-Kryptographie zu kombinieren.

CSO Online

Google fears massive attempt to clone Gemini AI through model extraction

Fri Feb 13 2026

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly

CSO Online

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Fri Feb 13 2026

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes....

The Hacker News

The democratization of AI data poisoning and how to protect your organization

Fri Feb 13 2026

Smart organizations have spent the last three years protecting their AI tools from skilled prompt injection-style attacks.

CSO Online

npm’s Update to Harden Their Supply Chain, and Points to Consider

Fri Feb 13 2026

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community. Let’s start with the original...

The Hacker News

Why key management becomes the weakest link in a post-quantum and AI-driven security world

Fri Feb 13 2026

When people talk about cryptography, they usually talk about algorithms.

CSO Online

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Fri Feb 13 2026

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing...

The Hacker News

5 key trends reshaping the SIEM market

Fri Feb 13 2026

Security information and event management (SIEM) platforms have evolved far beyond their basic log collection and correlation roots.

CSO Online

Security-Infotainment: Die besten Hacker-Dokus

Fri Feb 13 2026

Sie fühlen sich leer ohne Security-Dashboard? Diese Dokumentationen überbrücken den Schmerz bis zum nächsten Arbeitstag.

CSO Online

Hackers turn bossware against the bosses

Fri Feb 13 2026

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency.

CSO Online

Why identity recovery is now central to cyber resilience

Thu Feb 12 2026

Ransomware has permanently changed how security leaders think about risk.

CSO Online

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

Thu Feb 12 2026

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, researche

CSO Online

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Thu Feb 12 2026

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. "The...

The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Thu Feb 12 2026

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active since May 2025. "...

The Hacker News

Im Fokus: Emerging Technologies

Thu Feb 12 2026

CSO Online

Crypto-Funded Human Trafficking Is Exploding

Thu Feb 12 2026

The use of cryptocurrency in sales of human beings for prostitution and scam compounds nearly doubled in 2025, according to a conservative estimate. Many of the deals are happening in plain sight.

Wired

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

Thu Feb 12 2026

Fortinet researchers have disclosed a new phishing campaign delivering the commercially available XWorm malware, chaining a years-old Microsoft Office vulnerability with fileless execution to escape d

CSO Online

Palo Alto closes privileged access gap with $25B CyberArk acquisition

Thu Feb 12 2026

Cybersecurity company Palo Alto Networks has completed its $25 billion acquisition of Israel-based identity security firm CyberArk, bringing privileged access and identity security into the core of it

CSO Online

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Thu Feb 12 2026

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise...

The Hacker News

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

Thu Feb 12 2026

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point...

The Hacker News

The ephemeral infrastructure paradox: Why short-lived systems need stronger identity governance

Thu Feb 12 2026

In my experience leading engineering projects, I have encountered the same pattern repeatedly.

CSO Online

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

Thu Feb 12 2026

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346...

The Hacker News

What CISOs need to know about the OpenClaw security nightmare

Thu Feb 12 2026

The new personal AI agent orchestration tool known as OpenClaw — formerly Clawdbot, then Moltbot — is a personal assistant that can do tasks for you without your personal supervision.

CSO Online

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Thu Feb 12 2026

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an...

The Hacker News

Entwickler werden zum Angriffsvektor

Thu Feb 12 2026

Softwareentwickler sind gefragt – auch unter kriminellen Hackern.

CSO Online

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

Thu Feb 12 2026

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication.

CSO Online

Companies are using ‘Summarize with AI’ to manipulate enterprise chatbots

Thu Feb 12 2026

That handy ‘Summarize with AI’ button embedded in a growing number of websites, browsers, and apps to give users a quick overview of their content could in some cases be hiding a dark secret: a new fo

CSO Online

ICE Is Crashing the US Court System in Minnesota

Wed Feb 11 2026

Petitions demanding people get the chance to be released from ICE custody have overwhelmed courts throughout the US.

Wired

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Wed Feb 11 2026

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been...

The Hacker News

CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’

Wed Feb 11 2026

US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet.

Wired

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Wed Feb 11 2026

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often...

The Hacker News

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

Wed Feb 11 2026

It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere...

The Hacker News

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

Wed Feb 11 2026

A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware families against crypto-focused organizations.

CSO Online

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Wed Feb 11 2026

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often...

The Hacker News

EU clears Google’s $32B Wiz acquisition, intensifying cloud security competition

Wed Feb 11 2026

Google has secured unconditional EU antitrust approval for its $32 billion acquisition of cloud security firm Wiz, clearing a major regulatory hurdle and paving the way for one of the largest cybersec

CSO Online

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Wed Feb 11 2026

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code...

The Hacker News

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Wed Feb 11 2026

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of...

The Hacker News

The hard part of purple teaming starts after detection

Wed Feb 11 2026

In my recent articles for CSO, I’ve talked about the limits of current SOC models and the importance of rehearsal.

CSO Online

CISOs must separate signal from noise as CVE volume soars

Wed Feb 11 2026

In 2026, the cybersecurity industry is expected to cross a threshold it has never reached before: More than 50,000 publicly disclosed software vulnerabilities in a single year.

CSO Online

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

Wed Feb 11 2026

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated...

The Hacker News

Vorgetäuschte PDFs bergen neue Gefahren

Wed Feb 11 2026

loading="lazy" width="400px">Cyberkriminelle verschicken ihre Malware als PDF-Dateien getarnt.

CSO Online

Der Kaufratgeber für Breach & Attack Simulation Tools

Wed Feb 11 2026

Breach & Attack Simulation Tools geben Aufschluss darüber, wie gut (oder schlecht) Ihre Sicherheitskontrollen funktionieren.

CSO Online

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Wed Feb 11 2026

Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases.

CSO Online

BeyondTrust fixes critical RCE flaw in remote access tools

Tue Feb 10 2026

Companies using self-hosted versions of BeyondTrust Remote Support (RS) or Privileged Remote Access (PRA) should deploy patches for a critical vulnerability that allows attacks to execute OS commands

CSO Online