Security-Infotainment: Die besten Hacker-Dokus

Fri Feb 13 2026

Sie fühlen sich leer ohne Security-Dashboard? Diese Dokumentationen überbrücken den Schmerz bis zum nächsten Arbeitstag.

CSO Online

Hackers turn bossware against the bosses

Fri Feb 13 2026

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency.

CSO Online

Why identity recovery is now central to cyber resilience

Thu Feb 12 2026

Ransomware has permanently changed how security leaders think about risk.

CSO Online

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

Thu Feb 12 2026

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, researche

CSO Online

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Thu Feb 12 2026

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. "The...

The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Thu Feb 12 2026

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active since May 2025. "...

The Hacker News

Im Fokus: Emerging Technologies

Thu Feb 12 2026

CSO Online

Crypto-Funded Human Trafficking Is Exploding

Thu Feb 12 2026

The use of cryptocurrency in sales of human beings for prostitution and scam compounds nearly doubled in 2025, according to a conservative estimate. Many of the deals are happening in plain sight.

Wired

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

Thu Feb 12 2026

Fortinet researchers have disclosed a new phishing campaign delivering the commercially available XWorm malware, chaining a years-old Microsoft Office vulnerability with fileless execution to escape d

CSO Online

Palo Alto closes privileged access gap with $25B CyberArk acquisition

Thu Feb 12 2026

Cybersecurity company Palo Alto Networks has completed its $25 billion acquisition of Israel-based identity security firm CyberArk, bringing privileged access and identity security into the core of it

CSO Online

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Thu Feb 12 2026

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise...

The Hacker News

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

Thu Feb 12 2026

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point...

The Hacker News

The ephemeral infrastructure paradox: Why short-lived systems need stronger identity governance

Thu Feb 12 2026

In my experience leading engineering projects, I have encountered the same pattern repeatedly.

CSO Online

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

Thu Feb 12 2026

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346...

The Hacker News

What CISOs need to know about the OpenClaw security nightmare

Thu Feb 12 2026

The new personal AI agent orchestration tool known as OpenClaw — formerly Clawdbot, then Moltbot — is a personal assistant that can do tasks for you without your personal supervision.

CSO Online

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Thu Feb 12 2026

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an...

The Hacker News

Entwickler werden zum Angriffsvektor

Thu Feb 12 2026

Softwareentwickler sind gefragt – auch unter kriminellen Hackern.

CSO Online

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

Thu Feb 12 2026

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication.

CSO Online

Companies are using ‘Summarize with AI’ to manipulate enterprise chatbots

Thu Feb 12 2026

That handy ‘Summarize with AI’ button embedded in a growing number of websites, browsers, and apps to give users a quick overview of their content could in some cases be hiding a dark secret: a new fo

CSO Online

ICE Is Crashing the US Court System in Minnesota

Wed Feb 11 2026

Petitions demanding people get the chance to be released from ICE custody have overwhelmed courts throughout the US.

Wired

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Wed Feb 11 2026

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been...

The Hacker News

CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’

Wed Feb 11 2026

US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet.

Wired

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Wed Feb 11 2026

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often...

The Hacker News

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

Wed Feb 11 2026

It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere...

The Hacker News

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

Wed Feb 11 2026

A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware families against crypto-focused organizations.

CSO Online

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Wed Feb 11 2026

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often...

The Hacker News

EU clears Google’s $32B Wiz acquisition, intensifying cloud security competition

Wed Feb 11 2026

Google has secured unconditional EU antitrust approval for its $32 billion acquisition of cloud security firm Wiz, clearing a major regulatory hurdle and paving the way for one of the largest cybersec

CSO Online

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Wed Feb 11 2026

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code...

The Hacker News

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Wed Feb 11 2026

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of...

The Hacker News

The hard part of purple teaming starts after detection

Wed Feb 11 2026

In my recent articles for CSO, I’ve talked about the limits of current SOC models and the importance of rehearsal.

CSO Online

CISOs must separate signal from noise as CVE volume soars

Wed Feb 11 2026

In 2026, the cybersecurity industry is expected to cross a threshold it has never reached before: More than 50,000 publicly disclosed software vulnerabilities in a single year.

CSO Online

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

Wed Feb 11 2026

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated...

The Hacker News

Vorgetäuschte PDFs bergen neue Gefahren

Wed Feb 11 2026

loading="lazy" width="400px">Cyberkriminelle verschicken ihre Malware als PDF-Dateien getarnt.

CSO Online

Der Kaufratgeber für Breach & Attack Simulation Tools

Wed Feb 11 2026

Breach & Attack Simulation Tools geben Aufschluss darüber, wie gut (oder schlecht) Ihre Sicherheitskontrollen funktionieren.

CSO Online

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Wed Feb 11 2026

Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases.

CSO Online

BeyondTrust fixes critical RCE flaw in remote access tools

Tue Feb 10 2026

Companies using self-hosted versions of BeyondTrust Remote Support (RS) or Privileged Remote Access (PRA) should deploy patches for a critical vulnerability that allows attacks to execute OS commands

CSO Online

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

Tue Feb 10 2026

The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme. "These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent...

The Hacker News

SolarWinds WHD zero-days from January are under attack

Tue Feb 10 2026

SolarWinds Web Help Desk (WHD) is under attack, with recent incidents exploiting a chain of zero-day and patched vulnerabilities dating back to late 2025, an analysis of customer reports by security c

CSO Online

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Tue Feb 10 2026

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection...

The Hacker News

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Tue Feb 10 2026

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers are no longer optimizing for...

The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Tue Feb 10 2026

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may...

The Hacker News

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

Tue Feb 10 2026

Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems.

CSO Online

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security

Tue Feb 10 2026

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI's total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates in security tools and making every alert...

The Hacker News

Single prompt breaks AI safety in 15 major language models

Tue Feb 10 2026

A single benign-sounding prompt can systematically strip safety guardrails from major language and image models, raising fresh questions about the durability of AI alignment when models are customized

CSO Online

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

Tue Feb 10 2026

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief Commercial Officer, Derek Curtis, said. "Prior to the breach, we had approximately 30 servers/VMs...

The Hacker News

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

Tue Feb 10 2026

The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday. "On January 29, the National Cyber Security Center (...

The Hacker News

How to govern agentic AI so as not to lose control

Tue Feb 10 2026

This year will mark the turning point where artificial intelligence will stop assisting and start acting.

CSO Online

69% of CISOs open to career move — including leaving role entirely

Tue Feb 10 2026

Enterprise CISOs are increasingly willing — and eager — to jump ship, with some frustrated enough to want to leave cybersecurity entirely.

CSO Online

Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges

Tue Feb 10 2026

When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Cal

CSO Online

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

Mon Feb 09 2026

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, and...

The Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Mon Feb 09 2026

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently...

The Hacker News

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Mon Feb 09 2026

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even...

The Hacker News

OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks

Mon Feb 09 2026

OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which se

CSO Online

DKnife targets network gateways in long running AitM campaign

Mon Feb 09 2026

A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traf

CSO Online

AI Is Here to Replace Nuclear Treaties. Scared Yet?

Mon Feb 09 2026

The last major nuclear arms treaty between the US and Russia just expired. Some experts believe a combination of satellite surveillance, AI, and human reviewers can take its place. Others, not so much.

Wired

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Mon Feb 09 2026

Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearer...

The Hacker News

Never settle: How CISOs can go beyond compliance standards to better protect their organizations

Mon Feb 09 2026

The start of a new year means a fresh start for everyone, including cybersecurity teams.

CSO Online

Iran’s Digital Surveillance Machine Is Almost Complete

Mon Feb 09 2026

After more than 15 years of draconian measures, culminating in an ongoing internet shutdown, the Iranian regime seems to be staggering toward its digital surveillance endgame.

Wired

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

Mon Feb 09 2026

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT...

The Hacker News

Schrödinger’s cat and the enterprise security paradox

Mon Feb 09 2026

Most security leaders quietly live with a paradox they rarely name out loud.

CSO Online

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Mon Feb 09 2026

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed...

The Hacker News

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

Mon Feb 09 2026

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company...

The Hacker News

Software developers: Prime cyber targets and a rising risk vector for CISOs

Mon Feb 09 2026

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector.

CSO Online

Customer Identity & Access Management: Die besten CIAM-Tools

Mon Feb 09 2026

Wir haben die besten Lösungen in Sachen Customer Identity & Access Management für Sie zusammengestellt.

CSO Online

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

Sun Feb 08 2026

OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now scanned using VirusTotal's threat intelligence, including their new Code Insight capability,"...

The Hacker News

Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data

Sat Feb 07 2026

Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more.

Wired

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Sat Feb 07 2026

Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. "The focus is on high-ranking targets in...

The Hacker News

ICE Agent’s ‘Dragging’ Case May Help Expose Evidence in Renee Good Shooting

Fri Feb 06 2026

The government has withheld details of the investigation of Renee Good’s killing—but an unrelated case involving the ICE agent who shot her could force new revelations.

Wired