Critical BeyondTrust RS vulnerability exploited in active attacks

Fri Feb 13 2026

Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support app

CSO Online

South Korea fines Louis Vuitton, Christian Dior, Tiffany $25M for SaaS security failures

Fri Feb 13 2026

South Korea’s data protection authority has handed down a combined KRW 36 billion (approximately US$25 million) in administrative fines to the local subsidiaries of three global luxury houses, after f

CSO Online

Battling bots face off in cybersecurity arena

Fri Feb 13 2026

AI agents are increasingly seen as a way to reinforce the capabilities of cybersecurity teams — but which can do the best job? Wiz has developed a benchmark suite of 257 real-world challenges spanning

CSO Online

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Fri Feb 13 2026

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and...

The Hacker News

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Fri Feb 13 2026

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant's threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense...

The Hacker News

Four new reasons why Windows LNK files cannot be trusted

Fri Feb 13 2026

The number of ways that Windows shortcut (.

CSO Online

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

Fri Feb 13 2026

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick...

The Hacker News

BSI läutet Ende der klassischen Verschlüsselung ein

Fri Feb 13 2026

width="1743" height="980" sizes="auto, (max-width: 1743px) 100vw, 1743px">Das BSI empfiehlt traditionelle Verschlüsselungsverfahren mit Post-Quanten-Kryptographie zu kombinieren.

CSO Online

Google fears massive attempt to clone Gemini AI through model extraction

Fri Feb 13 2026

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly

CSO Online

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Fri Feb 13 2026

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes....

The Hacker News

The democratization of AI data poisoning and how to protect your organization

Fri Feb 13 2026

Smart organizations have spent the last three years protecting their AI tools from skilled prompt injection-style attacks.

CSO Online

npm’s Update to Harden Their Supply Chain, and Points to Consider

Fri Feb 13 2026

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community. Let’s start with the original...

The Hacker News

Why key management becomes the weakest link in a post-quantum and AI-driven security world

Fri Feb 13 2026

When people talk about cryptography, they usually talk about algorithms.

CSO Online

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Fri Feb 13 2026

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing...

The Hacker News

5 key trends reshaping the SIEM market

Fri Feb 13 2026

Security information and event management (SIEM) platforms have evolved far beyond their basic log collection and correlation roots.

CSO Online

Security-Infotainment: Die besten Hacker-Dokus

Fri Feb 13 2026

Sie fühlen sich leer ohne Security-Dashboard? Diese Dokumentationen überbrücken den Schmerz bis zum nächsten Arbeitstag.

CSO Online

Hackers turn bossware against the bosses

Fri Feb 13 2026

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency.

CSO Online

Why identity recovery is now central to cyber resilience

Thu Feb 12 2026

Ransomware has permanently changed how security leaders think about risk.

CSO Online

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

Thu Feb 12 2026

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, researche

CSO Online

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Thu Feb 12 2026

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. "The...

The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Thu Feb 12 2026

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active since May 2025. "...

The Hacker News

Im Fokus: Emerging Technologies

Thu Feb 12 2026

CSO Online

Crypto-Funded Human Trafficking Is Exploding

Thu Feb 12 2026

The use of cryptocurrency in sales of human beings for prostitution and scam compounds nearly doubled in 2025, according to a conservative estimate. Many of the deals are happening in plain sight.

Wired

Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection

Thu Feb 12 2026

Fortinet researchers have disclosed a new phishing campaign delivering the commercially available XWorm malware, chaining a years-old Microsoft Office vulnerability with fileless execution to escape d

CSO Online

Palo Alto closes privileged access gap with $25B CyberArk acquisition

Thu Feb 12 2026

Cybersecurity company Palo Alto Networks has completed its $25 billion acquisition of Israel-based identity security firm CyberArk, bringing privileged access and identity security into the core of it

CSO Online

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Thu Feb 12 2026

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise...

The Hacker News

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

Thu Feb 12 2026

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point...

The Hacker News

The ephemeral infrastructure paradox: Why short-lived systems need stronger identity governance

Thu Feb 12 2026

In my experience leading engineering projects, I have encountered the same pattern repeatedly.

CSO Online

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

Thu Feb 12 2026

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346...

The Hacker News

What CISOs need to know about the OpenClaw security nightmare

Thu Feb 12 2026

The new personal AI agent orchestration tool known as OpenClaw — formerly Clawdbot, then Moltbot — is a personal assistant that can do tasks for you without your personal supervision.

CSO Online

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Thu Feb 12 2026

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an...

The Hacker News

Entwickler werden zum Angriffsvektor

Thu Feb 12 2026

Softwareentwickler sind gefragt – auch unter kriminellen Hackern.

CSO Online

SSHStalker botnet brute-forces its way onto 7,000 Linux machines

Thu Feb 12 2026

A newly discovered botnet is compromising poorly-protected Linux servers by brute-forcing weak SSH password login authentication.

CSO Online

Companies are using ‘Summarize with AI’ to manipulate enterprise chatbots

Thu Feb 12 2026

That handy ‘Summarize with AI’ button embedded in a growing number of websites, browsers, and apps to give users a quick overview of their content could in some cases be hiding a dark secret: a new fo

CSO Online

ICE Is Crashing the US Court System in Minnesota

Wed Feb 11 2026

Petitions demanding people get the chance to be released from ICE custody have overwhelmed courts throughout the US.

Wired

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Wed Feb 11 2026

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been...

The Hacker News

CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’

Wed Feb 11 2026

US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet.

Wired

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Wed Feb 11 2026

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often...

The Hacker News

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

Wed Feb 11 2026

It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere...

The Hacker News

North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign

Wed Feb 11 2026

A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware families against crypto-focused organizations.

CSO Online

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Wed Feb 11 2026

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often...

The Hacker News

EU clears Google’s $32B Wiz acquisition, intensifying cloud security competition

Wed Feb 11 2026

Google has secured unconditional EU antitrust approval for its $32 billion acquisition of cloud security firm Wiz, clearing a major regulatory hurdle and paving the way for one of the largest cybersec

CSO Online

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Wed Feb 11 2026

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code...

The Hacker News

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Wed Feb 11 2026

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of...

The Hacker News

The hard part of purple teaming starts after detection

Wed Feb 11 2026

In my recent articles for CSO, I’ve talked about the limits of current SOC models and the importance of rehearsal.

CSO Online

CISOs must separate signal from noise as CVE volume soars

Wed Feb 11 2026

In 2026, the cybersecurity industry is expected to cross a threshold it has never reached before: More than 50,000 publicly disclosed software vulnerabilities in a single year.

CSO Online

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations

Wed Feb 11 2026

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated...

The Hacker News

Vorgetäuschte PDFs bergen neue Gefahren

Wed Feb 11 2026

loading="lazy" width="400px">Cyberkriminelle verschicken ihre Malware als PDF-Dateien getarnt.

CSO Online

Der Kaufratgeber für Breach & Attack Simulation Tools

Wed Feb 11 2026

Breach & Attack Simulation Tools geben Aufschluss darüber, wie gut (oder schlecht) Ihre Sicherheitskontrollen funktionieren.

CSO Online

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Wed Feb 11 2026

Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases.

CSO Online

BeyondTrust fixes critical RCE flaw in remote access tools

Tue Feb 10 2026

Companies using self-hosted versions of BeyondTrust Remote Support (RS) or Privileged Remote Access (PRA) should deploy patches for a critical vulnerability that allows attacks to execute OS commands

CSO Online

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

Tue Feb 10 2026

The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme. "These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent...

The Hacker News

SolarWinds WHD zero-days from January are under attack

Tue Feb 10 2026

SolarWinds Web Help Desk (WHD) is under attack, with recent incidents exploiting a chain of zero-day and patched vulnerabilities dating back to late 2025, an analysis of customer reports by security c

CSO Online

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Tue Feb 10 2026

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection...

The Hacker News

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Tue Feb 10 2026

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers are no longer optimizing for...

The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Tue Feb 10 2026

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may...

The Hacker News

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

Tue Feb 10 2026

Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems.

CSO Online

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security

Tue Feb 10 2026

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI's total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates in security tools and making every alert...

The Hacker News

Single prompt breaks AI safety in 15 major language models

Tue Feb 10 2026

A single benign-sounding prompt can systematically strip safety guardrails from major language and image models, raising fresh questions about the durability of AI alignment when models are customized

CSO Online

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

Tue Feb 10 2026

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief Commercial Officer, Derek Curtis, said. "Prior to the breach, we had approximately 30 servers/VMs...

The Hacker News

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

Tue Feb 10 2026

The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday. "On January 29, the National Cyber Security Center (...

The Hacker News

How to govern agentic AI so as not to lose control

Tue Feb 10 2026

This year will mark the turning point where artificial intelligence will stop assisting and start acting.

CSO Online

69% of CISOs open to career move — including leaving role entirely

Tue Feb 10 2026

Enterprise CISOs are increasingly willing — and eager — to jump ship, with some frustrated enough to want to leave cybersecurity entirely.

CSO Online

Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges

Tue Feb 10 2026

When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Cal

CSO Online

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

Mon Feb 09 2026

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, and...

The Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Mon Feb 09 2026

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently...

The Hacker News

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Mon Feb 09 2026

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even...

The Hacker News

OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks

Mon Feb 09 2026

OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which se

CSO Online

DKnife targets network gateways in long running AitM campaign

Mon Feb 09 2026

A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traf

CSO Online

AI Is Here to Replace Nuclear Treaties. Scared Yet?

Mon Feb 09 2026

The last major nuclear arms treaty between the US and Russia just expired. Some experts believe a combination of satellite surveillance, AI, and human reviewers can take its place. Others, not so much.

Wired

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Mon Feb 09 2026

Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearer...

The Hacker News

Never settle: How CISOs can go beyond compliance standards to better protect their organizations

Mon Feb 09 2026

The start of a new year means a fresh start for everyone, including cybersecurity teams.

CSO Online