ICE Agent’s ‘Dragging’ Case May Help Expose Evidence in Renee Good Shooting

Fri Feb 06 2026

The government has withheld details of the investigation of Renee Good’s killing—but an unrelated case involving the ICE agent who shot her could force new revelations.

Wired

Six more vulnerabilities found in n8n automation platform

Fri Feb 06 2026

Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes.

CSO Online

Claude AI finds 500 high-severity software vulnerabilities

Fri Feb 06 2026

Anthropic only released its latest large language model, Claude Opus 4.

CSO Online

Pretend Disk Format: PDFs harbor new dangers

Fri Feb 06 2026

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks.

CSO Online

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Fri Feb 06 2026

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to...

The Hacker News

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

Fri Feb 06 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down technical debt and minimize...

The Hacker News

Ten career-ending mistakes CISOs make and how to avoid them

Fri Feb 06 2026

The Chief Information Security Officer role has become one of the most precarious positions in the C-suite.

CSO Online

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

Fri Feb 06 2026

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155...

The Hacker News

CISA gives federal agencies 18 months to purge unsupported edge devices

Fri Feb 06 2026

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security resear

CSO Online

Zscaler extends zero-trust security to browsers with SquareX acquisition

Fri Feb 06 2026

Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup.

CSO Online

How Samsung Knox Helps Stop Your Network Security Breach

Fri Feb 06 2026

As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically...

The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Fri Feb 06 2026

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below - @dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31&...

The Hacker News

The blind spot every CISO must see: Loyalty

Fri Feb 06 2026

The longstanding assumption that tenure, performance metrics, or expressed commitment serve as reliable indicators of the trustworthiness of an employee persists across many sectors.

CSO Online

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Fri Feb 06 2026

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday, comes with improved coding skills, including code review and debugging capabilities, along with...

The Hacker News

Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen

Fri Feb 06 2026

Mit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke.

CSO Online

Four new vulnerabilities found in Ingress NGINX

Fri Feb 06 2026

Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments.

CSO Online

New APT group breached gov and critical infrastructure orgs in 37 countries

Thu Feb 05 2026

A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that c

CSO Online

Substack data breach leaks users’ email addresses and phone numbers

Thu Feb 05 2026

Substack, a high-profile publishing platform widely used by academics, journalists, subject matter experts, and controversialists, has suffered a data breach affecting an unknown number of its creator

CSO Online

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are

Thu Feb 05 2026

ICE has used Mobile Fortify to identify immigrants and citizens alike over 100,000 times, by one estimate. It wasn't built to work like that—and only got approved after DHS abandoned its own privacy rules.

Wired

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

Thu Feb 05 2026

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The...

The Hacker News

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

Thu Feb 05 2026

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less visible while impact...

The Hacker News

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Thu Feb 05 2026

In a recent incident, attackers abused a legitimate but vulnerable Windows kernel driver to shut down endpoint security tools during an ongoing incident response.

CSO Online

Ransomware-Attacke auf Buhlmann Group

Thu Feb 05 2026

Die Buhlmann Group wurde von einer Ransomware-Bande angegriffen.

CSO Online

The Buyer’s Guide to AI Usage Control

Thu Feb 05 2026

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a widening...

The Hacker News

The silent security gap in enterprise AI adoption

Thu Feb 05 2026

Most security leaders believe they know where their sensitive data lives and how it is protected.

CSO Online

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

Thu Feb 05 2026

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we...

The Hacker News

Microsoft develops a new scanner to detect hidden backdoors in LLMs

Thu Feb 05 2026

Microsoft has developed a scanner designed to detect backdoors in open-weight AI models, addressing a critical blind spot for enterprises increasingly dependent on third-party LLMs.

CSO Online

Building trust with the board through evidence-based proof

Thu Feb 05 2026

Cybersecurity is a boardroom issue, but meaningful dialogue often breaks down at the table.

CSO Online

Im Fokus: Emerging Technologies

Thu Feb 05 2026

CSO Online

Kurz vor Olympia: Italien wehrt russische Hacker-Angriffe ab

Thu Feb 05 2026

width="2488" height="1399" sizes="auto, (max-width: 2488px) 100vw, 2488px">Russische Hacker haben kurz vor den Olympischen Winterspielen einige Standorte in Italien angegriffen.

CSO Online

Software supply chain risks join the OWASP top 10 list, access control still on top

Thu Feb 05 2026

Software supply chain failures and mishandling of exceptional conditions are some of the additions to the updated OWASP Top 10, a list of top web application vulnerabilities.

CSO Online

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Thu Feb 05 2026

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that...

The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Thu Feb 05 2026

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX...

The Hacker News

1.5 million AI agents are at risk of going rogue

Thu Feb 05 2026

A study released Wednesday by API management platform vendor Gravitee indicates that upwards of half of the three million agents currently in use by organizations in the US and UK “are ungoverned and

CSO Online

Threat actors hijack web traffic after exploiting React2Shell vulnerability

Wed Feb 04 2026

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes.

CSO Online

Threat actors hijack web traffic after exploiting React2Shell vulnerability: Report

Wed Feb 04 2026

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes.

CSO Online

Notepad++ Users, You May Have Been Hacked by China

Wed Feb 04 2026

Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows.

Wired

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Wed Feb 04 2026

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while maintaining a low false positive...

The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Wed Feb 04 2026

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. "The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory...

The Hacker News

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns

Wed Feb 04 2026

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,...

The Hacker News

Russian hackers exploited a critical Office bug within days of disclosure

Wed Feb 04 2026

Russia-linked attackers are reportedly using a new Microsoft vulnerability as part of a coordinated espionage and malware campaign, Operation Neusploit.

CSO Online

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

Wed Feb 04 2026

An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication...

The Hacker News

Hackerangriff auf Romina Mineralbrunnen

Wed Feb 04 2026

srcset="https://b2b-contenthub.

CSO Online

Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments

Wed Feb 04 2026

Over the past three years, I’ve led passwordless migration initiatives at three Fortune 500 companies, and I can tell you with confidence that eliminating passwords from a hybrid Active Directory and

CSO Online

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

Wed Feb 04 2026

Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The...

The Hacker News

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Wed Feb 04 2026

Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since...

The Hacker News

Should I stay or should I go?

Wed Feb 04 2026

Even the most seasoned CISOs sometimes run into insurmountable roadblocks at their organizations.

CSO Online

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Wed Feb 04 2026

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry....

The Hacker News

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

Wed Feb 04 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote...

The Hacker News

Die besten DAST- & SAST-Tools

Wed Feb 04 2026

Tools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten.

CSO Online

The Paramilitary ICE and CBP Units at the Center of Minnesota's Killings

Tue Feb 03 2026

Two agents involved in the shooting deaths of US citizens in Minneapolis are reportedly part of highly militarized DHS units whose extreme tactics are generally reserved for war zones.

Wired

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

Tue Feb 03 2026

Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by...

The Hacker News

From credentials to cloud admin in 8 minutes: AI supercharges AWS attack chain

Tue Feb 03 2026

Threat actors tore through an Amazon Web Services environment in under eight minutes, chaining together credential theft, privilege escalation, lateral movement, and GPU resource abuse with the help o

CSO Online

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

Tue Feb 03 2026

Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their weight. The result? Bloated stacks, missed signals, and mounting pressure to do more with less. This...

The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Tue Feb 03 2026

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary...

The Hacker News

How Data Brokers Can Fuel Violence Against Public Servants

Tue Feb 03 2026

A new report from the Public Service Alliance finds state privacy laws offer public servants few ways to protect their private data, even as threats against them are on the rise.

Wired

When Cloud Outages Ripple Across the Internet

Tue Feb 03 2026

Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted applications and workflows that many organizations rely on every day. For consumers, these outages are...

The Hacker News

Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack

Tue Feb 03 2026

The popular open-source text editor Notepad++ was targeted in a sophisticated supply chain attack that allowed Chinese state-sponsored hackers to deliver malware through compromised software updates,

CSO Online

APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

Tue Feb 03 2026

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania, three...

The Hacker News

Think agentic AI is hard to secure today? Just wait a few months

Tue Feb 03 2026

Early experimentation with agentic AI has given CISOs a preview of the possible cybersecurity nightmares ahead.

CSO Online

Shai-Hulud & Co.: The software supply chain as Achilles’ heel

Tue Feb 03 2026

Today’s applications are based on numerous components, each of which, along with the development environments themselves, represents an attack surface.

CSO Online

Was tun, wenn die Erpresser kommen?

Tue Feb 03 2026

Ruhe bewahren und keine übereilten Sachen machen, empfiehlt Podcast-Gast Joanna Lang-Recht.

CSO Online

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox

Tue Feb 03 2026

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said. "You can also review and manage individual AI features if you choose to use them. This...

The Hacker News

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Tue Feb 03 2026

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortly...

The Hacker News

New phishing attack leverages PDFs and Dropbox

Tue Feb 03 2026

Even as they become ever more stealthy with AI-driven tools, threat actors are not giving up on simple, tried-and-true phishing — because it still works.

CSO Online

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

Mon Feb 02 2026

A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It's an extension to the OpenClaw project, a self-hosted artificial intelligence (AI) assistant...

The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Mon Feb 02 2026

A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to...

The Hacker News

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

Mon Feb 02 2026

Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options. The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad...

The Hacker News

How risk culture turns cyber teams predictive

Mon Feb 02 2026

The first time you’ll hear, “We’re always in incident mode,” it won’t be said with drama.

CSO Online

This stealthy Windows RAT holds live conversations with its operators

Mon Feb 02 2026

Security researchers at Point Wild have disclosed a new Windows malware campaign that uses a multi-stage infection chain to establish persistent, memory-resident access on compromised systems and stea

CSO Online

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

Mon Feb 02 2026

Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt — and how fast attackers try to stay ahead. This week’s recap brings you the...

The Hacker News

Securing the Mid-Market Across the Complete Threat Lifecycle

Mon Feb 02 2026

For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done. The challenge is that many security tools add complexity and cost that most mid-market businesses...

The Hacker News

ICE and Qatari Security Forces at the Winter Olympics Put Italians on Edge

Mon Feb 02 2026

The influx of security personnel from around the world is sparking concern among Italians ahead of the Milano Cortina Olympic Games.

Wired

Why non-human identities are your biggest security blind spot in 2026

Mon Feb 02 2026

Last month, while running a routine access audit on our Azure environment, I came across a service account called svc-dataloader-poc.

CSO Online