CSO Online
Dark Reading
Dark Web Informer
Europol
Krebs on Security
NSA
Reuters
Security Affairs
The Hacker News
Wired
ZDNET
OT-Security: Warum der Blick auf Open Source lohnt
Tue Feb 24 2026
Auch im OT-Security-Bereich stellen Open-Source-Lösungen eine kostengünstige Alternative zu kommerziellen Tools dar.
CSO Online
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tue Feb 24 2026
A Russian-speaking threat actor is using commercial generative AI services to compromise hundreds of Fortinet Fortigate firewalls, warns Amazon Threat Intelligence.
CSO Online
APT28 Targeted European Entities Using Webhook-Based Macro Malware
Mon Feb 23 2026
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. "The campaign relies on basic tooling and the exploitation of legitimate services...
The Hacker News
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth
Mon Feb 23 2026
A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that spreads through pirated software bundles to deploy a custom XMRig miner. The attack uses a BYOVD exploit and a time-based logic bomb to evade detection and maximize […]
Security Affairs
Romanian hacker pleads guilty to selling access to Oregon state networks
Mon Feb 23 2026
A Romanian man pleaded guilty to selling admin access to Oregon’s state network for $3,000 in Bitcoin and repeatedly accessing it to prove control. Catalin Dragomir (45) from Romania, pleaded guilty in the U.S. for selling unauthorized admin access to an Oregon state emergency management network. He gained access in June 2021, advertised it, and […]
Security Affairs
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
Mon Feb 23 2026
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide […]
Security Affairs
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Mon Feb 23 2026
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim...
The Hacker News
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
Mon Feb 23 2026
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools...
The Hacker News
Hacker stiehlt Daten von Tausenden RTL-Mitarbeitern
Mon Feb 23 2026
Ein Hacker hat sich Zugriff auf Mitarbeiterdaten von RTL verschafft.
CSO Online
AI-powered campaign compromises 600 FortiGate systems worldwide
Mon Feb 23 2026
A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how […]
Security Affairs
How Exposed Endpoints Increase Risk Across LLM Infrastructure
Mon Feb 23 2026
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the attack surface, often in...
The Hacker News
New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads
Mon Feb 23 2026
A newly uncovered infostealer, suspected to be built with the help of a large language model, is targeting victims with Python and C++ variants, each tailored for a different stage of data theft.
CSO Online
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
Mon Feb 23 2026
Attackers are actively exploiting two critical zero-day vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) to gain unauthenticated control of enterprise mobile device management infrastructure
CSO Online
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Mon Feb 23 2026
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded...
The Hacker News
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Mon Feb 23 2026
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share...
The Hacker News
13 ways attackers use generative AI to exploit your systems
Mon Feb 23 2026
Artificial intelligence is revolutionizing the technology industry and this is equally true for the cybercrime ecosystem, as cybercriminals are increasingly leveraging generative AI to improve their t
CSO Online
Anthropic unveils Claude Code Security to detect and fix code bugs
Mon Feb 23 2026
Anthropic launches Claude Code Security, an AI tool that scans code for vulnerabilities and suggests how to address them. Anthropic has introduced Claude Code Security, a new AI-powered service designed to scan software codebases for vulnerabilities and recommend fixes. Built into Claude Code, the tool aims to help teams detect and remediate security flaws faster. […]
Security Affairs
Luxury hotel stays for just €0.01. Spanish police arrest hacker
Sun Feb 22 2026
Spanish police arrested a 20-year-old hacker accused of booking luxury hotel rooms worth up to €1,000 a night for just one cent before being caught. Spanish police arrested a 20-year-old man in Madrid after allegedly manipulating the online payment system of a travel and hotel booking website to secure luxury hotel stays for just €0.01 […]
Security Affairs
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
Sun Feb 22 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links […]
Security Affairs
Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION
Sun Feb 22 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog PayPal discloses extended data […]
Security Affairs
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog
Sat Feb 21 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Roundcube is a popular webmail platform and has been repeatedly targeted […]
Security Affairs
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
Sat Feb 21 2026
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate...
The Hacker News
Password Managers Share a Hidden Weakness
Sat Feb 21 2026
Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online anti-censorship “portal” for the world, and more.
Wired
‘Narco-Submarine’ Carrying 4 Tons of Cocaine Captured by Mexico's Navy
Sat Feb 21 2026
Following increased surveillance and patrols of routes used by transnational drug-trafficking networks, Mexican authorities have seized approximately 10 tons of cocaine in the past week alone.
Wired
Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
Sat Feb 21 2026
Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted...
The Hacker News
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
Sat Feb 21 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code...
The Hacker News
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
Sat Feb 21 2026
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite,...
The Hacker News
PayPal discloses extended data leak linked to Loan App glitch
Fri Feb 20 2026
PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disclosed a data breach caused by a software bug in its PayPal Working Capital loan app. The flaw exposed sensitive customer information, including customers’ business contact details (name, email, phone number, address), along […]
Security Affairs
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Fri Feb 20 2026
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses.
Krebs on Security
Compromised npm package silently installs OpenClaw on developer machines
Sat Feb 21 2026
A new security bypass has users installing AI agent OpenClaw — whether they intended to or not.
CSO Online
DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies
Fri Feb 20 2026
Homeland Security aims to combine its face and fingerprint systems into one big biometric platform—after dismantling centralized privacy reviews and key limits on face recognition.
Wired
Metadata Exposes Authors of ICE’s ‘Mega’ Detention Center Plans
Fri Feb 20 2026
Comments and other data left on a PDF detailing Homeland Security’s proposal to build “mega” detention and processing centers reveal the personnel involved in its creation.
Wired
Don’t trust TrustConnect: This fake remote support tool only helps hackers
Fri Feb 20 2026
After breaking into a system, crooks often install legitimate remote admin tools to keep a foothold on the network — with the risk that the tool’s vendor spots them and locks them out.
CSO Online
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Fri Feb 20 2026
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the...
The Hacker News
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
Fri Feb 20 2026
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI...
The Hacker News
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
Fri Feb 20 2026
A Ukrainian man was sentenced to five years in the U.S. for helping North Korean IT workers use stolen identities to get hired by U.S. firms. Oleksandr “Alexander” Didenko, a 29-year-old Ukrainian national, has been sentenced to five years in a U.S. prison for supporting North Korea’s fraudulent IT worker scheme. Didenko admitted stealing U.S. […]
Security Affairs
KI und Komplexität als Brandbeschleuniger für Cyberkriminelle
Fri Feb 20 2026
Cyberangriffe werden immer schneller, wodurch sich die Zeitspanne zwischen der ersten Kompromittierung und den negativen Folgen verkürzt.
CSO Online
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Fri Feb 20 2026
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage...
The Hacker News
Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
Fri Feb 20 2026
With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are...
The Hacker News
FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025
Fri Feb 20 2026
The FBI warns ATM jackpotting is rising nationwide, with over $20 million lost in 2025 and 1,900 incidents reported since 2020. The FBI has warned of a sharp rise in ATM jackpotting attacks across the U.S., with losses exceeding $20 million in 2025 alone. Since 2020, about 1,900 incidents have been reported, including 700 last […]
Security Affairs
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
Fri Feb 20 2026
INTERPOL’s Operation Red Card 2.0 led to 651 arrests across 16 African countries and recovered over $4.3 million from online scams. INTERPOL’s Operation Red Card 2.0, a joint effort involving law enforcement agencies from 16 African countries, resulted in 651 arrests linked to online scam networks. The operation was carried out under the African Joint […]
Security Affairs
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
Fri Feb 20 2026
A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land...
The Hacker News
Sonderkommission ermittelt zu Cyberangriff auf Kunstsammlungen Dresden
Fri Feb 20 2026
Die Staatlichen Kunstsammlungen Dresden waren Ziel einer Cyberattacke.
CSO Online
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
Fri Feb 20 2026
The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025. The agency said 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 took place last year. In December 2025, the U.S. Department of Justice (DoJ) said about $40.73 million has been collectively...
The Hacker News
PromptSpy abuses Gemini AI to gain persistent access on Android
Fri Feb 20 2026
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity […]
Security Affairs
PayPal launches latest struggle to get rid of SMS for MFA
Fri Feb 20 2026
When PayPal started emailing customers this month that it was backing off unencrypted SMS for multifactor authentication (MFA) at login, it came with the typical approach-avoidance asterisk.
CSO Online
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Fri Feb 20 2026
Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor Ghandali, 32, have been accused...
The Hacker News
10 Passwordless-Optionen für Unternehmen
Fri Feb 20 2026
Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen.
CSO Online
Jeffrey Epstein’s Ties to CBP Agents Sparked a DOJ Probe
Fri Feb 20 2026
Documents say customs officers in the US Virgin Islands had friendly relationships with Epstein years after his 2008 conviction, showing how the infamous sex offender tried to cultivate allies.
Wired
A $10K Bounty Awaits Anyone Who Can Hack Ring Cameras to Stop Sharing Data With Amazon
Fri Feb 20 2026
The Fulu Foundation, a nonprofit that pays out bounties for removing user-hostile features, is hunting for a way to keep Ring cameras from sending data to Amazon—without breaking the hardware.
Wired
New phishing campaign tricks employees into bypassing Microsoft 365 MFA
Fri Feb 20 2026
Another device code phishing campaign that abuses OAuth device registration to bypass multifactor authentication login protections has been discovered.
CSO Online
Germany’s national rail operator Deutsche Bahn hit by a DDoS attack
Thu Feb 19 2026
Germany’s national rail operator, Deutsche Bahn, suffered a major DDoS attack that disrupted booking and information systems for several hours. Germany’s rail operator Deutsche Bahn was hit by a large-scale DDoS attack that disrupted information and booking systems for several hours. The cyberattack affected IT operations, causing delays and service interruptions. At this time, the […]
Security Affairs
An FBI ‘Asset’ Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years
Thu Feb 19 2026
A staffer of the Incognito dark web market was secretly controlled by the FBI—and still allegedly approved the sale of fentanyl-tainted pills, including those from a dealer linked to a confirmed death.
Wired
US dominance of agentic AI at the heart of new NIST initiative
Thu Feb 19 2026
This week, the US National Institute of Standards and Technology (NIST) announced a new listening exercise, the AI Agent Standards Initiative, which it hopes will provide a roadmap for addressing agen
CSO Online
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
Thu Feb 19 2026
Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots,...
The Hacker News
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog
Thu Feb 19 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is […]
Security Affairs
INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown
Thu Feb 19 2026
An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January 30, 2026, according to INTERPOL. It targeted infrastructure and actors behind high-yield investment...
The Hacker News
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center
Thu Feb 19 2026
Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a...
The Hacker News
ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories
Thu Feb 19 2026
The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about exposure, response, and preparedness right now...
The Hacker News
Six flaws found hiding in OpenClaw’s plumbing
Thu Feb 19 2026
Security researchers have uncovered six high-to-critical flaws affecting the open-source AI agent framework OpenClaw, popularly known as a “social media for AI agents.
CSO Online
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
Thu Feb 19 2026
CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Honeywell CCTVs are affected by a critical authentication bypass flaw, tracked as CVE-2026-1670 (CVSS score of 9.8), that lets attackers change the recovery email without logging […]
Security Affairs
From Exposure to Exploitation: How AI Collapses Your Response Window
Thu Feb 19 2026
We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a "temporary" API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle. In 2026, “Eventually” is Now But today, within minutes, AI-powered...
The Hacker News
Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users
Thu Feb 19 2026
Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications. "This new threat, while...
The Hacker News
Hackers can turn Grok, Copilot into covert command-and-control channels, researchers warn
Thu Feb 19 2026
Enterprise security teams racing to enable generative AI tools may be overlooking a new risk: attackers can abuse web-based AI assistants such as Grok and Microsoft Copilot to quietly relay malware co
CSO Online
Irish regulator probes X after Grok allegedly generated sexual images of children
Thu Feb 19 2026
Ireland’s Data Protection Commission opened a probe into X over Grok AI tool allegedly generating sexual images, including of children. Ireland’s Data Protection Commission has launched another investigation into X over Grok’s AI image generator. The probe focuses on reports that the tool created large volumes of non-consensual and sexualized images, including content involving children, […]
Security Affairs
Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports
Thu Feb 19 2026
Amnesty reports Angolan journalist’s iPhone was infected by Intellexa’s Predator spyware via a WhatsApp link in May 2024. Amnesty International reports that in May 2024, Intellexa’s Predator spyware infected the iPhone of Teixeira Cândido, an Angolan journalist and press freedom advocate, after he opened a malicious link sent via WhatsApp. This incident highlights how attackers […]
Security Affairs
How to Organize Safely in the Age of Surveillance
Thu Feb 19 2026
From threat modeling to encrypted collaboration apps, we’ve collected experts’ tips and tools for safely and effectively building a group—even while being targeted and tracked by the powerful.
Wired
Cybersicherheit braucht Reife und keine Checklisten
Thu Feb 19 2026
Wenn CISOs stärkere Programme, bessere Widerstandsfähigkeit und eine sicherere Zukunft wollen, müssen sie ihren Ansatz weiterentwickeln.
CSO Online
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Thu Feb 19 2026
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran's ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan (RAT) and...
The Hacker News
From in-house CISO to consultant. What you need to know before making the leap
Thu Feb 19 2026
For Nikoloz Kokhreidze, the move into cybersecurity consulting came gradually through a series of small steps.
CSO Online
Notepad++ author says fixes make update mechanism ‘effectively unexploitable’
Wed Feb 18 2026
The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author.
CSO Online
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years
Wed Feb 18 2026
For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution.
CSO Online
French Ministry confirms data access to 1.2 Million bank accounts
Wed Feb 18 2026
A hacker accessed data from 1.2 million French bank accounts using stolen official credentials, the Economy Ministry said. A hacker gained access to data from 1.2 million French bank accounts using stolen credentials belonging to a government official, according to the French Economy Ministry. French authorities said affected account holders will be notified in the […]
Security Affairs
Notepad++ patches flaw used to hijack update system
Wed Feb 18 2026
Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, […]
Security Affairs
Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody
Wed Feb 18 2026
New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at the University of Toronto's Munk School of Global Affairs & Public...
The Hacker News
A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft
Wed Feb 18 2026
A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited.
Wired
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Wed Feb 18 2026
Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow that could result in remote code...
The Hacker News
VS Code extensions with 125M+ installs expose users to cyberattacks
Wed Feb 18 2026
Four popular VS Code extensions with 125M+ installs have flaws that could let hackers steal files and run code remotely. OX Security researchers warn that security flaws in four widely used VS Code extensions (Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview) could allow attackers to steal local files and execute code […]
Security Affairs
Millionen Chrome-Erweiterungen geben Browserverlauf preis
Wed Feb 18 2026
width="2489" height="1400" sizes="auto, (max-width: 2489px) 100vw, 2489px">Eine Sicherheitslücke in beliebten Chrome-Erweiterungen führt dazu, dass der Browserverlauf der Anwender offengelegt ist.
CSO Online
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Wed Feb 18 2026
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and...
The Hacker News
Flaws in four popular VS Code extensions left 128 million installs open to attack
Wed Feb 18 2026
Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution,
CSO Online
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
Wed Feb 18 2026
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. “Mandiant and Google Threat Intelligence Group (GTIG) have identified […]
Security Affairs
Keenadu: Android malware that comes preinstalled and can’t be removed by users
Wed Feb 18 2026
There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet.
CSO Online
Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability
Wed Feb 18 2026
In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state of continuous atmospheric instability: AI-driven threats that adapt in real time, expanding...
The Hacker News
Cyberangriff auf Bahn stört Auskunftssysteme
Wed Feb 18 2026
Der Angriff konnte zurückgeschlagen werden.
CSO Online
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
Wed Feb 18 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws […]
Security Affairs
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk
Wed Feb 18 2026
CredShields announces that the OWASP Smart Contract Security Project has officially released the OWASP Smart Contract Top 10 2026, a risk prioritization framework derived from structured analysis of 2
CSO Online
Discipline is the new power move in cybersecurity leadership
Wed Feb 18 2026
For years, I was fortunate to live many years, earning enough budget to deploy cybersecurity programs.
CSO Online
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
Wed Feb 18 2026
A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials...
The Hacker News
3 Ways to Start Your Intelligent Workflow Program
Wed Feb 18 2026
Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers cite freeing time for high-value work as the primary AI automation motivation. Real impact comes...
The Hacker News
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
Wed Feb 18 2026
Kaspersky uncovered Keenadu, an Android backdoor used for ad fraud that can even take full control of devices. Kaspersky has identified a new Android malware called Keenadu. It can be preinstalled in device firmware, hidden inside system apps, or even distributed via official stores like Google Play. Currently used for ad fraud by turning infected […]
Security Affairs
The new paradigm for raising up secure software engineers
Wed Feb 18 2026
CISOs were already struggling to help developers keep up with secure code principles at the speed of DevOps.
CSO Online
A new approach for GenAI risk protection
Wed Feb 18 2026
When generative AI (GenAI) hit the consumer market with the release of OpenAI’s ChatGPT, users worldwide flocked to the product and started experimenting with the tool’s capabilities across industries.
CSO Online
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Wed Feb 18 2026
Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design that aims to make the update process "robust and effectively unexploitable." This includes verification...
The Hacker News
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Wed Feb 18 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap...
The Hacker News
13 Fragen gegen Drittanbieterrisiken
Wed Feb 18 2026
Drum prüfe…Miljan Zivkovic | shutterstock.
CSO Online
Cyber attacks enabled by basic failings, Palo Alto analysis finds
Tue Feb 17 2026
Cyberattacks are moving faster, shrinking the gap between initial compromise and bad consequences, and the advent of AI is accelerating their timelines in a way that human defenders can no longer keep
CSO Online
Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster
Tue Feb 17 2026
Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally...
The Hacker News
SmartLoader hackers clone Oura MCP project to spread StealC malware
Tue Feb 17 2026
Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks […]
Security Affairs
