Der Kaufratgeber für Breach & Attack Simulation Tools

Wed Feb 11 2026

Breach & Attack Simulation Tools geben Aufschluss darüber, wie gut (oder schlecht) Ihre Sicherheitskontrollen funktionieren.

CSO Online

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Wed Feb 11 2026

Microsoft highlighted six new and actively exploited vulnerabilities among the 60 fixes issued in today’s February Patch Tuesday releases.

CSO Online

BeyondTrust fixes critical RCE flaw in remote access tools

Tue Feb 10 2026

Companies using self-hosted versions of BeyondTrust Remote Support (RS) or Privileged Remote Access (PRA) should deploy patches for a critical vulnerability that allows attacks to execute OS commands

CSO Online

DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies

Tue Feb 10 2026

The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme. "These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent...

The Hacker News

SolarWinds WHD zero-days from January are under attack

Tue Feb 10 2026

SolarWinds Web Help Desk (WHD) is under attack, with recent incidents exploiting a chain of zero-day and patched vulnerabilities dating back to late 2025, an analysis of customer reports by security c

CSO Online

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Tue Feb 10 2026

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection...

The Hacker News

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Tue Feb 10 2026

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers are no longer optimizing for...

The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Tue Feb 10 2026

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may...

The Hacker News

Windows shortcut weaponized in Phorpiex-linked ransomware campaign

Tue Feb 10 2026

Forcepoint X-Labs researchers have identified a large Phorpiex botnet-aided phishing campaign that uses weaponized Windows shortcut files to deploy Global Group ransomware across victim systems.

CSO Online

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security

Tue Feb 10 2026

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI's total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates in security tools and making every alert...

The Hacker News

Single prompt breaks AI safety in 15 major language models

Tue Feb 10 2026

A single benign-sounding prompt can systematically strip safety guardrails from major language and image models, raising fresh questions about the durability of AI alignment when models are customized

CSO Online

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

Tue Feb 10 2026

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief Commercial Officer, Derek Curtis, said. "Prior to the breach, we had approximately 30 servers/VMs...

The Hacker News

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

Tue Feb 10 2026

The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday. "On January 29, the National Cyber Security Center (...

The Hacker News

How to govern agentic AI so as not to lose control

Tue Feb 10 2026

This year will mark the turning point where artificial intelligence will stop assisting and start acting.

CSO Online

69% of CISOs open to career move — including leaving role entirely

Tue Feb 10 2026

Enterprise CISOs are increasingly willing — and eager — to jump ship, with some frustrated enough to want to leave cybersecurity entirely.

CSO Online

Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges

Tue Feb 10 2026

When LayerX Security published a report on Monday describing what it called “a critical zero-click RCE vulnerability in [Anthropic’s] Claude Desktop Extensions (DXT) that allows a malicious Google Cal

CSO Online

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

Mon Feb 09 2026

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, and...

The Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Mon Feb 09 2026

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently...

The Hacker News

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Mon Feb 09 2026

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even...

The Hacker News

OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks

Mon Feb 09 2026

OpenClaw, the viral open-source AI agent that security firms warn is “insecure by default,” has integrated VirusTotal’s malware scanning into its ClawHub skills marketplace following weeks in which se

CSO Online

DKnife targets network gateways in long running AitM campaign

Mon Feb 09 2026

A previously undocumented China-linked adversary-in-the-middle (AitM) framework known as “DKnife” has been identified operating at network gateways, where it intercepts and manipulates in-transit traf

CSO Online

AI Is Here to Replace Nuclear Treaties. Scared Yet?

Mon Feb 09 2026

The last major nuclear arms treaty between the US and Russia just expired. Some experts believe a combination of satellite surveillance, AI, and human reviewers can take its place. Others, not so much.

Wired

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Mon Feb 09 2026

Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearer...

The Hacker News

Never settle: How CISOs can go beyond compliance standards to better protect their organizations

Mon Feb 09 2026

The start of a new year means a fresh start for everyone, including cybersecurity teams.

CSO Online

Iran’s Digital Surveillance Machine Is Almost Complete

Mon Feb 09 2026

After more than 15 years of draconian measures, culminating in an ongoing internet shutdown, the Iranian regime seems to be staggering toward its digital surveillance endgame.

Wired

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

Mon Feb 09 2026

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT...

The Hacker News

Schrödinger’s cat and the enterprise security paradox

Mon Feb 09 2026

Most security leaders quietly live with a paradox they rarely name out loud.

CSO Online

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Mon Feb 09 2026

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed...

The Hacker News

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

Mon Feb 09 2026

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company...

The Hacker News

Software developers: Prime cyber targets and a rising risk vector for CISOs

Mon Feb 09 2026

Threats against corporate software developers are increasing and diversifying, challenging security leaders to develop more agile defenses against this growing attack vector.

CSO Online

Customer Identity & Access Management: Die besten CIAM-Tools

Mon Feb 09 2026

Wir haben die besten Lösungen in Sachen Customer Identity & Access Management für Sie zusammengestellt.

CSO Online

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

Sun Feb 08 2026

OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now scanned using VirusTotal's threat intelligence, including their new Code Insight capability,"...

The Hacker News

Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data

Sat Feb 07 2026

Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more.

Wired

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

Sat Feb 07 2026

Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. "The focus is on high-ranking targets in...

The Hacker News

ICE Agent’s ‘Dragging’ Case May Help Expose Evidence in Renee Good Shooting

Fri Feb 06 2026

The government has withheld details of the investigation of Renee Good’s killing—but an unrelated case involving the ICE agent who shot her could force new revelations.

Wired

Six more vulnerabilities found in n8n automation platform

Fri Feb 06 2026

Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes.

CSO Online

Claude AI finds 500 high-severity software vulnerabilities

Fri Feb 06 2026

Anthropic only released its latest large language model, Claude Opus 4.

CSO Online

Pretend Disk Format: PDFs harbor new dangers

Fri Feb 06 2026

A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks.

CSO Online

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Fri Feb 06 2026

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to...

The Hacker News

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

Fri Feb 06 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down technical debt and minimize...

The Hacker News

Ten career-ending mistakes CISOs make and how to avoid them

Fri Feb 06 2026

The Chief Information Security Officer role has become one of the most precarious positions in the C-suite.

CSO Online

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

Fri Feb 06 2026

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155...

The Hacker News

CISA gives federal agencies 18 months to purge unsupported edge devices

Fri Feb 06 2026

The Cybersecurity and Infrastructure Security Agency has given federal agencies 18 months to remove all end-of-support edge devices from their networks, escalating its response to what security resear

CSO Online

Zscaler extends zero-trust security to browsers with SquareX acquisition

Fri Feb 06 2026

Cloud security company Zscaler has announced the acquisition of SquareX, a Singapore-based browser detection and response (BDR) technology startup.

CSO Online

How Samsung Knox Helps Stop Your Network Security Breach

Fri Feb 06 2026

As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically tailored to their...

The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Fri Feb 06 2026

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below - @dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31&...

The Hacker News

The blind spot every CISO must see: Loyalty

Fri Feb 06 2026

The longstanding assumption that tenure, performance metrics, or expressed commitment serve as reliable indicators of the trustworthiness of an employee persists across many sectors.

CSO Online

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Fri Feb 06 2026

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday, comes with improved coding skills, including code review and debugging capabilities, along with...

The Hacker News

Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen

Fri Feb 06 2026

Mit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke.

CSO Online

Four new vulnerabilities found in Ingress NGINX

Fri Feb 06 2026

Four security vulnerabilities have been found in the open source Ingress NGINX traffic controller that is extensively used by organizations in Kubernetes deployments.

CSO Online

New APT group breached gov and critical infrastructure orgs in 37 countries

Thu Feb 05 2026

A new cyberespionage group that operates out of Asia has compromised 70 government and critical infrastructure organizations across 37 countries over the past year using a sophisticated toolset that c

CSO Online

Substack data breach leaks users’ email addresses and phone numbers

Thu Feb 05 2026

Substack, a high-profile publishing platform widely used by academics, journalists, subject matter experts, and controversialists, has suffered a data breach affecting an unknown number of its creator

CSO Online

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are

Thu Feb 05 2026

ICE has used Mobile Fortify to identify immigrants and citizens alike over 100,000 times, by one estimate. It wasn't built to work like that—and only got approved after DHS abandoned its own privacy rules.

Wired

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

Thu Feb 05 2026

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The...

The Hacker News

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

Thu Feb 05 2026

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less visible while impact...

The Hacker News

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Thu Feb 05 2026

In a recent incident, attackers abused a legitimate but vulnerable Windows kernel driver to shut down endpoint security tools during an ongoing incident response.

CSO Online

Ransomware-Attacke auf Buhlmann Group

Thu Feb 05 2026

Die Buhlmann Group wurde von einer Ransomware-Bande angegriffen.

CSO Online

The Buyer’s Guide to AI Usage Control

Thu Feb 05 2026

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a widening...

The Hacker News

The silent security gap in enterprise AI adoption

Thu Feb 05 2026

Most security leaders believe they know where their sensitive data lives and how it is protected.

CSO Online

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

Thu Feb 05 2026

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we...

The Hacker News

Microsoft develops a new scanner to detect hidden backdoors in LLMs

Thu Feb 05 2026

Microsoft has developed a scanner designed to detect backdoors in open-weight AI models, addressing a critical blind spot for enterprises increasingly dependent on third-party LLMs.

CSO Online

Im Fokus: Emerging Technologies

Thu Feb 05 2026

CSO Online

Building trust with the board through evidence-based proof

Thu Feb 05 2026

Cybersecurity is a boardroom issue, but meaningful dialogue often breaks down at the table.

CSO Online

Kurz vor Olympia: Italien wehrt russische Hacker-Angriffe ab

Thu Feb 05 2026

width="2488" height="1399" sizes="auto, (max-width: 2488px) 100vw, 2488px">Russische Hacker haben kurz vor den Olympischen Winterspielen einige Standorte in Italien angegriffen.

CSO Online

Software supply chain risks join the OWASP top 10 list, access control still on top

Thu Feb 05 2026

Software supply chain failures and mishandling of exceptional conditions are some of the additions to the updated OWASP Top 10, a list of top web application vulnerabilities.

CSO Online

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Thu Feb 05 2026

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that...

The Hacker News

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign

Thu Feb 05 2026

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX...

The Hacker News

1.5 million AI agents are at risk of going rogue

Thu Feb 05 2026

A study released Wednesday by API management platform vendor Gravitee indicates that upwards of half of the three million agents currently in use by organizations in the US and UK “are ungoverned and

CSO Online

Threat actors hijack web traffic after exploiting React2Shell vulnerability: Report

Wed Feb 04 2026

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes.

CSO Online

Threat actors hijack web traffic after exploiting React2Shell vulnerability

Wed Feb 04 2026

Threat actors exploiting the React2Shell vulnerability in components of React servers are using their access to compromise web domains and divert web traffic for malicious purposes.

CSO Online

Notepad++ Users, You May Have Been Hacked by China

Wed Feb 04 2026

Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows.

Wired