Notepad++ author says fixes make update mechanism ‘effectively unexploitable’

Wed Feb 18 2026

The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author.

CSO Online

Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years

Wed Feb 18 2026

For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution.

CSO Online

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody

Wed Feb 18 2026

New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at the University of Toronto's Munk School of Global Affairs & Public...

The Hacker News

A Vast Trove of Exposed Social Security Numbers May Put Millions at Risk of Identity Theft

Wed Feb 18 2026

A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited.

Wired

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Wed Feb 18 2026

Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow that could result in remote code...

The Hacker News

Millionen Chrome-Erweiterungen geben Browserverlauf preis

Wed Feb 18 2026

width="2489" height="1400" sizes="auto, (max-width: 2489px) 100vw, 2489px">Eine Sicherheitslücke in beliebten Chrome-Erweiterungen führt dazu, dass der Browserverlauf der Anwender offengelegt ist.

CSO Online

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Wed Feb 18 2026

Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and...

The Hacker News

Flaws in four popular VS Code extensions left 128 million installs open to attack

Wed Feb 18 2026

Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution,

CSO Online

Keenadu: Android malware that comes preinstalled and can’t be removed by users

Wed Feb 18 2026

There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet.

CSO Online

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability

Wed Feb 18 2026

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state of continuous atmospheric instability: AI-driven threats that adapt in real time, expanding...

The Hacker News

Cyberangriff auf Bahn stört Auskunftssysteme

Wed Feb 18 2026

Der Angriff konnte zurückgeschlagen werden.

CSO Online

Discipline is the new power move in cybersecurity leadership

Wed Feb 18 2026

For years, I was fortunate to live many years, earning enough budget to deploy cybersecurity programs.

CSO Online

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

Wed Feb 18 2026

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials...

The Hacker News

3 Ways to Start Your Intelligent Workflow Program

Wed Feb 18 2026

Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers cite freeing time for high-value work as the primary AI automation motivation. Real impact comes...

The Hacker News

A new approach for GenAI risk protection

Wed Feb 18 2026

When generative AI (GenAI) hit the consumer market with the release of OpenAI’s ChatGPT, users worldwide flocked to the product and started experimenting with the tool’s capabilities across industries.

CSO Online

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Wed Feb 18 2026

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design that aims to make the update process "robust and effectively unexploitable." This includes verification...

The Hacker News

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

Wed Feb 18 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap...

The Hacker News

13 Fragen gegen Drittanbieterrisiken

Wed Feb 18 2026

Drum prüfe…Miljan Zivkovic | shutterstock.

CSO Online

Cyber attacks enabled by basic failings, Palo Alto analysis finds

Tue Feb 17 2026

Cyberattacks are moving faster, shrinking the gap between initial compromise and bad consequences, and the advent of AI is accelerating their timelines in a way that human defenders can no longer keep

CSO Online

Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster

Tue Feb 17 2026

Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally...

The Hacker News

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

Tue Feb 17 2026

Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok...

The Hacker News

Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

Tue Feb 17 2026

A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase....

The Hacker News

MCSC 2026: „Politik und Wirtschaft müssen zusammenarbeiten“

Tue Feb 17 2026

Das Motto der Munich Cybersecurity Conference 2026: “Command Control, Really? Confronting The Illusion Of Deterrence In The Age Of Relentless Cyber Threats.

CSO Online

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

Tue Feb 17 2026

Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health data – and built a deceptive...

The Hacker News

ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit

Tue Feb 17 2026

A new cross-platform spyware sold openly through Telegram is lowering the barrier for hackers seeking remote access to mobile devices.

CSO Online

My Day Getting My Hands Dirty with an NDR System

Tue Feb 17 2026

My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). Corelight’s Investigator software, part of its Open NDR Platform, is...

The Hacker News

With CISOs stretched thin, re-envisioning enterprise risk may be the only fix

Tue Feb 17 2026

A majority of enterprise security leaders view their roles as “no longer fully manageable,” according to a recent report, and security consultants concede that the increasingly over-scoped nature of c

CSO Online

Why 2025’s agentic AI boom is a CISO’s worst nightmare

Tue Feb 17 2026

By late 2025, the enterprise AI landscape had shifted.

CSO Online

Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations

Tue Feb 17 2026

New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning (SEO). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant...

The Hacker News

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Tue Feb 17 2026

Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "End-to-end encryption is in beta and is not available for all...

The Hacker News

Exploit available for new Chrome zero-day vulnerability, says Google

Tue Feb 17 2026

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT administrators.

CSO Online

Open source maintainers being targeted by AI agent as part of ‘reputation farming’

Mon Feb 16 2026

AI agents able to submit huge numbers of pull requests (PRs) to open-source project maintainers risk creating the conditions for future supply chain attacks targeting important software projects, deve

CSO Online

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Mon Feb 16 2026

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [...

The Hacker News

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Mon Feb 16 2026

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said....

The Hacker News

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

Mon Feb 16 2026

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path...

The Hacker News

Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud

Mon Feb 16 2026

Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as Lithuania, as well. From e-signatures to digital health records, the country depends on secure systems.  Cybersecurity has become not only a technical challenge but a societal one – demanding...

The Hacker News

The El Paso No-Fly Debacle Is Just the Beginning of a Drone Defense Mess

Mon Feb 16 2026

Fears over a drug cartel drone over Texas sparked a recent airspace shutdown in El Paso and New Mexico, highlighting just how tricky it can be to deploy anti-drone weapons near cities.

Wired

Leaky Chrome extensions with 37M installs caught divulging your browsing history

Mon Feb 16 2026

An estimated 37 million worldwide installations of a clutch of leaky Chrome extensions are transmitting users’ browsing histories to external servers.

CSO Online

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Mon Feb 16 2026

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware...

The Hacker News

Finding a common language around risk

Mon Feb 16 2026

Here’s what nobody tells you about risk management: your cyber team speaks Klingon, your operations folks speak Elvish and your strategy people speak ancient Greek.

CSO Online

Neue Kooperation soll souveräne Cloud-Lösungen bringen

Mon Feb 16 2026

v.

CSO Online

CISO Julie Chatman offers insights for you to take control of your security leadership role

Mon Feb 16 2026

Julie Chatman never planned to get into cybersecurity.

CSO Online

10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons

Mon Feb 16 2026

Ten years on, the Bangladesh Bank cyberheist — a landmark cybersecurity incident that rewrote the rules of nation state–sponsored hacking — continues to offer lessons for the cybersecurity community.

CSO Online

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Mon Feb 16 2026

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after...

The Hacker News

SIEM-Kaufratgeber

Mon Feb 16 2026

Die kontextuellen Daten, die SIEM-Lösungen liefern, sind eine grundlegende Komponente moderner Security-Stacks.

CSO Online

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Sun Feb 15 2026

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslookup" (short for nameserver lookup) command to execute a custom DNS lookup triggered via the Windows...

The Hacker News

Ring Kills Flock Safety Deal After Super Bowl Ad Uproar

Sat Feb 14 2026

Plus: Meta plans to add face recognition to its smart glasses, Jared Kushner named as part of whistleblower’s mysterious national security complaint, and more.

Wired

Robot Dogs Are on Going on Patrol at the 2026 World Cup in Mexico

Sat Feb 14 2026

The Mexican city of Guadalupe, which will host portions of the 2026 World Cup, recently showed off four new robot dogs that will help provide security during matches at BBVA Stadium.

Wired

Critical BeyondTrust RS vulnerability exploited in active attacks

Fri Feb 13 2026

Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support app

CSO Online

South Korea fines Louis Vuitton, Christian Dior, Tiffany $25M for SaaS security failures

Fri Feb 13 2026

South Korea’s data protection authority has handed down a combined KRW 36 billion (approximately US$25 million) in administrative fines to the local subsidiaries of three global luxury houses, after f

CSO Online

Battling bots face off in cybersecurity arena

Fri Feb 13 2026

AI agents are increasingly seen as a way to reinforce the capabilities of cybersecurity teams — but which can do the best job? Wiz has developed a benchmark suite of 257 real-world challenges spanning

CSO Online

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Fri Feb 13 2026

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and...

The Hacker News

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Fri Feb 13 2026

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant's threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense...

The Hacker News

Four new reasons why Windows LNK files cannot be trusted

Fri Feb 13 2026

The number of ways that Windows shortcut (.

CSO Online

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

Fri Feb 13 2026

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick...

The Hacker News

BSI läutet Ende der klassischen Verschlüsselung ein

Fri Feb 13 2026

width="1743" height="980" sizes="auto, (max-width: 1743px) 100vw, 1743px">Das BSI empfiehlt traditionelle Verschlüsselungsverfahren mit Post-Quanten-Kryptographie zu kombinieren.

CSO Online

Google fears massive attempt to clone Gemini AI through model extraction

Fri Feb 13 2026

Google detected and blocked a campaign involving more than 100,000 prompts that it claimed were designed to copy the proprietary reasoning capabilities of its Gemini AI model, according to a quarterly

CSO Online

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Fri Feb 13 2026

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes....

The Hacker News

The democratization of AI data poisoning and how to protect your organization

Fri Feb 13 2026

Smart organizations have spent the last three years protecting their AI tools from skilled prompt injection-style attacks.

CSO Online

npm’s Update to Harden Their Supply Chain, and Points to Consider

Fri Feb 13 2026

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community. Let’s start with the original...

The Hacker News

Why key management becomes the weakest link in a post-quantum and AI-driven security world

Fri Feb 13 2026

When people talk about cryptography, they usually talk about algorithms.

CSO Online

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Fri Feb 13 2026

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing...

The Hacker News

5 key trends reshaping the SIEM market

Fri Feb 13 2026

Security information and event management (SIEM) platforms have evolved far beyond their basic log collection and correlation roots.

CSO Online

Security-Infotainment: Die besten Hacker-Dokus

Fri Feb 13 2026

Sie fühlen sich leer ohne Security-Dashboard? Diese Dokumentationen überbrücken den Schmerz bis zum nächsten Arbeitstag.

CSO Online

Hackers turn bossware against the bosses

Fri Feb 13 2026

A threat actor is abusing an employee monitoring application and a remote monitoring and management platform in an attempt to deploy ransomware and steal cryptocurrency.

CSO Online

Why identity recovery is now central to cyber resilience

Thu Feb 12 2026

Ransomware has permanently changed how security leaders think about risk.

CSO Online

‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users

Thu Feb 12 2026

A blind spot in Microsoft’s app and add-in marketplace security allowed an eagle-eyed hacker to hijack an abandoned Outlook add-in to carry out phishing attacks that compromised 4,000 users, researche

CSO Online