ARTICLES 2026 FEBRUARY January(387) February(431) March(447) April(451) May(23) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 28.2.26 | Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement | New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to | AI | The Hacker News |
| 28.2.26 | Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute | Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a | AI | The Hacker News |
| 28.2.26 | DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams | The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus | Spam | The Hacker News |
| 28.2.26 | Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker | The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian broker whose clients include the Russian government. | Vulnerebility | |
| 28.2.26 | Windows 11 KB5077241 update improves BitLocker, adds Sysmon tool | Microsoft has released the KB5077241 optional cumulative update for Windows 11, which comes with 29 changes, including improvements to BitLocker, a new network speed test tool, and native System Monitor (Sysmon) functionality. | OS | |
| 28.2.26 | Phishing campaign targets freight and logistics orgs in the US, Europe | A financially motivated threat group dubbed "Diesel Vortex" is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains. | Phishing | |
| 28.2.26 | Wynn Resorts confirms employee data breach after extortion threat | Wynn Resorts has confirmed that a hacker stole employee data from its systems after the company was listed on the ShinyHunters extortion gang's data leak site. | Incindent | |
| 28.2.26 | 1Campaign platform helps malicious Google ads evade detection | A newly identified cybercrime service known as 1Campaign is enabling threat actors to run malicious Google Ads that remain online for extended periods while evading scrutiny from security researchers. | Virus | |
| 28.2.26 | CarGurus data breach exposes information of 12.4 million accounts | The ShinyHunters extortion group has published personal information in more than 12 million records allegedly stolen from CarGurus, a U.S.-based digital auto platform. | Incindent | |
| 28.2.26 | Identity-First AI Security: Why CISOs Must Add Intent to the Equation | AI agents now provision infrastructure and approve actions, but many inherit over-scoped privileges without proper governance. Token Security explains why CISOs must treat agents as identities and add intent-based controls so access is granted only when purpose and context align. | AI | |
| 28.2.26 | UK fines Reddit $19 million for using children’s data unlawfully | The UK Information Commissioner's Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards. | BigBrothers | |
| 28.2.26 | Critical SolarWinds Serv-U flaws offer root access to servers | SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. | Vulnerebility | |
| 28.2.26 | ShinyHunters extortion gang claims Odido breach affecting millions | The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido and stealing millions of user records from its compromised systems. | Hack | |
| 28.2.26 | North Korean Lazarus group linked to Medusa ransomware attacks | North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. | APT | |
| 28.2.26 | Android mental health apps with 14.7M installs filled with security flaws | Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information. | OS | |
| 28.2.26 | Spain arrests suspected hacktivists for DDoSing govt sites | Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions. | BigBrothers | |
| 28.2.26 | Microsoft says bug in classic Outlook hides the mouse pointer | Microsoft is investigating a known issue that causes the mouse pointer to disappear in the classic Outlook desktop email client for some users. | OS | |
| 28.2.26 | Ad tech firm Optimizely confirms data breach after vishing attack | New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack. | Incindent | |
| 28.2.26 | When identity isn’t the weak link, access still is | Stolen tokens and compromised devices let attackers reuse trust without breaking authentication. Specops Software explains why identity alone isn't enough and how continuous device verification strengthens Zero Trust. | Security | |
| 28.2.26 | CISA: Recently patched RoundCube flaws now exploited in attacks | CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. | Exploit | |
| 28.2.26 | Arkanix Stealer pops up as short-lived AI info-stealer experiment | An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. | AI | |
| 28.2.26 | Cisco SD-WAN vulnerabilities (CVE-2026-20127, CVE-2022-20775) in active exploitation | On February 25, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and UK National Cyber Security Centre warned that vulnerabilities affecting Cisco software-defined wide-area network (SD-WAN) systems (CVE-2026-20127 and CVE-2022-20775) are actively being exploited. | Vulnerebility blog | SOPHOS |
| 28.2.26 | Nowhere, man: The 2026 Active Adversary Report | AI headline hype didn’t deliver a sea change for practical defense — but one below-the-radar development should | Cyber blog | SOPHOS |
| 28.2.26 | Our report on adversarial misuse of AI highlights model extraction, augmented attacks, and new AI-enabled malware. | AI blog | GTI | |
| 28.2.26 | Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.1 score of 10.0 | Vulnerebility blog | GTI | |
| 28.2.26 | Counterfeit Network Gear Creates Cyber Risk in Critical Infrastructure | As the supply chain for information technology components and raw materials is squeezed by the AI boom, the secondary market is heating up, and introducing new cyber risk into the IT supply chain. | Cyber blog | Eclypsium |
| 28.2.26 | ENISA’s Updated Cybersecurity Methodology Aligns with NIS2 and EU Cybersecurity Act | ENISA’s Cybersecurity Exercise Methodology helps organizations align with NIS2 and the EU Cybersecurity Act while improving readiness and resilience. | BigBrother blog | Cyble |
| 28.2.26 | The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs | Critical WordPress, BeyondTrust, Honeywell CCTV, and PUSR router vulnerabilities surfaced on underground forums, while CISA issued 8 ICS advisories impacting critical manufacturing sectors. | Vulnerebility blog | Cyble |
| 28.2.26 | SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion | Cyble uncovers SURXRAT’s evolution across versions, built on ArsinkRAT code, and now downloading large LLM modules signaling an expansion of its operational capabilities. | Malware blog | Cyble |
| 28.2.26 | North Korean Lazarus Group Now Working With Medusa Ransomware | North Korean attackers continuing to mount extortion attacks against the U.S. healthcare sector despite indictment. | APT blog | SECURITY.COM |
| 28.2.26 | From Token Theft to Full System Takeover: Breaking OpenClaw’s RCE Flaw (CVE-2026-25253) | The SonicWall Capture Labs threat research team became aware of an authentication token theft vulnerability in OpenClaw, assessed its impact and developed mitigation measures. OpenClaw is a widely used open-source AI assistant platform that integrates with numerous messaging services and provides deep system-level capabilities. | Vulnerebility blog | SonicWall |
| 28.2.26 | Inside a New VioletRAT Campaign: Multi Staged Delivery and Stealthy Payload Execution | Recently, the SonicWall Capture Labs threat research team observed a new campaign spreading Violet RAT using a multistage Python-based APC injection technique. The campaign employs a multi-stage delivery chain that involves archives, batch scripts, and a Python loader to deploy the final payload via shellcode injection. The complete infection chain can be visualized in the following figure 1. | Malware blog | SonicWall |
| 28.2.26 | Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security | Industrial organizations are facing a growing paradox in cybersecurity. While operational technology (OT) environments are increasingly connected, most security strategies still assume threats will only materialize once attackers reach the plant floor. | Security blog | Palo Alto |
| 28.2.26 | Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852 | Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. | Vulnerebility blog | CHECKPOINT |
| 28.2.26 | 2025: The Untold Stories of Check Point Research | Check Point Research (CPR) continuously tracks threats, following the clues that lead to major players and incidents in the threat landscape. Whether it’s high-end financially-motivated campaigns or state-sponsored activity, our focus is to figure out what the threat is, report our findings to the relevant parties, and make sure Check Point customers stay protected. | Cyber blog | CHECKPOINT |
| 28.2.26 | New Dohdoor malware campaign targets education and health care | Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as “UAT-10027,” delivering a previously undisclosed backdoor dubbed “Dohdoor.” | Malware blog | CISCO TALOS |
| 28.2.26 | Henry IV, Hotspur, Hal, and hallucinations | Henry IV, Hotspur, Hal, and hallucinations | Cyber blog | CISCO TALOS |
| 28.2.26 | Active exploitation of Cisco Catalyst SD-WAN by UAT-8616 | Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges. | Vulnerebility blog | CISCO TALOS |
| 28.2.26 | “Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities | A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing. | Vulnerebility blog | CISCO TALOS |
| 28.2.26 | Mobile app permissions (still) matter more than you may think | Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks. | Cyber blog | Eset |
| 28.2.26 | Faking it on the phone: How to tell if a voice call is AI or not | Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers. | Cyber blog | Eset |
| 28.2.26 | DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams | The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus | BigBrothers | The Hacker News |
| 28.2.26 | 900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks | The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited | Hack | The Hacker News |
| 27.2.26 | Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor | Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and | Virus | The Hacker News |
| 27.2.26 | ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks | The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for | Virus | The Hacker News |
| 27.2.26 | Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms | Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a | Virus | The Hacker News |
| 27.2.26 | Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams | Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, | Social | The Hacker News |
| 27.2.26 | Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown | Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) | BotNet | The Hacker News |
| 26.2.26 | UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor | A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the | APT | The Hacker News |
| 26.2.26 | Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware | A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick | Virus | The Hacker News |
| 26.2.26 | Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens | Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial | CyberCrime | The Hacker News |
| 26.2.26 | Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access | A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly | Vulnerebility | The Hacker News |
| 26.2.26 | Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries | Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group | APT | The Hacker News |
| 26.2.26 | Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration | Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding | AI | The Hacker News |
| 26.2.26 | Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware | Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal | Virus | The Hacker News |
| 26.2.26 | Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker | A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison | BigBrothers | The Hacker News |
| 26.2.26 | SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution | SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in | Vulnerebility | The Hacker News |
| 26.2.26 | CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited | Vulnerebility | The Hacker News |
| 26.2.26 | RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN | A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a | Vulnerebility | The Hacker News |
| 24.2.26 | UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware | A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate | APT | The Hacker News |
| 24.2.26 | Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks | The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed | Ransom | The Hacker News |
| 24.2.26 | UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors | The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks | APT | The Hacker News |
| 24.2.26 | Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model | Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. | AI | The Hacker News |
| 24.2.26 | APT28 Targeted European Entities Using Webhook-Based Macro Malware | The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central | APT | The Hacker News |
| 24.2.26 | Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb | Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke | Virus | The Hacker News |
| 23.2.26 | Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens | Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at | Virus | The Hacker News |
| 23.2.26 | MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP | The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and | APT | The Hacker News |
| 22.2.26 | Predator spyware hooks iOS SpringBoard to hide mic, camera activity | Intellexa's Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. | Virus | |
| 22.2.26 | Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks | Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. | AI | |
| 22.2.26 | Japanese tech giant Advantest hit by ransomware attack | Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. | Ransom | |
| 22.2.26 | CISA: BeyondTrust RCE flaw now exploited in ransomware attacks | Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. | Ransom | |
| 22.2.26 | Data breach at French bank registry impacts 1.2 million accounts | The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. | Incindent | |
| 22.2.26 | Why the shift left dream has become a nightmare for security and developers | The "shift left" approach has increased pressure on developers, as speed demands override security checks in modern CI pipelines. Qualys explains how analyzing 34,000 public container images revealed 7.3% were malicious and why security must be enforced at the infrastructure layer by default. | Security | |
| 22.2.26 | PayPal discloses data breach that exposed user info for 6 months | PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. | Incindent | |
| 22.2.26 | Mississippi medical center closes all clinics after ransomware attack | The University of Mississippi Medical Center (UMMC) closed all its clinic locations statewide on Thursday following a ransomware attack. | Ransom | |
| 22.2.26 | FBI: Over $20 million stolen in surge of ATM malware attacks in 2025 | The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM "jackpotting" attacks, in which criminals use malware to force cash machines to dispense money. | BigBrothers | |
| 22.2.26 | Ukrainian gets 5 years for helping North Koreans infiltrate US firms | A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies. | BigBrothers | |
| 22.2.26 | PromptSpy is the first known Android malware to use generative AI at runtime | Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google's Gemini model to adapt its persistence across different devices. | AI | |
| 22.2.26 | Flaw in Grandstream VoIP phones allows stealthy eavesdropping | A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. | Vulnerebility | |
| 22.2.26 | Google blocked over 1.75 million Play Store app submissions in 2025 | Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations. | Virus | |
| 22.2.26 | CISA orders feds to patch actively exploited Dell flaw within 3 days | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. | Exploit | |
| 22.2.26 | How infostealers turn stolen credentials into real identities | Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle. | Virus | |
| 22.2.26 | Nigerian man gets eight years in prison for hacking tax firms | A Nigerian national was sentenced to eight years in prison for hacking multiple tax preparation firms in Massachusetts and filing fraudulent tax returns seeking over $8.1 million in refunds. | CyberCrime | |
| 22.2.26 | Texas sues TP-Link over Chinese hacking risks, user deception | Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users' devices. | APT | |
| 22.2.26 | Hackers target Microsoft Entra accounts in device code vishing attacks | Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. | Phishing | |
| 22.2.26 | Police arrests 651 suspects in African cybercrime crackdown | African authorities arrested 651 suspects and recovered over $4.3 million in a joint operation targeting investment fraud, mobile money scams, and fake loan applications. | CyberCrime | |
| 22.2.26 | New 'Massiv' Android banking malware poses as an IPTV app | A newly identified Android banking trojan named Massiv has been under active distribution across south Europe, disguised as an IPTV app. | Virus | |
| 22.2.26 | Critical infra Honeywell CCTVs vulnerable to auth bypass flaw | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking. | Vulnerebility | |
| 22.2.26 | AI platforms can be abused for stealthy malware communication | AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. | AI | |
| 22.2.26 | Telegram channels expose rapid weaponization of SmarterMail flaws | Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to ransomware activity. | Social | |
| 22.2.26 | Microsoft: Anti-phishing rules mistakenly blocked emails, Teams messages | Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns. | Safety | |
| 22.2.26 | Data breach at fintech firm Figure affects nearly 1 million accounts | Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company. | Incindent | |
| 22.2.26 | AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries | A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services | AI | The Hacker News |
| 21.2.26 | Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning | Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for | AI | The Hacker News |
| 21.2.26 | CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known | Exploit | The Hacker News |
| 21.2.26 | EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security | With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap | AI | The Hacker News |
| 21.2.26 | Microsoft says bug causes Copilot to summarize confidential emails | Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information. | AI | |
| 21.2.26 | Glendale man gets 5 years in prison for role in darknet drug ring | A Glendale man was sentenced to nearly five years in federal prison for his role in a darknet drug trafficking operation that sold cocaine, methamphetamine, MDMA, and ketamine to customers across the United States. | CyberCrime | |
| 21.2.26 | Spain orders NordVPN, ProtonVPN to block LaLiga piracy sites | A Spanish court has granted precautionary measures against NordVPN and ProtonVPN, ordering the two popular VPN providers to block 16 websites that facilitate piracy of football matches. | Security | |
| 21.2.26 | Flaws in popular VSCode extensions expose developers to attacks | Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely. | Hack | |
| 21.2.26 | Chinese hackers exploiting Dell zero-day flaw since mid-2024 | A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. | APT | |
| 21.2.26 | Notepad++ boosts update security with ‘double-lock’ mechanism | Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. | Security | |
| 21.2.26 | Microsoft Teams outage affects users in United States, Europe | Microsoft is working to resolve an ongoing outage affecting Microsoft Teams users, causing delays and preventing some from accessing the service. | OS | |
| 21.2.26 | What 5 Million Apps Revealed About Secrets in JavaScript | Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here's what we learned. | Security | |
| 21.2.26 | New Keenadu backdoor found in Android firmware, Google Play apps | A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. | OS | |
| 21.2.26 | Poland arrests suspect linked to Phobos ransomware operation | Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. | Ransom | |
| 21.2.26 | Ireland now also investigating X over Grok-made sexual images | Ireland's Data Protection Commission (DPC), the country's data protection authority, has opened a formal investigation into X over the use of the platform's Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. | Social | |
| 21.2.26 | Washington Hotel in Japan discloses ransomware infection incident | The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. | Ransom | BleepingComputer |
| 21.2.26 | Counterfeit Network Gear Creates Cyber Risk in Critical Infrastructure | As the supply chain for information technology components and raw materials is squeezed by the AI boom, the secondary market is heating up, and introducing new cyber risk into the IT supply chain. | AI blog | Eclypsium |
| 21.2.26 | The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure | Critical SolarWinds, Ivanti EPMM, Microsoft Office, and Siemens ICS vulnerabilities are being discussed on underground forums, while 15 CISA ICS advisories impacted Energy and Critical Manufacturing sectors. | Vulnerebility blog | Cyble |
| 21.2.26 | India’s AI Revolution: Why This Is India’s Most Significant Moment | Beenu Arora outlines India’s AI moment, rising deepfake and phishing threats, and why AI security must evolve alongside innovation and scale. | AI blog | Cyble |
| 21.2.26 | How the Protective Security Policy Framework Shapes Australia’s Commonwealth Cyber Security Strategy | The 2025 Commonwealth Cyber Security report outlines Essential Eight progress, compliance results, and key resilience challenges. | Cyber blog | Cyble |
| 21.2.26 | Strategic AI for Preemptive Cyber Defense and Attacker Cost Imposition | Modern AI security tools are heavily focused on reducing operational bottlenecks. It might help analysts clear an alert queue faster or prioritize which fires to put out first. While these efforts are valuable for efficiency, they don’t fundamentally change the game; they just help teams react more effectively to attacks that have already breached the perimeter. | AI blog | Silent Push |
| 21.2.26 | U.S. Public Sector Under Siege | Discover why Government and Education must prioritize Cyber Risk Management. | Cyber blog | Trend Micro |
| 21.2.26 | Spam Campaign Abuses Atlassian Jira, Targets Government and Corporate Entities | We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls. | Hacking blog | Trend Micro |
| 21.2.26 | Viral AI, Invisible Risks: What OpenClaw Reveals About Agentic Assistants | OpenClaw (aka Clawdbot or Moltbot) represents a new frontier in agentic AI: powerful, highly autonomous, and surprisingly easy to use. In this research, we examine how its capabilities compare to its predecessors’ and highlight the security risks inherent to the agentic AI paradigm. | AI blog | Trend Micro |
| 21.2.26 | Uncovering a Recent Pulsar RAT Sample in the Wild | This week, the SonicWall Capture Labs Threat Research Team analyzed an obfuscated .NET trojan frequently used in malicious campaigns. Pulsar RAT, is an open-sourced remote access tool that was derived from another open-sourced RAT named Quasar. Pulsar adds updated capabilities such as hooking clipboard changes, capturing webcam images, UAC bypass, and sending results back to attackers. | Malware blog | SonicWall |
| 21.2.26 | VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) | On Feb. 6, 2026, BeyondTrust released a security advisory regarding CVE-2026-1731. BeyondTrust is an identity and access management platform. This specific vulnerability involves a pre-authentication remote code execution (RCE) issue within BeyondTrust remote support software. | Vulnerebility blog | Palo Alto |
| 21.2.26 | Phishing on the Edge of the Web and Mobile Using QR Codes | This article explores the misuse of QR codes in today's threat landscape, covering three areas of concern: | Phishing blog | Palo Alto |
| 21.2.26 | Critical Vulnerabilities in Ivanti EPMM Exploited | Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting enterprise mobile fleets and corporate networks. These vulnerabilities allow unauthenticated attackers to remotely execute arbitrary code on target servers, granting them full control over mobile device management (MDM) infrastructure without requiring user interaction or credentials. | Vulnerebility blog | Palo Alto |
| 21.2.26 | AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks | Check Point Research (CPR) has discovered that certain AI assistants that support web browsing or URL fetching can be abused as covert command-and-control relays (“AI as a proxy”), allowing attacker traffic to blend seamlessly into legitimate, commonly permitted enterprise communications. | AI blog | CHECKPOINT |
| 21.2.26 | Using AI to defeat AI | In this week’s newsletter Martin considers how defenders can turn offensive AI tools against themselves. | AI blog | CISCO TALOS |
| 21.2.26 | “Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities | A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing. | Hacking blog | CISCO TALOS |
| 21.2.26 | PromptSpy ushers in the era of Android threats using GenAI | ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow | Malware blog | Eset |
| 21.2.26 | Is Poshmark safe? How to buy and sell without getting scammed | Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches. | Spam blog | Eset |
| 21.2.26 | Is it OK to let your children post selfies online? | When it comes to our children’s digital lives, prohibition rarely works. It’s our responsibility to help them build a healthy relationship with tech. | Security blog | Eset |
| 21.2.26 | Turf Wars vs. Supply Chains: The Great Divergence in State Cyber Threats | Russia uses proxies; the PRC uses assembly lines. Discover how the Quartermaster, Breacher, and Specialist layers redefine 2026 threats. | BigBrother blog | Trelix |
| 21.2.26 | Technical Deep Dive: The Monero Mining Campaign | In the contemporary threat landscape, while ransomware grabs headlines with high-impact disruptions, cryptojacking operations have quietly evolved into sophisticated, persistent threats. | Cryptocurrency blog | Trelix |
| 18.2.26 | From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day | Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.1 score of 10.0. | APT | GTI |
| 18.2.26 | Notepad++ v8.9.2 release - Double‑Lock Update Security | “the XML returned by the update server is now signed (XMLDSig), and the certificate & signature verification will be enforced starting with upcoming v8.9.2, expected in about one month.“ | Security | NOTEPAD |
| 18.2.26 | AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks | Check Point Research (CPR) has discovered that certain AI assistants that support web browsing or URL fetching can be abused as covert command-and-control relays (“AI as a proxy”), allowing attacker traffic to blend seamlessly into legitimate, commonly permitted enterprise communications. | AI | CHECKPOINT |
| 20.2.26 | BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration | Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged | Vulnerebility | The Hacker News |
| 20.2.26 | Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems | In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily | Vulnerebility | The Hacker News |
| 20.2.26 | ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware | Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously | Virus | The Hacker News |
| 20.2.26 | Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case | A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information | BigBrothers | The Hacker News |
| 20.2.26 | FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 | The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than | BigBrothers | The Hacker News |
| 20.2.26 | Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran | Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and | BigBrothers | The Hacker News |
| 20.2.26 | PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence | Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence (AI) | AI | The Hacker News |
| 20.2.26 | INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown | An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law | CyberCrime | The Hacker News |
| 20.2.26 | Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center | Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows | Vulnerebility | The Hacker News |
| 19.2.26 | Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users | Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover ( DTO ) attacks for | Virus | The Hacker News |
| 19.2.26 | CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware | Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST , likely targeting supporters of Iran's ongoing protests to | Virus | The Hacker News |
| 19.2.26 | Eurail says stolen traveler data now up for sale on dark web | Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web. | Incindent | |
| 19.2.26 | Man arrested for demanding reward after accidental police data leak | Dutch authorities arrested a 40-year-old man after he downloaded confidential documents that had been mistakenly shared by the police and refused to delete them unless he received "something in return." | CyberCrime | |
| 19.2.26 | Infostealer malware found stealing OpenClaw secrets for first time | With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, and other secrets. | Virus | |
| 19.2.26 | CISA gives feds 3 days to patch actively exploited BeyondTrust flaw | CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. | Exploit | |
| 19.2.26 | Google patches first Chrome zero-day exploited in attacks this year | Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. | Exploit | |
| 19.2.26 | Canada Goose investigating as hackers leak 600K customer records | ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of its own systems. | Incindent | |
| 19.2.26 | New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS | Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. | Hack | |
| 19.2.26 | Windows 11 KB5077181 fixes boot failures linked to failed updates | Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an "UNMOUNTABLE_BOOT_VOLUME" error after installing recent security updates, with the fix delivered in the February 2026 Patch Tuesday update. | OS | |
| 19.2.26 | CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups | CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized "Ninja Browser." The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. | Virus | |
| 19.2.26 | Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps | Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets. | Cryptocurrency | |
| 18.2.26 | Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody | New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company | BigBrothers | The Hacker News |
| 18.2.26 | Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution | Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to | Vulnerebility | The Hacker News |
| 18.2.26 | From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day | Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.1 score of 10.0. | APT | GTI |
| 18.2.26 | Notepad++ v8.9.2 release - Double‑Lock Update Security | “the XML returned by the update server is now signed (XMLDSig), and the certificate & signature verification will be enforced starting with upcoming v8.9.2, expected in about one month.“ | Security | NOTEPAD |
| 18.2.26 | AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks | Check Point Research (CPR) has discovered that certain AI assistants that support web browsing or URL fetching can be abused as covert command-and-control relays (“AI as a proxy”), allowing attacker traffic to blend seamlessly into legitimate, commonly permitted enterprise communications. | AI | CHECKPOINT |
| 18.2.26 | Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs | Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if | Vulnerebility | The Hacker News |
| 18.2.26 | Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024 | A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat | Vulnerebility | The Hacker News |
| 18.2.26 | Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware | Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to | Virus | The Hacker News |
| 18.2.26 | CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 18.2.26 | Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies | Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be | Virus | The Hacker News |
| 18.2.26 | Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates | A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new | Virus | The Hacker News |
| 17.2.26 | SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer | Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context | Virus | The Hacker News |
| 17.2.26 | Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations | New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button | AI | The Hacker News |
| 17.2.26 | Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta | Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services ( | OS | The Hacker News |
| 17.2.26 | Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens | Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw | Virus | The Hacker News |
| 17.2.26 | Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers | A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password | Hack | The Hacker News |
| 16.2.26 | Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud | Presentation of the KTU Consortium Mission ‘A Safe and Inclusive Digital Society’ at the Innovation Agency event ‘Innovation Breakfast: How Mission- | AI | The Hacker News |
| 16.2.26 | New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft | Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to | Virus | The Hacker News |
| 16.2.26 | New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released | Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity | Exploit | The Hacker News |
| 16.2.26 | Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging | Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running | Hack | The Hacker News |
| 15.2.26 | One threat actor responsible for 83% of recent Ivanti RCE attacks | Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. | Vulnerebility | |
| 15.2.26 | Snail mail letters target Trezor and Ledger users in crypto-theft attacks | Snail mail letters target Trezor and Ledger users in crypto-theft attacks | Cryptocurrency | |
| 15.2.26 | Fake job recruiters hide malware in developer coding challenges | A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. | APT | |
| 15.2.26 | Claude LLM artifacts abused to push Mac infostealers in ClickFix attack | Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. | AI | |
| 15.2.26 | Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches | South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. | Incindent | |
| 15.2.26 | Turning IBM QRadar Alerts into Action with Criminal IP | Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment help SOC teams prioritize high-risk IPs and accelerate investigations without leaving QRadar. | CyberCrime | |
| 15.2.26 | CISA flags critical Microsoft SCCM flaw as exploited in attacks | CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks. | Vulnerebility | |
| 15.2.26 | Microsoft fixes bug that blocked Google Chrome from launching | Microsoft has fixed a known issue causing its Family Safety parental control service to block Windows users from launching Google Chrome and other web browsers. | Vulnerebility | |
| 15.2.26 | Russia tries to block WhatsApp, Telegram in communication blockade | The Russian government is attempting to block WhatsApp in the country as its crackdown on communication platforms not under its control intensifies. | BigBrothers | |
| 15.2.26 | Bitwarden introduces ‘Cupid Vault’ for secure password sharing | Bitwarden has launched a new system called 'Cupid Vault' that allows users to safely share passwords with trusted email addresses. | Security | |
| 15.2.26 | Critical BeyondTrust RCE flaw now exploited in attacks, patch now | A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. | Exploit | |
| 15.2.26 | Microsoft: New Windows LNK spoofing issues aren't vulnerabilities | Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. | Hack | |
| 15.2.26 | Romania's oil pipeline operator Conpet confirms data stolen in attack | Romania's national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. | Incindent | |
| 15.2.26 | Odido data breach exposes personal info of 6.2 million customers | Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers. | Incindent | |
| 15.2.26 | WordPress plugin with 900k installs vulnerable to critical RCE flaw | A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication. | Vulnerebility | |
| 15.2.26 | AMOS infostealer targets macOS through a popular AI app | AMOS infostealer is targeting macOS users by abusing popular AI apps and extension marketplaces to harvest credentials. Flare examines how AMOS operates, spreads through AI-driven lures, and feeds the broader stealer-log cybercrime economy. | Virus | |
| 14.2.26 | Fake AI Chrome extensions with 300K users steal credentials, emails | A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information. | AI | |
| 14.2.26 | Google says hackers are abusing Gemini AI for all attacks stages | Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in which private-sector firms and researchers use legitimate API access to systematically probe models and replicate their logic and reasoning. | AI | |
| 14.2.26 | Apple fixes zero-day flaw used in 'extremely sophisticated' attacks | Apple has released security updates to fix a zero-day vulnerability that was exploited in an "extremely sophisticated attack" targeting specific individuals. | OS | |
| 14.2.26 | Windows 11 Notepad flaw let files execute silently via Markdown links | Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. | OS | |
| 14.2.26 | Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts | The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. | Hack | |
| 14.2.26 | Crazy ransomware gang abuses employee monitoring tool in attacks | A member of the Crazy ransomware gang is abusing legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment. | Ransom | |
| 14.2.26 | Police arrest seller of JokerOTP MFA passcode capturing tool | The Netherlands Police have arrested a a 21-year-old man from Dordrecht, suspected of selling access to the JokerOTP phishing automation tool that can intercept one-time passwords (OTP) for hijacking accounts. | CyberCrime | |
| 14.2.26 | Proactive strategies for cyber resilience with Wazuh | Cyber resilience means anticipating threats, detecting them early, and recovering fast when incidents occur. Wazuh shows how its open source SIEM and XDR unify visibility, detection, and automated response to strengthen proactive defense. | Safety | |
| 14.2.26 | Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs | A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL . Google | Virus | The Hacker News |
| 14.2.26 | When AI Secrets Go Public: The Rising Risk of Exposed ChatGPT API Keys | Cyble’s research reveals the exposure of ChatGPT API keys online, potentially enabling large‑scale abuse and hidden AI risk. | AI blog | Cyble |
| 14.2.26 | Beyond the Battlefield: Threats to the Defense Industrial Base | In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. | BigBrother blog | GTI |
| 14.2.26 | The US False Claims Act Becomes a Cybersecurity Enforcement Engine | DOJ recovered $52M in False Claims Act for cyber settlements, signaling tougher enforcement over contractor cybersecurity representations. | Cyber blog | Cyble |
| 14.2.26 | SMS & OTP Bombing Campaigns: Evolving API Abuse Targeting Multiple Regions | Cyble analyzes expanding OTP/SMS bombing ecosystems using high‑speed APIs, SSL bypass, and cross‑platform automation. | Security blog | Cyble |
| 14.2.26 | The Week in Vulnerabilities: SolarWinds, AI Fixes Urged by Cyble | SolarWinds Web Help Desk and OpenClaw flaws are among the vulnerabilities, drawing significant interest by threat actors. | Vulnerebility blog | Cyble |
| 14.2.26 | A Peek Into Muddled Libra’s Operational Playbook | During a September 2025 incident response investigation, Unit 42 discovered a rogue virtual machine (VM) which we believe with high confidence to be used by the cybercrime group Muddled Libra (aka Scattered Spider, UNC3944). The contents of this rogue VM and activity from the attack provide valuable insight into the operational playbook of this threat actor. | APT blog | Palo Alto |
| 14.2.26 | New threat actor, UAT-9921, leverages VoidLink framework in campaigns | Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink. | Malware blog | CISCO TALOS |
| 14.2.26 | Hand over the keys for Shannon’s shenanigans | In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management. | AI blog | CISCO TALOS |
| 14.2.26 | Ryan Liles, master of technical diplomacy | Ryan Liles reveals how he bridges the gap between Cisco’s product teams and third-party testing labs, mastering the art of technical diplomacy while driving industry standards forward and keeping the internet’s defenders ahead of the game. | Cyber blog | CISCO TALOS |
| 14.2.26 | Microsoft Patch Tuesday for February 2026 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for February 2026, which includes 55 vulnerabilities affecting a range of products, including one (CVE-2025-59498) that Microsoft marked as “Critical”. | OS Blog | CISCO TALOS |
| 14.2.26 | Naming and shaming: How ransomware groups tighten the screws on victims | When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle | Ransom blog | Eset |
| 14.2.26 | Taxing times: Top IRS scams to look out for in 2026 | It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy. | Spam blog | Eset |
| 14.2.26 | The Bug Report - January 2026 Edition | New Year, new exploits! We break down critical January CVEs in Microsoft Office, n8n, and AI tools. Don't let your resolution be a breach—read the report. | Vulnerebility blog | Trelix |
| 14.2.26 | Dark Web Roast - January 2026 Edition | Welcome to January 2026's underground intelligence roundup, where criminal masterminds continue to demonstrate that the phrase "honour among thieves" remains the greatest oxymoron in cybercrime. | Hacking blog | Trelix |
| 14.2.26 | When SPNs Go Rogue: Detection and Remediation with Trellix NDR | To address this detection gap, the blog shows how Trellix Network Detection and Response (NDR) detects Kerberoasting activity by analyzing deviations in identity behavior and comparing network-level telemetry. | Security blog | Trelix |
| 13.2.26 | Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations | Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense | APT | The Hacker News |
| 13.2.26 | UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors | A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns | Virus | The Hacker News |
| 13.2.26 | LummaStealer infections surge after CastleLoader malware campaigns | A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malwar | Virus | |
| 13.2.26 | Microsoft releases Windows 11 26H1 for select and upcoming CPUs | Microsoft has announced Windows 11 26H1, but it's not for existing PCs. Instead, it will ship on devices with Snapdragon X2 processors and possibly other rumored ARM chips.w | OS | |
| 13.2.26 | New Linux botnet SSHStalker uses old-school IRC for C2 comms | A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. | BotNet | |
| 13.2.26 | North Korean hackers use new macOS malware in crypto-theft attacks | North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. | Cryptocurrency | |
| 13.2.26 | Malicious 7-Zip site distributes installer laced with proxy tool | A fake 7-Zip website is distributing a trojanized installer of the popular archiving tool that turns the user's computer into a residential proxy node. | Hack | |
| 13.2.26 | Microsoft releases Windows 10 KB5075912 extended security update | Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates. | OS | |
| 13.2.26 | Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws | Today is Microsoft's February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities. | OS | |
| 13.2.26 | Windows 11 KB5077181 & KB5075941 cumulative updates released | Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. | OS | |
| 13.2.26 | Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds | Chrome extension CL Suite by @CLMasters neutralizes 2FA for Facebook and Meta Business accounts while exfiltrating Business Manager contact and analytics data. | Social blog | SOCKET |
| 13.2.26 | Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign | In late 2025 and early 2026, a series of independent disclosures by software maintainers, security researchers, and national cyber authorities converged on an unsettling conclusion: for months, the update mechanism of one of the world’s most widely used open-source text editors had been quietly subverted. | APT blog | DomainTools Investigation |
| 13.2.26 | GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use | In the final quarter of 2025, Google Threat Intelligence Group (GTIG) observed threat actors increasingly integrating artificial intelligence (AI) to accelerate the attack lifecycle, achieving productivity gains in reconnaissance, social engineering, and malware development. This report serves as an update to our November 2025 findings regarding the advances in threat actor usage of AI tools. | AI blog | GTI |
| 13.2.26 | Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History | Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite | Virus | The Hacker News |
| 13.2.26 | npm’s Update to Harden Their Supply Chain, and Points to Consider | In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While | Incindent | The Hacker News |
| 13.2.26 | Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability | Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access | Exploit | The Hacker News |
| 13.2.26 | Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support | Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to | AI | The Hacker News |
| 13.2.26 | Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems | Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake | APT | The Hacker News |
| 12.2.26 | 83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure | A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to | Exploit | The Hacker News |
| 12.2.26 | Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices | Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in | Exploit | The Hacker News |
| 12.2.26 | Volvo Group North America customer data exposed in Conduent hack | Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer. | Incindent | |
| 12.2.26 | Microsoft announces new mobile-style Windows security controls | Microsoft wants to introduce smartphone-style app permission prompts in Windows 11 to request user consent before apps can access sensitive resources such as files, cameras, and microphones. | OS | |
| 12.2.26 | ZeroDayRAT malware grants full access to Android, iOS devices | A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices. | Virus | |
| 12.2.26 | Fugitive behind $73M 'pig butchering' scheme gets 20 years in prison | A dual Chinese and St. Kitts and Nevis national was sentenced to 20 years in prison in absentia for his role in an international cryptocurrency investment scheme (also known as pig butchering or romance baiting) that defrauded victims of more than $73 million. | Cryptocurrency | |
| 12.2.26 | Chinese cyberspies breach Singapore's four largest telcos | The Chinese threat actor tracked as UNC3886 breached Singapore's four largest telecommunication service providers, Singtel, StarHub, M1, and Simba, at least once last year. | BigBrothers | |
| 12.2.26 | Hackers exploit SolarWinds WHD flaws to deploy DFIR tool in attacks | Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for persistence and remote control. | Vulnerebility | |
| 12.2.26 | Hackers breach SmarterTools network using flaw in its own software | SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. | Incindent | |
| 12.2.26 | Password guessing without AI: How attackers build targeted wordlists | Attackers don't need AI to crack passwords, they build targeted wordlists from an organization's own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. | AI | |
| 12.2.26 | BeyondTrust warns of critical RCE flaw in remote support software | BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely. | Vulnerebility | |
| 12.2.26 | Men charged in FanDuel scheme fueled by thousands of stolen identities | Two Connecticut men face federal charges for allegedly defrauding FanDuel and other online gambling sites of $3 million over several years using the stolen identities of approximately 3,000 victims. | Incindent | |
| 12.2.26 | Microsoft: Exchange Online flags legitimate emails as phishing | Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them. | Phishing | |
| 12.2.26 | European Commission discloses breach that exposed staff data | The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked. | BigBrothers | |
| 12.2.26 | New tool blocks imposter attacks disguised as safe commands | A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution. | Hack | |
| 12.2.26 | State actor targets 155 countries in 'Shadow Campaigns' espionage op | A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the "Shadow Campaigns," where it targeted government infrastructure in 155 countries. | Hack | BleepingComputer |
| 12.2.26 | First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials | Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. | Hack | The Hacker News |
| 11.2.26 | APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities | Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows | APT | The Hacker News |
| 11.2.26 | Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms | It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and | Vulnerebility | The Hacker News |
| 11.2.26 | Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days | Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited | OS | The Hacker News |
| 11.2.26 | SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits | Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat ( IRC ) communication | BotNet | The Hacker News |
| 11.2.26 | North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations | The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and | Cryptocurrency | The Hacker News |
| 11.2.26 | Microsoft Patch Tuesday - February 2026 | Today's patch Tuesday addresses 59 different vulnerabilities (plus two Chromium vulnerabilities affecting Microsoft Edge). While this is a lower-than-normal number, this includes six vulnerabilities that are already exploited. | OS | SANS |
| 11.2.26 | DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies | The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using | APT | The Hacker News |
| 11.2.26 | Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools | Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own | Ransom | The Hacker News |
| 10.2.26 | Reynolds: Defense Evasion Capability Embedded in Ransomware Payload | BYOVD component included in ransomware payload itself, rather than as a separate tool. | Ransom | SECURITY.COM |
| 10.2.26 | Understanding BYOVD Attacks and Mitigation Strategies | In recent years, the cybersecurity community has observed a notable increase in attacks leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique. | Mobil | HELCYON |
| 10.2.26 | Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools | Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own | Ransom | The Hacker News |
| 10.2.26 | Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution | Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on | Vulnerebility | The Hacker News |
| 10.2.26 | Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server | SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched | Ransom | The Hacker News |
| 10.2.26 | Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data | The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems | Exploit | The Hacker News |
| 10.2.26 | China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign | The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its | APT | The Hacker News |
| 10.2.26 | SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers | Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk | Exploit | The Hacker News |
| 9.2.26 | Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign | The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan | APT | The Hacker News |
| 9.2.26 | TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure | Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious | Exploit | The Hacker News |
| 9.2.26 | BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA | BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if | Vulnerebility | The Hacker News |
| 8.2.26 | Payments platform BridgePay confirms ransomware attack behind outage | A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform. | Ransom | |
| 8.2.26 | Germany warns of Signal account hijacking targeting senior figures | Germany's domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. | BigBrothers | |
| 8.2.26 | DKnife Linux toolkit hijacks router traffic to spy, deliver malware | A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. | Virus | |
| 8.2.26 | CISA warns of SmarterMail RCE flaw used in ransomware attacks | The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. | Vulnerebility | |
| 8.2.26 | EDR, Email, and SASE Miss This Entire Class of Browser Attacks | Many modern attacks happen entirely inside the browser, leaving little evidence for traditional security tools. Keep Aware shows why EDR, email, and SASE miss browser-only attacks and how visibility changes prevention. | Hack | |
| 8.2.26 | EU says TikTok faces large fine over "addictive design" | The European Commission said today that TikTok is facing a fine because its addictive features, including infinite scroll, autoplay, push notifications, and personalized recommendation systems, are breaching the EU's Digital Services Act (DSA). | Social | |
| 8.2.26 | Man pleads guilty to hacking nearly 600 women’s Snapchat accounts | An Illinois man pleaded guilty to hacking nearly 600 women's Snapchat accounts to steal nude photos that he kept, sold, or traded online, including accounts he compromised at the request of a former university track coach who was later convicted of sextortion. | Incindent | |
| 8.2.26 | Flickr discloses potential data breach exposing users' names, emails | Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and account activity. | Incindent | |
| 8.2.26 | CISA orders federal agencies to replace end-of-life edge devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new binding operational directive requiring federal agencies to identify and remove network edge devices that no longer receive security updates from manufacturers. | BigBrothers | |
| 8.2.26 | Spain's Ministry of Science shuts down systems after breach claims | Spain's Ministry of Science (Ministerio de Ciencia) announced a partial shutdown of its IT systems, affecting several citizen- and company-facing services. | BigBrothers | |
| 8.2.26 | Ransomware gang uses ISPsystem VMs for stealthy payload delivery | Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider | Ransom | |
| 8.2.26 | Microsoft to shut down Exchange Online EWS in April 2027 | Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after nearly 20 years. | OS | |
| 8.2.26 | OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills | OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to | Security | The Hacker News |
| 8.2.26 | Italian university La Sapienza goes offline after cyberattack | Rome's "La Sapienza" university has been targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions at the educational institute. | Hack | |
| 8.2.26 | Romanian oil pipeline operator Conpet discloses cyberattack | Conpet, Romania's national oil pipeline operator, has disclosed that a cyberattack disrupted its business systems and took down the company's website on Tuesday. | Hack | |
| 8.2.26 | When cloud logs fall short, the network tells the truth | Cloud logs can be inconsistent or incomplete, creating blind spots as environments scale and change. Corelight shows how network-level telemetry provides reliable visibility when cloud logs fall short. | Security | |
| 8.2.26 | Newsletter platform Substack notifies users of data breach | Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025. | Incindent | |
| 8.2.26 | Data breach at fintech firm Betterment exposes 1.4 million accounts | Hackers stole email addresses and other personal information from 1.4 million accounts after breaching the systems of automated investment platform Betterment in January. | Incindent | |
| 8.2.26 | Zendesk spam wave returns, floods users with 'Activate account' emails | A fresh wave of spam is hitting inboxes worldwide, with users reporting that they are once again being bombarded by automated emails generated through companies' unsecured Zendesk support systems. Some recipients say they are receiving hundreds of messages with strange or alarming subject lines. such as 'Activate account...' | Spam | |
| 8.2.26 | Hackers compromise NGINX servers to redirect user traffic | A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's backend infrastructure. | Hack | |
| 8.2.26 | Critical n8n flaws disclosed along with public exploits | Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. | Exploit | |
| 8.2.26 | CISA: VMware ESXi flaw now exploited in ransomware attacks | CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was used in zero-day attacks since at least February 2024. | Exploit | |
| 8.2.26 | CISA warns of five-year-old GitLab flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. | Exploit | |
| 8.2.26 | The Double-Edged Sword of Non-Human Identities | Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. | Hack | |
| 8.2.26 | EDR killer tool uses signed kernel driver from forensic software | Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. | Hack | |
| 8.2.26 | New Amaranth Dragon cyberespionage group exploits WinRAR flaw | A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. | APT | |
| 8.2.26 | Microsoft rolls out native Sysmon monitoring in Windows 11 | Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. | OS | |
| 8.2.26 | Owner of Incognito dark web drugs market gets 30 years in prison | A Taiwanese man was sentenced to 30 years in prison for operating Incognito Market, one of the world's largest online narcotics marketplaces that sold over $105 million worth of illegal drugs to customers worldwide. | CyberCrime | |
| 8.2.26 | Coinbase confirms insider breach linked to leaked support tool screenshots | Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December. | Cryptocurrency | |
| 8.2.26 | Step Finance says compromised execs' devices led to $40M crypto theft | Step Finance announced that it lost $40 million worth of digital assets after hackers compromised devices belonging to the company's team of executives. | Cryptocurrency | |
| 8.2.26 | Wave of Citrix NetScaler scans use thousands of residential proxies | A coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure over the past week used tens of thousands of residential proxies to discover login panels. | Hack | BleepingComputer |
| 7.2.26 | German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists | Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information | BigBrothers | The Hacker News |
| 7.2.26 | CISA flags critical SolarWinds RCE flaw as exploited in attacks | CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. | Vulnerebility | |
| 7.2.26 | Iron Mountain: Data breach mostly limited to marketing materials | Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials. | Incindent | |
| 7.2.26 | AI Agent Identity Management: A New Security Control Plane for CISOs | Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. | AI | |
| 7.2.26 | UK privacy watchdog probes Grok over AI-generated sexual images | The United Kingdom's data protection authority launched a formal investigation into X and its Irish subsidiary over reports that the Grok AI assistant was used to generate nonconsensual sexual images. | AI | |
| 7.2.26 | Hackers exploit critical React Native Metro bug to breach dev systems | Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. | Vulnerebility | |
| 7.2.26 | French prosecutors raid X offices, summon Musk over Grok deepfakes | French prosecutors have raided X's offices in Paris on Tuesday as part of a criminal investigation into the platform's Grok AI tool, widely used to generate sexually explicit images. | AI | |
| 7.2.26 | New GlassWorm attack targets macOS via compromised OpenVSX extensions | A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. | Virus | |
| 7.2.26 | Russian hackers exploit recently patched Microsoft Office bug in attacks | Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. | Vulnerebility | |
| 7.2.26 | Malicious MoltBot skills used to push password-stealing malware | More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool's official registry and on GitHub. | AI | |
| 7.2.26 | Microsoft: January update shutdown bug affects more Windows PCs | Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. | OS | |
| 7.2.26 | CTM360 Report Warns of Global Surge in Fake High-Yield Investment Scams | Fake high-yield investment platforms are surging worldwide, promising "guaranteed" returns that mask classic Ponzi schemes.CTM360 explains how HYIP scams scale through social media, recycled templates, and referral abuse. | Spam | |
| 7.2.26 | Notepad++ update feature hijacked by Chinese state hackers for months | Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. | APT | |
| 7.2.26 | Panera Bread breach impacts 5.1 million accounts, not 14 million customers | The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported. | Incindent | |
| 7.2.26 | Microsoft fixes bug causing password sign-in option to disappear | Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates released since August 2025. | OS | |
| 7.2.26 | NationStates confirms data breach, shuts down game site | NationStates, a multiplayer browser-based game, has confirmed a data breach after taking its website offline earlier this week to investigate a security incident. | Incindent | |
| 7.2.26 | Exposed MongoDB instances still targeted in data extortion attacks | A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. | Hack | |
| 7.2.26 | New Apple privacy feature limits location tracking on iPhones, iPads | Apple is introducing a new privacy feature that lets users limit the precision of location data shared with cellular networks on some iPhone and iPad models. | OS | |
| 7.2.26 | U.S. convicts ex-Google engineer for sending AI tech data to China | A U.S. federal jury has convicted Linwei Ding, a former software engineer at Google, for stealing AI supercomputer data from his employer and secretly sharing it with Chinese tech firms. | AI | |
| 7.2.26 | Cloud storage payment scam floods inboxes with fake renewals | r the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. | Spam | |
| 7.2.26 | Mandiant details how ShinyHunters abuse SSO to steal cloud data | Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. | APT | |
| 7.2.26 | Researcher reveals evidence of private Instagram profiles leaking photos | A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. | Social | |
| 7.2.26 | Malicious use of virtual machine infrastructure | Bulletproof hosting providers are abusing the legitimate ISPsystem infrastructure to supply virtual machines to cybercriminals | Malware blog | SOPHOS |
| 7.2.26 | Inside a Multi-Stage Android Malware Campaign Leveraging RTO-Themed Social Engineering | In recent years, Android malware campaigns in India have increasingly abused the trust associated with government services and official digital platforms. By imitating well-known portals and leveraging social engineering through messaging applications, threat actors exploit user urgency and lack... | Malware blog | Seqrite |
| 7.2.26 | France’s Cybersecurity Roadmap: Talent, Deterrence, and European Digital Sovereignty | France’s 2026-2030 cybersecurity strategy prioritizes talent, aiming to build Europe’s largest cyber workforce and strengthen national resilience. | BigBrother blog | Cyble |
| 7.2.26 | Ransomware Attacks Have Surged 30% Since Q4 2025 | Ransomware groups have averaged nearly 700 victims a month in the last four months, and many attacks have posed supply chain risks. | Ransom blog | Cyble |
| 7.2.26 | The Week in Vulnerabilities: Open-Sources Fixes Urged by Cyble | Vulnerabilities affecting n8n, OpenSSL and GNU Inetutils are among the flaws being noticed by threat actors and security researchers alike. | Vulnerebility blog | Cyble |
| 7.2.26 | Desperate Perth Renters Targeted by Rising Australian Housing Scam | Cyble uncovers ShadowHS, a stealthy fileless Linux framework running entirely in memory for covert, adaptive post‑exploitation control. | Spam blog | Cyble |
| 7.2.26 | Black Basta: Defense Evasion Capability Embedded in Ransomware Payload | A recent Black Basta attack campaign was notable because the ransomware contained a bring-your-own-vulnerable-driver (BYOVD) defense evasion component embedded within the ransomware payload itself. | Ransom blog | SECURITY.COM |
|
7.2.26 |
Viral AI, Invisible Risks: What OpenClaw Reveals About Agentic Assistants | OpenClaw (aka Clawdbot or Moltbot) represents a new frontier in agentic AI: powerful, highly autonomous, and surprisingly easy to use. In this research, we examine how its capabilities compare to its predecessors’ and highlight the security risks inherent to the agentic AI paradigm. | AI blog | Trend Micro |
| 7.2.26 | Living Off Legit Tools: Stealthy Installation of Remote Monitoring Agents Using SmartScreen Bypass | Recently, the SonicWall Capture Labs threat research team has observed a new campaign delivering batch files leading to unwanted installation of remote connect software like ScreenConnect or Action1 Agent. Once installed, a service is created so, threat actors may get control of the infected system. | Vulnerebility blog | SonicWall |
| 7.2.26 | FlowiseAI Custom MCP Node Remote Code Execution | SonicWall Capture Labs threat research team became aware of the threat CVE-2025-59528, assessed its impact, and developed mitigation measures for this vulnerability. | AI blog | SonicWall |
| 7.2.26 | Novel Technique to Detect Cloud Threat Actor Operations | Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors. | Hacking blog | Palo Alto |
| 7.2.26 | Why Smart People Fall For Phishing Attacks | The cybersecurity landscape of 2026 is stronger than ever with countless security resources and protective tools. Despite robust defenses at anyone’s fingertips, common phishing scams and spoofing attacks remain an ongoing issue. Unfortunately, the reality is that these attacks aren’t disappearing; they’re simply evolving. | Phishing blog | Palo Alto |
| 7.2.26 | The Shadow Campaigns: Uncovering Global Espionage | This investigation unveils a new cyberespionage group that Unit 42 tracks as TGR-STA-1030. We refer to the group’s activity as the Shadow Campaigns. We assess with high confidence that TGR-STA-1030 is a state-aligned group that operates out of Asia. Over the past year, this group has compromised government and critical infrastructure organizations across 37 countries. | APT blog | Palo Alto |
| 7.2.26 | Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia | Check Point Research (CPR) has been tracking Amaranth-Dragon, a nexus of APT-41, previously aligned with Chinese interests. The group launched highly targeted cyber-espionage campaigns throughout 2025 against government and law enforcement agencies in Southeast Asia. | APT blog | CHECKPOINT |
|
7.2.26 |
All gas, no brakes: Time to come to AI church | This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities. | AI blog | CISCO TALOS |
| 7.2.26 | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework | Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants. | Hacking blog | CISCO TALOS |
| 7.2.26 | OfferUp scammers are out in force: Here’s what you should know | The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. | Spam blog | Eset |
| 7.2.26 | A slippery slope: Beware of Winter Olympics scams and other cyberthreats | It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these best practices. | Spam blog | Eset |
| 7.2.26 | Cybereason TTP Briefing Q4 2025: Diverse Phishing Tactics and RATs on the Rise | Explore the most effective trends, techniques, and procedures used by threat actors in Q4 2025, with frontline threat intelligence from our incident response experts. | Phishing blog | Cybereason |
| 7.2.26 | Fake Installer: Ultimately, ValleyRAT infection | In this Threat Analysis Report, Cybereason explores the fake installer, ValleyRAT | Malware blog | Cybereason |
| 7.2.26 | APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure | Russian state-sponsored threat group APT28 (aka Fancy Bear or UAC-0001) has launched a sophisticated espionage campaign targeting European military and government entities, specifically targeting maritime and transport organizations across Poland, Slovenia, Turkey, Greece, the UAE, and Ukraine. | APT blog | Trelix |
| 7.2.26 | The Crown Jewels of Active Directory: How Trellix Helix Detects NTDS.dit Theft | This blog from the Trellix Advanced Research Center examines a security incident where adversaries infiltrated a system, extracted the NTDS.dit database, and worked to remove it from the environment while circumventing standard security measures. | Hacking blog | Trelix |
| 6.2.26 | China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery | Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by | APT | The Hacker News |
| 6.2.26 | CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle | BigBrothers | The Hacker News |
| 6.2.26 | Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities | A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure | APT | The Hacker News |
| 6.2.26 | Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware | Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository | Virus | The Hacker News |
| 6.2.26 | Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries | Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously | AI | The Hacker News |
| 5.2.26 | 2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults | Welcome to the 24th edition of Cloudflare’s Quarterly DDoS Threat Report. In this report, Cloudforce One offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the fourth quarter of 2025, as well as share overall 2025 data. | BotNet | CLOUDFLARE |
| 5.2.26 | Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout | Get SafeBreach Labs’s latest update on the threat actor, including new details about their Telegram attack vector, a strike back attempt at SafeBreach researchers, the discovery of a new Tornado malware variant, and activity that indicates a definitive connection to the Iranian government. | APT | SAFEBREACH |
| 5.2.26 | AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack | The distributed denial-of-service ( DDoS ) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per | BotNet | The Hacker News |
| 5.2.26 | Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends | The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new | APT | The Hacker News |
| 5.2.26 | Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign | Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management | Virus | The Hacker News |
| 5.2.26 | Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows | A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the | Vulnerebility | The Hacker News |
| 5.2.26 | Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign | Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management | Virus | The Hacker News |
| 5.2.26 | Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models | Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve | Virus | The Hacker News |
| 5.2.26 | DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files | Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever | Virus | The Hacker News |
| 4.2.26 | China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns | Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies | APT | The Hacker News |
| 4.2.26 | Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers | Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross- | Virus | The Hacker News |
| 4.2.26 | Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions | The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio | Security | The Hacker News |
| 4.2.26 | CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to | Exploit | The Hacker News |
| 4.2.26 | Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata | Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon , an artificial intelligence (AI) assistant built into | AI | The Hacker News |
| 3.2.26 | Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package | Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" | Vulnerebility | The Hacker News |
| 3.2.26 | APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks | The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw | APT | The Hacker News |
| 3.2.26 | Researcher reveals evidence of private Instagram profiles leaking photos | A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. | Social | |
| 3.2.26 | Crypto wallets received a record $158 billion in illicit funds last year | Illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024. | Cryptocurrency | |
| 3.2.26 | Microsoft to disable NTLM by default in future Windows releases | Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks. | OS | |
| 3.2.26 | Operation Switch Off dismantles major pirate TV streaming services | The latest phase of the global law enforcement action resulted in seizing three industrial-scale illegal IPTV services. | Cyber | |
| 3.2.26 | Microsoft fixes Outlook bug blocking access to encrypted emails | Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a recent update. | OS | |
| 3.2.26 | Windows 11 KB5074105 update fixes boot, sign-in, and activation issues | Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. | OS | |
| 3.2.26 | Microsoft links Windows 11 boot failures to failed December 2025 update | Microsoft has linked recent reports of Windows 11 boot failures after installing the January 2026 updates to previously failed attempts to install the December 2025 security update, which left systems in an "improper state." | OS | |
| 3.2.26 | Hugging Face abused to spread thousands of Android malware variants | A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. | Virus | |
| 3.2.26 | Ivanti warns of two EPMM flaws exploited in zero-day attacks | Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. | Exploit | |
| 3.2.26 | Google disrupts IPIDEA residential proxy networks fueled by malware | IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners. | Virus | |
| 3.2.26 | Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match | Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. | Incindent | |
| 3.2.26 | Marquis blames ransomware breach on SonicWall cloud backup hack | Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. | Ransom | |
| 3.2.26 | Not a Kids Game: From Roblox Mod to Compromising Your Company | Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can turn a home PC infection into corporate compromise. | Incindent | |
| 3.2.26 | Aisuru botnet sets new record with 31.4 Tbps DDoS attack | The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack in December 2025, peaking at 31.4 Tbps and 200 million requests per second. | BotNet | |
| 3.2.26 | New Microsoft Teams feature will let you report suspicious calls | Microsoft plans to introduce a call reporting feature in Teams by mid-March, allowing users to flag suspicious or unwanted calls as potential scams or phishing attempts. | Social | |
| 3.2.26 | France fines unemployment agency €5 million over data breach | The French data protection authority fined the national employment agency €5 million (nearly €6 million) for failing to secure job seekers' data, which allowed hackers to steal the personal information of 43 million people. | Incindent | |
| 3.2.26 | Google rolls out Android theft protection feature updates | Google has introduced stronger Android authentication safeguards and enhanced recovery tools to make smartphones more challenging targets for thieves. | OS | |
| 3.2.26 | Initial access hackers switch to Tsundere Bot for ransomware attacks | A prolific initial access broker tracked as TA584 has been observed using the Tsundere Bot alongside XWorm remote access trojan to gain network access that could lead to ransomware attacks. | Ransom | |
| 3.2.26 | Cyberattack on Polish energy grid impacted around 30 facilities | The coordinated attack on Poland's power grid in late December targeted multiple distributed energy resource (DER) sites across the country, including combined heat and power (CHP) facilities and wind and solar dispatch systems. | BigBrothers | |
| 3.2.26 | eScan confirms update server breached to push malicious update | MicroWorld Technologies, the maker of the eScan antivirus product, has confirmed that one of its update servers was breached and used to distribute an unauthorized update later analyzed as malicious to a small subset of customers earlier this month. | Incindent | |
| 3.2.26 | Viral Moltbot AI assistant raises concerns over data security | Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation history, and credentials. | AI | |
| 3.2.26 | New sandbox escape flaw exposes n8n instances to RCE attacks | Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. | Vulnerebility | |
| 3.2.26 | FBI seizes RAMP cybercrime forum used by ransomware gangs | The FBI has seized the notorious RAMP cybercrime forum, a platform used to advertise a wide range of malware and hacking services, and one of the few remaining forums that openly allowed the promotion of ransomware operations. | Ransom | |
| 3.2.26 | Empire cybercrime market owner pleads guilty to drug conspiracy | A Virginia man who co-created Empire Market, one of the largest dark web marketplaces at the time, pleaded guilty to federal drug conspiracy charges for facilitating $430 million in illegal transactions from 2018 to 2020. | CyberCrime | |
| 3.2.26 | AI Is Rewriting Compliance Controls and CISOs Must Take Notice | AI agents are now executing regulated actions, reshaping how compliance controls actually work. Token Security explains why CISOs must rethink identity, access, and auditability as AI becomes a digital employee. | AI | |
| 3.2.26 | SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws | SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. | Vulnerebility | |
| 3.2.26 | Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation | A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized access to AI infrastructure. | AI | |
| 3.2.26 | Slovakian man pleads guilty to operating darknet marketplace | A Slovakian national admitted on Tuesday to helping operate a darknet marketplace that sold narcotics, cybercrime tools and services, fake government IDs, and stolen personal information for more than two years. | CyberCrime | |
| 3.2.26 | New WhatsApp lockdown feature protects high-risk users from hackers | Meta has started rolling out a new WhatsApp lockdown-style security feature designed to protect journalists, public figures, and other high-risk individuals from sophisticated threats, including spyware attacks. | Social | |
| 3.2.26 | Fortinet blocks exploited FortiCloud SSO zero day until patch is ready | Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. | Vulnerebility | |
| 3.2.26 | Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor | The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. | Virus | |
| 3.2.26 | WinRAR path traversal flaw still exploited by numerous hackers | Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. | Vulnerebility | |
| 3.2.26 | Nike investigates data breach after extortion gang leaks files | Nike is investigating what it described as a "potential cyber security incident" after the World Leaks ransomware gang leaked 1.4 TB of files allegedly stolen from the sportswear giant. | Incindent | |
| 3.2.26 | Critical sandbox escape flaw found in popular vm2 NodeJS library | A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system. | Vulnerebility | |
| 3.2.26 | US charges 31 more suspects linked to ATM malware attacks | A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. | Virus | |
| 3.2.26 | Over 6,000 SmarterMail servers exposed to automated hijacking attacks | Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. | Hack | |
| 3.2.26 | Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts | Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems. | Incindent | |
| 3.2.26 | New malware service guarantees phishing extensions on Chrome web store | A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. | Virus | |
| 3.2.26 | New ClickFix attacks abuse Windows App-V scripts to push malware | A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. | Virus | |
| 3.2.26 | Microsoft patches actively exploited Office zero-day vulnerability | Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. | Exploit | |
| 3.2.26 | Cloudflare misconfiguration behind recent BGP route leak | Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic. | Hack | |
| 3.2.26 | Nearly 800,000 Telnet servers exposed to remote attacks | Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. | Hack | |
| 3.2.26 | 6 Okta security settings you might have overlooked | Okta misconfigurations can quietly weaken identity security as SaaS environments evolve. Nudge Security shows six Okta security settings teams often overlook and how to fix them. | Security | |
| 3.2.26 | Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies | The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies. | Hack | |
| 3.2.26 | CISA says critical VMware RCE flaw now actively exploited | CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. | Exploit | |
| 3.2.26 | 1Password adds pop-up warnings for suspected phishing sites | The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. | Phishing | |
| 3.2.26 | Microsoft investigates Windows 11 boot failures after January updates | Microsoft is investigating reports that some Windows 11 devices are failing to boot with "UNMOUNTABLE_BOOT_VOLUME" errors after installing the January 2026 Patch Tuesday security updates. | OS | |
| 3.2.26 | Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox | Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial | AI | The Hacker News |
| 3.2.26 | Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group | A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the | APT | The Hacker News |
| 3.2.26 | Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users | A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, | Virus | The Hacker News |
| 3.2.26 | OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link | A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution | Vulnerebility | The Hacker News |
| 3.2.26 | Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos | Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows | Safety | The Hacker News |
| 3.2.26 | Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users | The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious | Hack | The Hacker News |
| 2.2.26 | eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware | The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been | Virus | The Hacker News |
| 2.2.26 | Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm | Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors | Virus | The Hacker News |
| 1.2.26 | Eeny, meeny, miny, moe? How ransomware operators choose victims | Most ransomware attacks are opportunistic, not targeted at a specific sector or region | Ransom blog | SOPHOS |
| 1.2.26 | Generative AI and cybersecurity: What Sophos experts expect in 2026 | AI has dominated cybersecurity headlines for years, but as we enter 2026, the conversation is shifting from hype to hard realities. Across incident response, threat intelligence, and security operations, Sophos experts see clearer signals of where AI is truly making an impact. For IT teams already stretched thin, this isn’t theoretical — it’s reshaping daily decisions. | AI blog | SOPHOS |
| 1.2.26 | Beyond MFA: Building true resilience against identity-based attacks | As identity-driven attacks continue to rise, organizations must go beyond MFA to build resilience. Sophos experts and recent Gartner research agree: It’s time for an identity-first security strategy backed by continuous detection and response. For many organizations, keeping pace with identity threats feels overwhelming, especially as hybrid environments expand. But there’s a clear path forward. | Hacking blog | SOPHOS |
| 1.2.26 | Microsoft Office vulnerability (CVE-2026-21509) in active exploitation | On January 26, 2026, Microsoft released an out-of-band update to address a high-severity (CVSS score of 7.8) vulnerability affecting multiple Microsoft Office products. This vulnerability, tracked as CVE-2026-21509, is being actively exploited in the wild and has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog. | Vulnerebility blog | SOPHOS |
| 1.2.26 | This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. | Cyber blog | GTI | |
| 1.2.26 | Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point | Fortinet’s January patch for CVE-2025-59718 didn’t hold. On January 21, FortiGate admins began reporting that patched systems were still being exploited. Two days later, Fortinet confirmed the patch had failed to fully remediate the vulnerability. As reported by BleepingComputer, Fortinet is now recommending that admins restrict administrative access and disable FortiCloud SSO while they work on a follow-up fix. | Vulnerebility blog | Eclypsium |
| 1.2.26 | ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell | Cyble uncovers ShadowHS, a stealthy fileless Linux framework running entirely in memory for covert, adaptive post‑exploitation control. | Malware blog | Cyble |
| 1.2.26 | The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes | Oracle, OpenStack, SAP, Salesforce and ServiceNow are among the high-profile enterprise products with vulnerabilities in need of attention by security teams. | Vulnerebility blog | Cyble |
| 1.2.26 | Special Alert: SLSH Malicious "Supergroup" Targeting 100+ Organizations via Live Phishing Panels | A massive identity-theft campaign is currently active, targeting Okta Single Sign-On (SSO) and other SSO platform accounts across 100+ high-value enterprises. | Phishing blog | Silent Push |
| 1.2.26 | PureRAT: Attacker Now Using AI to Build Toolset | Vietnam-based cybercrime actor appears to now be using AI to write scripts used in phishing campaigns | Malware blog | SECURITY.COM |
| 1.2.26 | Chrome Extensions: Are you getting more than you bargained for? | Browser extensions can be really useful, but hidden dangers may lurk beyond their marketing. | Hacking blog | SECURITY.COM |
| 1.2.26 | PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups | PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities. | Exploit blog | Trend Micro |
| 1.2.26 | Embracing Choice in Cybersecurity: TrendAI Vision One™ and SentinelOne Integration | Discover how the TrendAI Vision One and SentinelOne integration exemplifies our commitment to endpoint flexibility. | Cyber blog | Trend Micro |
| 1.2.26 | Pwn2Own: Researchers Earn $1 Million for 76 Zero-Days | Discover how TrendAI Zero Day Initiative (ZDI) identified critical vulnerabilities across connected vehicles, EV chargers, and automotive systems. | Cyber blog | Trend Micro |
| 1.2.26 | "Ni8mare" - RCE Vulnerability in N8n AI Workflow Automation (CVE-2026-21858) | The SonicWall Capture Labs threat research team became aware of a Critical unauthenticated file read vulnerability in n8n – a flexible AI workflow automation platform, assessed their impact, and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 1.2.26 | njRAT: A Persistent Commodity Threat in the Modern Landscape | The SonicWall Capture Labs threat research team continues to monitor the activity of the infamous njRAT (also known as Bladabindi), a prolific Remote Access Trojan (RAT) that remains a staple in the toolkit of various threat actors. | Malware blog | SonicWall |
| 1.2.26 | Multiple vulnerabilities in SolarWinds Web Help Desk Leading to RCE: CVE-2025-40551 | The SonicWall Capture Labs threat research team became aware of a critical vulnerability chain in SolarWinds Web Help Desk (WHD), assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 1.2.26 | Understanding the Russian Cyber Threat to the 2026 Winter Olympics | The 2026 Winter Games in Milano Cortina extend beyond sport. Tensions between the Russian Federation and the International Olympic Committee (IOC), stemming from disputes over compliance and governance, lie within a broader geopolitical context. | Cyber blog | Palo Alto |
| 1.2.26 | Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense | At certain moments in a career, you get the rare opportunity to look back and say, this work mattered. Not because of an individual accomplishment, but because it contributed to something larger — something that changed how an industry thinks and operates. The Cyber Threat Alliance (CTA) is one of those efforts. | Cyber blog | Palo Alto |
| 1.2.26 | The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time | Imagine visiting a webpage that looks perfectly safe. It has no malicious code, no suspicious links. Yet, within seconds, it transforms into a personalized phishing page. | AI blog | Palo Alto |
| 1.2.26 | Privileged File System Vulnerability Present in a SCADA System | This report details a vulnerability we found in the Iconics Suite, tracked as CVE-2025-0921 with a Medium CVSS score of 6.5. Iconics Suite is the name of a supervisory control and data acquisition (SCADA) system. This system is used for controlling and monitoring industrial processes in different industries including automotive, energy and manufacturing. | ICS blog | Palo Alto |
| 1.2.26 | Cyber Security Report 2026 | Check Point Research continuously investigates real-world attacks, vulnerabilities, attackers’ infrastructure, and emerging techniques across global networks and environments. The Cyber Security Report 2026 consolidates our research efforts throughout 2025 to deliver a clear, data-driven view of the current threat landscape and its trajectory in 2026. | Cyber blog | |
| 1.2.26 | KONNI Adopts AI to Generate PowerShell Backdoors | Check Point Research (CPR) identified an ongoing phishing campaign that we associate with KONNI, a North Korean–linked threat actor active since at least 2014. KONNI is best known for targeting organizations and individuals in South Korea, with a focus on diplomatic channels, international relations, NGOs, academia, and government. | Malware blog | |
| 1.2.26 | IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations | A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever. | Cyber blog | CISCO TALOS |
| 1.2.26 | I'm locked in! | Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats. | Cyber blog | CISCO TALOS |
| 1.2.26 | Dissecting UAT-8099: New persistence mechanisms and regional focus | Cisco Talos has identified a new, regionally targeted campaign by UAT-8099 that leverages advanced persistence techniques and custom BadIIS malware variants to compromise IIS servers, particularly in Thailand and Vietnam. | APT blog | CISCO TALOS |
| 1.2.26 | Foxit, Epic Games Store, MedDreams vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, al | Vulnerebility blog | CISCO TALOS |
| 1.2.26 | Microsoft releases update to address zero-day vulnerability in Microsoft Office | Microsoft has published three out-of-band (OOB) updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild. | Vulnerebility blog | CISCO TALOS |
| 1.2.26 | I scan, you scan, we all scan for... knowledge? | In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue. | Cyber blog | CISCO TALOS |
| 1.2.26 | Predicting 2026 | In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities. | Cyber blog | CISCO TALOS |
| 1.2.26 | This month in security with Tony Anscombe – January 2026 edition | The trends that emerged in January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year | Cyber blog | Eset |
| 1.2.26 | DynoWiper update: Technical analysis and attribution | ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector | Malware blog | Eset |
| 1.2.26 | Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan | ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation | Malware blog | Eset |
| 1.2.26 | Drowning in spam or scam emails? Here’s probably why | Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide. | Spam blog | Eset |
| 1.2.26 | ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 | Malware blog | Eset | |
| 1.2.26 | Children and chatbots: What parents should know | As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development | AI blog | Eset |
| 1.2.26 | Identity & Beyond: 2026 Incident Response Predictions | DFIR expert Jamie Mamroe shares 2026 Incident Response Predictions around Identity and Cloud attacks | Incident blog | Cybereason |
| 1.2.26 | Bypassing Windows Administrator Protection | A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. | Vulnerebility blog | Project Zero |
| 1.2.26 | From Digital Innovation to Patient Harm: Why Healthcare Cybersecurity Is Now a C-Suite Imperative | Healthcare is in the midst of a digital revolution, but without cybersecurity at the center of this transformation, innovation becomes a liability. | Cyber blog | Trelix |