We don't need self-replicating AI models to have problems, just self-replicating prompts. On November 2, 1988, graduate student Robert Morris released a self-replicating progr
Published: 2026-02-03T12:00:01
Suspected China-state hackers used update infrastructure to deliver backdoored version. Infrastructure delivering updates for Notepad++ a widely used text editor for Windows w
Published: 2026-02-02T20:30:56
Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn's ordeal began. Two security professionals who were arrested in 2019 after performing an authorized se
Published: 2026-01-29T18:30:52
The web's best guide to spotting AI writing has become a manual for hiding it. On Saturday, tech entrepreneur Siqi Chen released an open source plugin for Anthropic's Claude C
Published: 2026-01-21T12:15:23
Don't relax: This is a 'when, not if' scenario AI agents and other systems can't yet conduct cyberattacks fully on their own but they can help criminals in many stages of the attack chain, according to the International AI Safety report.
Published: 2026-02-03T23:57:55
Your own personal Jarvis. A bot to hear your prayers. A bot that cares. Just not about keeping you safe OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online
Published: 2026-02-03T10:14:14
Microsoft concedes January's out-of-band fix didn't stop some PCs from rebooting instead of sleeping Microsoft rounded off January by adding more devices to the list of those affected by the hibernation issue it claimed had been fixed by an out-of-ba
Published: 2026-02-02T14:58:39
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remo
Published: 2026-02-02T14:10:10
Administrators sigh: OOBs, they did it again Opinion Microsoft has had a bad start to the year. Two out-of-band updates in the weeks after the first Patch Tuesday of 2026 rattled administrators' already shaky faith in the company. But are things get
Published: 2026-02-02T09:30:09
BellSoft survey finds 48% prefer pre hardened images over managing vulnerabilities themselves Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened container
Published: 2026-01-30T00:12:02
OpenClaw, the AI agent that has exploded in popularity over the past week, is raising new security concerns after researchers uncovered malware in hundreds of user-submitted "skill" add-ons on its marketplace. In a post on Monday, 1Password product VP Jason Meller says OpenClaw's skill hub has become "an attack surface," with the most-downloaded add-on serving […] 
OpenClaw, the AI agent that has exploded in popularity over the past week, is raising new security concerns after researchers uncovered malware in hundreds of user-submitted "skill" add-ons on its marketplace. In a post on Monday, 1Password product...
Published: 2026-02-04T14:03:38
Microsoft has a new head of security. Hayete Gallot, who left Microsoft in October 2024 to become the president of Google Cloud's customer experience, is returning to the software giant as the executive vice president of security, reporting directly to CEO Satya Nadella. The move means Charlie Bell, formerly Microsoft's security chief, is taking on […] 
Microsoft has a new head of security. Hayete Gallot, who left Microsoft in October 2024 to become the president of Google Cloud's customer experience, is returning to the software giant as the executive vice president of security, reporting directl...
Published: 2026-02-04T12:27:30
Users of the text and code editor Notepad++ may have unknowingly downloaded a malicious update for the app after its shared hosting servers were hijacked last year. On Monday, the app's developer, Don Ho, posted an update on the attack with more details, including that the hackers were "likely a Chinese state-sponsored group" and that […] 
Users of the text and code editor Notepad++ may have unknowingly downloaded a malicious update for the app after its shared hosting servers were hijacked last year. On Monday, the app's developer, Don Ho, posted an update on the attack with more de...
Published: 2026-02-02T15:43:27
An open-source AI agent called OpenClaw (formerly known as both Clawdbot and Moltbot) that runs on your own computer and “actually does things” is taking off inside tech circles. Users interact with OpenClaw via messaging apps like WhatsApp, Telegram, Signal, Discord, and iMessage, giving it the keys to operate independently, managing reminders, writing emails, or […] 
An open-source AI agent called OpenClaw (formerly known as both Clawdbot and Moltbot) that runs on your own computer and “actually does things” is taking off inside tech circles. Users interact with OpenClaw via messaging apps like What...
Published: 2026-02-02T10:47:39
WhatsApp is launching new "Strict Account Settings" that add even more protections against cyberattacks. The feature is built for people at a high-risk of attacks - such as journalists or public figures - and automatically blocks attachments and media from senders you don't know, while silencing calls from unknown contacts. The new setting limits other […] 
WhatsApp is launching new "Strict Account Settings" that add even more protections against cyberattacks. The feature is built for people at a high-risk of attacks - such as journalists or public figures - and automatically blocks attachments and me...
Published: 2026-01-27T13:01:07
Some Gmail users may have noticed that promotional emails that normally go to their own siloed tab have started flooding their inbox. Reports hit the Google forums and Reddit that messages are bypassing the Updates and Promotional filters and went straight to Gmail inboxes. Some also reported seeing a banner at the top of some […] 
Some Gmail users may have noticed that promotional emails that normally go to their own siloed tab have started flooding their inbox. Reports hit the Google forums and Reddit that messages are bypassing the Updates and Promotional filters and went ...
Published: 2026-01-24T12:54:10
Ring has launched a new Ring Verify tool that the company says can "verify that Ring videos you receive haven't been edited or changed." But since Ring won't verify videos that have been altered in any way, it probably won't be able to verify those v
Published: 2026-01-22T19:57:41
A successful phishing attack can cost a business an average of $4.8 million, according to research from IBM. To help reduce the risk of one succeeding, either at work or at home, 1Password is introducing a new phishing prevention feature that will watch for telltale signs of an attack, such as a website URL that's […] 
A successful phishing attack can cost a business an average of $4.8 million, according to research from IBM. To help reduce the risk of one succeeding, either at work or at home, 1Password is introducing a new phishing prevention feature that will ...
Published: 2026-01-22T09:00:00
CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks. [...]
Published: 2026-02-04T12:38:46
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. [...]
Published: 2026-02-04T10:42:31
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. [...]
Published: 2026-02-04T09:00:00
Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in December. [...]
Published: 2026-02-03T21:04:23
Step Finance announced that it lost $40 million worth of digital assets after hackers compromised devices belonging to the company's team of executives. [...]
Published: 2026-02-03T16:33:23
CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. [...]
Published: 2026-02-03T14:37:00
Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials. [...]
Published: 2026-02-03T11:49:09
Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority. [...]
Published: 2026-02-03T10:01:11
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. [...]
Published: 2026-02-03T09:00:00
Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHu
Published: 2026-01-30T14:00:00
Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phish
Published: 2026-01-30T14:00:00
Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse
Published: 2026-01-27T14:00:00
A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic.... 
Published: 2026-01-20T18:19:13
US agencies told to patch by Friday Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That's according to America's lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.
Published: 2026-02-04T18:15:16
Gang walks away with nothing, victims are left with irreparable hypervisors Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There's no way to get your data back from them!
Published: 2026-02-04T13:50:49
Affected police officers squeezed mental health services, relocated over safety fears Police Service of Northern Ireland (PSNI) employees who had their details exposed in a significant 2023 data breach will each receive 7,500 ($10,279) as part of a universal offer of compensation.
Published: 2026-02-04T11:41:59
As analyst house Gartner declares AI tool comes with unacceptable cybersecurity risk and urges admins to snuff it out If you re brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.
Published: 2026-02-04T05:28:12
Don't relax: This is a 'when, not if' scenario AI agents and other systems can't yet conduct cyberattacks fully on their own but they can help criminals in many stages of the attack chain, according to the International AI Safety report.
Published: 2026-02-03T23:57:55
Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven't received the "broad public acknowledgement" that they should, according to security researchers.
Published: 2026-02-03T19:01:03
GreyNoise's Glenn Thorpe counts the cost of missed opportunities On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem.
Published: 2026-02-03T17:17:16
Algorithmic bias probe continues, CEO and former boss summoned to defend the platform's corner French police raided Elon Musk's X offices in Paris this morning as part of a criminal investigation into alleged algorithmic manipulation by foreign powers.
Published: 2026-02-03T13:09:08
Azure Storage now requires version 1.2 or newer for encrypted connections Today is the day Azure Storage stops supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 is the new minimum.
Published: 2026-02-03T12:59:03
DDoSer of 'strategically important' websites admitted to most charges Polish authorities have cuffed a 20-year-old man on suspicion of carrying out DDoS attacks.
Published: 2026-02-03T12:34:17
Your own personal Jarvis. A bot to hear your prayers. A bot that cares. Just not about keeping you safe OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online services, has prompted a wave of malware and is delivering some shocking bills.
Published: 2026-02-03T10:14:14
Armed Forces Bill would let troops take action against unmanned threats around defense sites Britain's defense personnel will be given the authority to neutralize drones threatening military bases under measures being introduced in the Armed Forces Bill, currently making its way through Parliament.
Published: 2026-02-03T09:30:12
The group targets telecoms, critical infrastructure - all the usual high-value orgs Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure to gain a foothold in high-value targets by delivering a newly identified backdoor dubbed Chrysalis.
Published: 2026-02-02T23:23:18
The ICE-tracking service says it doesn't store usernames or addresses ICE-reporting service StopICE has blamed a US Customs and Border Protection (CBP) agent for attacking its app and website and sending users text messages warning them that their information had been "sent to the authorities."
Published: 2026-02-02T19:16:41
Ukraine's CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU.
Published: 2026-02-02T18:18:22
Your favorite menu item might be easy to remember but it will not secure your account Change Your Password Day took place over the weekend, and in case you doubt the need to improve this most basic element of cybersecurity hygiene, even McDonald's yes, the fast food chain is urging people to get more creative when it comes to passwords.
Published: 2026-02-02T17:05:53
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.
Published: 2026-02-02T14:10:10
Breach lingered for months before stronger signature checks shut the door A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author.
Published: 2026-02-02T13:19:27
Don't be scared of the digital dark learn how to keep the lights on Opinion Barely a month into 2026, electrical power infrastructure on two continents has tested positive for cyberattacks. One fell flat as attempts to infiltrate and disrupt the Polish distribution grid were rebuffed and reported. The other, earlier attack was part of Operation Absolute Resolve, the US abduction of Venezuela's President Maduro from Caracas on January 3.
Published: 2026-02-02T10:15:14
Your cloud security must stand alone Partner Content As cloud adoption accelerates, many organizations are increasingly relying on the native security features offered by cloud service providers (CSPs). The ability to manage web application firewalls (WAF), data encryption, and key management (KMS) within a single provider ecosystem appears efficient and convenient. However, when security and reliability are viewed through the lens of enterprise risk management, this convenience may come at a significant cost.
Published: 2026-02-02T08:00:54
Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and more Infosec in Brief As if AI weren't enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers.
Published: 2026-02-01T23:40:10
'I did not think it was going to happen to me, but here we are' Nearly every company, from tech giants like Amazon to small startups, has first-hand experience with fake IT workers applying for jobs - and sometimes even being hired.
Published: 2026-02-01T14:14:07
Consider yourselves compromised, experts warn Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors.
Published: 2026-01-30T22:01:28
Parent company Cognizant hit with multiple lawsuits Thousands more Oregonians will soon receive data breach letters in the continued fallout from the TriZetto data breach, in which someone hacked the insurance verification provider and gained access to its healthcare provider customers across multiple US states.
Published: 2026-01-30T18:32:45
BellSoft survey finds 48% prefer pre hardened images over managing vulnerabilities themselves Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.
Published: 2026-01-30T00:12:02
The call is coming from inside the house opinion Maybe everything is all about timing, like the time (this week) America's lead cyber-defense agency sounded the alarm on insider threats after it came to light that its senior official uploaded sensitive documents to ChatGPT.
Published: 2026-01-29T23:19:21
The Chocolate Factory strikes again, targeting the infrastructure attackers use to stay anonymous Crims love to make it look like their traffic is actually coming from legit homes and businesses, and they do so by using residential proxy networks. Now, Google says it has "significantly degraded" what it believes is one of the world's largest residential proxy networks.
Published: 2026-01-29T17:00:00
eScan lawyers up after Morphisec claimed 'critical supply-chain compromise' A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.
Published: 2026-01-29T16:58:43
The right habits change everything Sponsored Post Security teams are under pressure from every direction: supply chain threats are rising, regulatory expectations are tightening, and development cycles aren't getting any slower. Yet for many organizations, the practical work of improving software security still comes down to the same challenge how do you reduce exposure without constantly battling developers, delaying releases, or piling on process? That's where a more consistent set of habits can make a measurable difference. Rather than treating software supply chain security as a one-off initiative, many teams are shifting toward repeatable practices they can build into everyday workflows. The goal isn't perfection; it's improving baseline security in ways that actually stick, across teams and tool chains. Chainguard is hosting an upcoming webinar-style event designed to help security and engineering leaders identify the habits that matter most. The session explores seven practical approaches for building more secure software pipelines, with a focus on reducing risk while keeping delivery moving.
Published: 2026-01-29T16:01:01
Extortion crew says it's found love in someone else's info as Match Group plays down the impact ShinyHunters has added a fresh notch to its breach belt, claiming it has pinched more than 10 million records from Match Group, a US firm that owns some of the world's most widely used swipe-based dating platforms.
Published: 2026-01-29T15:05:52
Apply fixes within a few hours or face the music, say the pros What good is a fix if you don't use it? Experts are urging security teams to patch promptly as vulnerability exploits now account for the majority of intrusions, according to the latest figures.
Published: 2026-01-29T13:53:25
Close call after an apparently deliberate attempt to starve a country of energy at the worst time Cybersecurity experts involved in the cleanup of the cyberattacks on Poland's power network say the consequences could have been lethal.
Published: 2026-01-29T12:10:12
Cybercrime solved. The end Ransomware crims have just lost one of their best business platforms. US law enforcement has seized the notorious RAMP cybercrime forum's dark web and clearnet domains.
Published: 2026-01-28T21:26:40
Russians, Chinese spies, run-of-the-mill crims Come one, come all. Everyone from Russian and Chinese government goons to financially motivated miscreants is exploiting a long-since-patched WinRAR vuln to bring you infostealers and Remote Access Trojans (RATs).
Published: 2026-01-28T18:59:38
More work for admins on the cards as they await a full dump of fixes Things aren't over yet for Fortinet customers the security shop has disclosed yet another critical FortiCloud SSO vulnerability.
Published: 2026-01-28T16:30:10
Google researcher sits on UAC bypass for ages, only for it to become valid with new security feature Microsoft patched a bevy of bugs that allowed bypasses of Windows Administrator Protection before the feature was made available earlier this month.
Published: 2026-01-28T13:16:10
Meta also replaces a legacy C++ media-handling security library with Rust Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option.
Published: 2026-01-27T22:15:12
Plus, the gang says it got in via Microsoft Entra SSO ShinyHunters says it stole several slices of data from Panera Bread, but that's just the yeast of everyone's problems. The extortionist gang also claims to have stolen data from CarMax and Edmunds, in addition to three other organizations it posted to its blog last week.
Published: 2026-01-27T19:49:45
Reports say Salt Typhoon attackers accessed handsets of senior govt folk Chinese state-linked hackers are accused of spending years inside the phones of senior Downing Street officials, exposing private communications at the heart of the UK government.
Published: 2026-01-27T15:50:58
French govt says state-run service 'Visio' will be more secure. Now where have we heard that name before? France has officially told Zoom, Teams, and the rest of the US videoconferencing herd to take a hike in favor of its own homegrown app.
Published: 2026-01-27T13:11:21
Austrian education ministry unaware of tracking software until campaigners launched case Updated Microsoft illegally installed cookies on a school pupil's devices without consent, according to a ruling by the Austrian data protection authority (DSB).
Published: 2026-01-27T12:21:05
Victim and Big Brother Watch will argue the Met's policies are incompatible with human rights law The High Court will hear from privacy campaigners this week who want to reshape the way the Metropolitan Police is allowed to use live facial recognition (LFR) tech.
Published: 2026-01-27T11:24:02
Another actively abused Office bug, another emergency patch Office 2016 and 2019 users are left with registry tweaks instead of fixes. Updated Microsoft has issued an emergency Office patch after confirming a zero-day flaw is already being used in real world attacks.
Published: 2026-01-27T10:35:07
Atlassian, RingCentral, ZoomInfo also among tech targets ShinyHunters has targeted around 100 organizations in its latest Okta single sign-on (SSO) credential stealing campaign, according to researchers and the criminal group itself.
Published: 2026-01-26T22:33:51
Probe follows outcry over use of creepy image generation tool The European Commission has launched an investigation into X amid concerns that its GenAI model Grok offered users the ability to generate sexually explicit imagery, including sexualized images of children.
Published: 2026-01-26T13:17:54
US sports brand launches probe after extortion crew WorldLeaks claims it stole huge dataset Nike says it is probing a possible breach after extortion crew WorldLeaks claimed to have lifted 1.4TB of internal data from the sportswear giant and posted samples on its leak site.
Published: 2026-01-26T12:24:37
Cyber sleuths believe Sandworm up to its old tricks with a brand-new sabotage toy Russia was probably behind the failed attempts to compromise the systems of Poland's power companies in December, cybersecurity researchers claim.
Published: 2026-01-26T11:54:44
Big Red says 'sovereign' platform supports decision-making and operational learning at sea Britain's Royal Navy is using Oracle Cloud edge infrastructure to operate AI-driven defenses on the aircraft carrier HMS Prince of Wales.
Published: 2026-01-26T10:15:10
Minister dodges cost questions while promising smartphone-free access and 'robust' verification The UK government has revealed some thinking about digital identity in response to written questions from MPs, while continuing to say next to nothing about the scheme's cost.
Published: 2026-01-26T09:30:10
Also, cybercriminals get breached, Gemini spills the calendar beans, and more infosec in brief T'was a dark few days for automotive software systems last week, as the third annual Pwn2Own Automotive competition uncovered 76 unique zero-day vulnerabilities in targets ranging from Tesla infotainment to EV chargers.
Published: 2026-01-25T23:40:09
Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows.
Published: 2026-02-04T19:52:59
Two agents involved in the shooting deaths of US citizens in Minneapolis are reportedly part of highly militarized DHS units whose extreme tactics are generally reserved for war zones.
Published: 2026-02-03T19:52:29
A new report from the Public Service Alliance finds state privacy laws offer public servants few ways to protect their private data, even as threats against them are on the rise.
Published: 2026-02-03T11:00:00
The influx of security personnel from around the world is sparking concern among Italians ahead of the Milano Cortina Olympic Games.
Published: 2026-02-02T11:00:00
Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more.
Published: 2026-01-31T11:30:00
Filming federal agents in public is legal, but avoiding a dangerous even deadly confrontation isn’t guaranteed. Here’s how to record ICE and CBP agents as safely as possible and have an impact.
Published: 2026-01-31T10:30:00
WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere.
Published: 2026-01-29T18:04:13
AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had with the company’s stuffed animals.
Published: 2026-01-29T17:00:00
ICE has been using an AI-powered Palantir system to summarize tips sent to its tip line since last spring, according to a newly released Homeland Security document.
Published: 2026-01-28T21:40:18
Immigration agents have used Mobile Fortify to scan the faces of countless people in the US including many citizens.
Published: 2026-01-28T20:17:15
A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes and then escape. This is his story.
Published: 2026-01-27T11:00:00
A whistleblower trapped inside a “pig butchering” scam compound gave WIRED a vast trove of its internal materials including 4,200 pages of messages that lay out its operations in unprecedented detail.
Published: 2026-01-27T11:00:00
A federal judge ordered a new briefing due Wednesday on whether DHS is using armed raids to pressure Minnesota into abandoning its sanctuary policies, leaving ICE operations in place for now.
Published: 2026-01-26T22:39:30
Sexual deepfakes continue to get more sophisticated, capable, easy to access, and perilous for millions of women who are abused with the technology.
Published: 2026-01-26T11:30:00
Within minutes of the shooting, the Trump administration and right-wing influencers began disparaging the man shot by a federal immigration officer on Saturday in Minneapolis.
Published: 2026-01-25T00:37:56
A new federal filing from ICE demonstrates how commercial tools are increasingly being considered by the government for law enforcement and surveillance.
Published: 2026-01-24T22:14:57
Plus: The FAA blocks drones over DHS operations, Microsoft admits it hands over Bitlocker encryption keys to the cops, and more.
Published: 2026-01-24T11:30:00
The ruling in federal court in Minnesota lands as Immigration and Customs Enforcement faces scrutiny over an internal memo claiming judge-signed warrants aren’t needed to enter homes without consent.
Published: 2026-01-23T22:24:07
US Customs and Border Protection is paying General Dynamics to create prototype “quantum sensors,” to be used with an AI database to detect fentanyl and other narcotics.
Published: 2026-01-23T17:08:30
Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while maintaining a low false positive
Published: 2026-02-04T23:22:00
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. "The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory
Published: 2026-02-04T22:54:00
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,
Published: 2026-02-04T19:39:00
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication
Published: 2026-02-04T17:28:00
Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The
Published: 2026-02-04T15:30:00
Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since
Published: 2026-02-04T13:12:00
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry.
Published: 2026-02-04T11:56:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote
Published: 2026-02-04T11:20:00
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by
Published: 2026-02-03T22:11:00
Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their weight. The result? Bloated stacks, missed signals, and mounting pressure to do more with less. This
Published: 2026-02-03T19:44:00
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary
Published: 2026-02-03T19:30:00
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted applications and workflows that many organizations rely on every day. For consumers, these outages are
Published: 2026-02-03T16:30:00
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania, three
Published: 2026-02-03T14:42:00
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said. "You can also review and manage individual AI features if you choose to use them. This
Published: 2026-02-03T11:09:00
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortly
Published: 2026-02-03T10:25:00
A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It's an extension to the OpenClaw project, a self-hosted artificial intelligence (AI) assistant
Published: 2026-02-02T23:19:00
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to
Published: 2026-02-02T21:58:00
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options. The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad
Published: 2026-02-02T21:29:00
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt and how fast attackers try to stay ahead. This week’s recap brings you the
Published: 2026-02-02T17:29:00
For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done. The challenge is that many security tools add complexity and cost that most mid-market businesses
Published: 2026-02-02T17:15:00
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org," developer Don Ho said. "The compromise occurred at the hosting
Published: 2026-02-02T14:25:00
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. "Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise
Published: 2026-02-02T11:17:00
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm
Published: 2026-02-02T10:34:00
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It's said to coincide with the nationwide unrest in Iran that began towards the end of 2025,
Published: 2026-01-31T17:32:00
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim
Published: 2026-01-31T13:28:00
CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country. The incident took place on December 29, 2025. The agency has attributed the attacks to
Published: 2026-01-31T12:35:00
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome
Published: 2026-01-30T19:12:00
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently
Published: 2026-01-30T17:38:00
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly
Published: 2026-01-30T17:00:00
A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday. Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containing
Published: 2026-01-30T13:05:00
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0. "SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API
Published: 2026-01-30T12:39:00
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog. The critical-severity vulnerabilities are listed below - CVE-2026-1281 (CVSS score:
Published: 2026-01-30T10:13:00
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These systems, which span both cloud and residential networks across the world, operate outside the
Published: 2026-01-30T00:07:00
This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being worked on. Trusted platforms turning into weak spots. What looks routine on
Published: 2026-01-29T18:31:00
A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats. The findings are based on
Published: 2026-01-29T17:25:00
Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That’s why for CISOs, it’s key to prioritize decisions that reduce dwell time and protect their company from risk. Three strategic steps you can take this year for better results: 1. Focus on today's
Published: 2026-01-29T16:00:00
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows - CVE-2025-40536 (CVSS score: 8.1) - A security control bypass vulnerability that could allow an unauthenticated
Published: 2026-01-29T14:30:00
Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffic through them. As of writing, IPIDEA's website ("www.ipidea.io") is no longer accessible. It
Published: 2026-01-29T12:46:00
Cybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts. The extension, named "ClawdBot Agent - AI Coding Assistant" ("clawdbot.clawdbot-agent")
Published: 2026-01-28T23:16:00
The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology (OT) cybersecurity company Dragos, in a new intelligence brief published Tuesday, described the late December 2025 activity as the first major cyber attack targeting distributed energy
Published: 2026-01-28T21:36:00
Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below - CVE-2026-1470 (CVSS score: 9.9) - An eval injection vulnerability that could allow an authenticated user to bypass the Expression
Published: 2026-01-28T18:13:00
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the "Autonomous SOC" and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We have instead seen the emergence of a practical reality.
Published: 2026-01-28T17:25:00
A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system. "In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch
Published: 2026-01-28T17:20:00
Threat actors with ties to China have been observed using an updated version of a backdoor called COOLCLIENT in cyber espionage attacks in 2025 to facilitate comprehensive data theft from infected endpoints. The activity has been attributed to Mustang Panda (aka Earth Preta, Fireant, HoneyMyte, Polaris, and Twill Typhoon) with the intrusions primarily directed against government entities located
Published: 2026-01-28T17:10:00
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of the most persistent and underestimated risks to organizational security remains far more ordinary. Near-identical password reuse continues to slip past security controls, often
Published: 2026-01-28T16:00:00
Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated
Published: 2026-01-28T15:16:00
Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy, are no longer available on PyPI, but not before they were collectively downloaded a little over 1,000 times. "Hidden inside the Basque
Published: 2026-01-28T15:00:00
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it's
Published: 2026-01-28T10:19:00
Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for
Published: 2026-01-27T22:24:00
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT)
Published: 2026-01-27T22:15:00
A Taiwanese man was sentenced to 30 years for running Incognito Market, a major darknet drug site that sold over $105 million in illegal drugs. Rui-Siang Lin (24) was sentenced to 30 years in prison for running Incognito Market, a major darknet drug marketplace that sold over one ton of narcotics. The Taiwanese man pled […]
Published: 2026-02-04T19:23:26
French prosecutors raided X offices in Paris over illegal content; Elon Musk and CEO summoned for voluntary interviews in April. French prosecutors, with France’s National Gendarmerie and Europol support, raided the X offices in Paris in a criminal probe over complaints that the platform facilitated child sexual abuse material and other illegal content. The probe […]
Published: 2026-02-04T15:23:02
GreyNoise spotted a dual-mode Citrix Gateway recon campaign using 63K+ residential proxies and AWS to find login panels and enumerate versions. Between Jan 28 and Feb 2, 2026, GreyNoise tracked a coordinated reconnaissance campaign targeting Citrix ADC and NetScaler Gateways. Attackers used over 63,000 residential proxies to discover login panels, then switched to AWS infrastructure […]
Published: 2026-02-04T14:49:36
Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake […]
Published: 2026-02-04T11:30:03
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first […]
Published: 2026-02-03T21:06:49
Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a […]
Published: 2026-02-03T15:41:57
Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations […]
Published: 2026-02-03T12:13:17
Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the […]
Published: 2026-02-03T09:35:23
Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw […]
Published: 2026-02-02T21:29:22
Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the group leaked a 760MB archive […]
Published: 2026-02-02T20:42:20