Incident is at least the third time the exchange has been targeted by thieves. Open source packages published on the npm and PyPI repositories were laced with code that stole
Published: 2026-02-06T22:16:51
The window to patch vulnerabilities is shrinking rapidly. Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compro
Published: 2026-02-04T23:08:04
We don't need self-replicating AI models to have problems, just self-replicating prompts. On November 2, 1988, graduate student Robert Morris released a self-replicating progr
Published: 2026-02-03T12:00:01
Suspected China-state hackers used update infrastructure to deliver backdoored version. Infrastructure delivering updates for Notepad++ a widely used text editor for Windows w
Published: 2026-02-02T20:30:56
Settlement comes more than 6 years after Gary DeMercurio and Justin Wynn's ordeal began. Two security professionals who were arrested in 2019 after performing an authorized se
Published: 2026-01-29T18:30:52
Windows giant might try turning it off and on again to see who notices Microsoft has laid out a timeline for the disablement and shutdown of Exchange Web Services (EWS) in Microsoft 365 and Exchange Online.
Published: 2026-02-06T13:51:21
Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-dri
Published: 2026-02-05T11:38:13
Substack is notifying some users that the email addresses and phone numbers linked to their accounts were exposed in a "security incident" last year. In an email to account holders, Substack CEO Chris Best said that a hacker had accessed internal data without authorization in October 2025, but that passwords, credit card numbers, and other […] 
Substack is notifying some users that the email addresses and phone numbers linked to their accounts were exposed in a "security incident" last year. In an email to account holders, Substack CEO Chris Best said that a hacker had accessed internal d...
Published: 2026-02-05T05:55:06
OpenClaw, the AI agent that has exploded in popularity over the past week, is raising new security concerns after researchers uncovered malware in hundreds of user-submitted "skill" add-ons on its marketplace. In a post on Monday, 1Password product VP Jason Meller says OpenClaw's skill hub has become "an attack surface," with the most-downloaded add-on serving […] 
OpenClaw, the AI agent that has exploded in popularity over the past week, is raising new security concerns after researchers uncovered malware in hundreds of user-submitted "skill" add-ons on its marketplace. In a post on Monday, 1Password product...
Published: 2026-02-04T14:03:38
Microsoft has a new head of security. Hayete Gallot, who left Microsoft in October 2024 to become the president of Google Cloud's customer experience, is returning to the software giant as the executive vice president of security, reporting directly to CEO Satya Nadella. The move means Charlie Bell, formerly Microsoft's security chief, is taking on […] 
Microsoft has a new head of security. Hayete Gallot, who left Microsoft in October 2024 to become the president of Google Cloud's customer experience, is returning to the software giant as the executive vice president of security, reporting directl...
Published: 2026-02-04T12:27:30
Users of the text and code editor Notepad++ may have unknowingly downloaded a malicious update for the app after its shared hosting servers were hijacked last year. On Monday, the app's developer, Don Ho, posted an update on the attack with more details, including that the hackers were "likely a Chinese state-sponsored group" and that […] 
Users of the text and code editor Notepad++ may have unknowingly downloaded a malicious update for the app after its shared hosting servers were hijacked last year. On Monday, the app's developer, Don Ho, posted an update on the attack with more de...
Published: 2026-02-02T15:43:27
An open-source AI agent called OpenClaw (formerly known as both Clawdbot and Moltbot) that runs on your own computer and “actually does things” is taking off inside tech circles. Users interact with OpenClaw via messaging apps like WhatsApp, Telegram, Signal, Discord, and iMessage, giving it the keys to operate independently, managing reminders, writing emails, or […] 
An open-source AI agent called OpenClaw (formerly known as both Clawdbot and Moltbot) that runs on your own computer and “actually does things” is taking off inside tech circles. Users interact with OpenClaw via messaging apps like What...
Published: 2026-02-02T10:47:39
WhatsApp is launching new "Strict Account Settings" that add even more protections against cyberattacks. The feature is built for people at a high-risk of attacks - such as journalists or public figures - and automatically blocks attachments and media from senders you don't know, while silencing calls from unknown contacts. The new setting limits other […] 
WhatsApp is launching new "Strict Account Settings" that add even more protections against cyberattacks. The feature is built for people at a high-risk of attacks - such as journalists or public figures - and automatically blocks attachments and me...
Published: 2026-01-27T13:01:07
Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for persistence and remote control. [...]
Published: 2026-02-09T15:28:15
SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. [...]
Published: 2026-02-09T14:08:58
Attackers don't need AI to crack passwords, they build targeted wordlists from an organization's own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall shor
Published: 2026-02-09T10:01:11
Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them. [...]
Published: 2026-02-09T05:47:25
The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked. [...]
Published: 2026-02-09T04:49:04
A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption
Published: 2026-02-07T04:47:10
Germany's domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. [...]
Published: 2026-02-06T15:00:33
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. [...]
Published: 2026-02-06T13:35:11
The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. [...]
Published: 2026-02-06T12:16:03
There has been a lot of architecture news coming out of Saudi Arabia recently, little of which has been good. Now the jewel in the crown of the desert kingdom's ongoing transformation, the Line, appears to be facing a major rethink.Continue ReadingCa...
Published: 2026-02-07T15:03:00
Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-branded extortion operations. These operations primarily leverage sophisticated voice phish
Published: 2026-01-30T14:00:00
Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHu
Published: 2026-01-30T14:00:00
Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR, a popular file archiver tool for Windows, to establish initial access and deliver diverse
Published: 2026-01-27T14:00:00
By default, the bot listens on all network interfaces, and many users never change it It's a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster.
Published: 2026-02-09T17:23:30
Staff data belonging to the regulator and judiciary's governing body accessed The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.
Published: 2026-02-09T14:50:37
Moving 40% of semiconductor production to America is 'impossible' says vice premier Taiwan's vice-premier has ruled out relocating 40 percent of the country's semiconductor production to the US, calling the Trump administration's goal "impossible."
Published: 2026-02-09T14:02:53
Security devs forced to hide Boolean logic from overeager optimizer FOSDEM 2026 The creators of security software have encountered an unlikely foe in their attempts to protect us: modern compilers.
Published: 2026-02-09T12:07:02
Average Swiss salaries dwarf those on offer across the rest of the continent European techies looking for the biggest payday are far better off in Switzerland than anywhere else, with average salaries eclipsing all other countries on the continent.
Published: 2026-02-09T11:42:13
Officials explore issue affecting infrastructure after CERT-EU detected suspicious activity Brussels is digging into a cyber break-in that targeted the European Commission's mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff.
Published: 2026-02-09T10:37:47
PLUS: China broadens cryptocurrency crackdown; Australian facial recognition privacy revisited; Singapore debuts electric VTOL; and more! Asia In Brief The Commissioner of Police in the Indian city of Hyderabad, population 11 million, has called for AI agents to be issued with identity cards or at least their digital equivalent.
Published: 2026-02-09T04:08:59
PLUS: OpenClaw teams with VirusTotal; Crypto kidnappings in France; Critical vulns at SmarterMail; And more Infosec In Brief So-hot-right-now AI assistant OpenClaw, which is very much not secure right now, has teamed up with security scanning service VirusTotal.
Published: 2026-02-08T22:25:30
Research shows productivity and judgment peak decades after graduation A growing body of research continues to show that older workers are generally more productive than younger employees.
Published: 2026-02-07T12:30:13
Attackers may have snapped user locations and activity information, message warns Legacy image-sharing website Flickr suffered a data breach, according to customer emails seen by The Register.
Published: 2026-02-06T16:56:29
UK leaps to sixth in global flood charts as mega-swarm unleashes 31.4 Tbps Yuletide pummeling Cloudflare says DDoS crews ended 2025 by pushing traffic floods to new extremes, while Britain made an unwelcome leap of 36 places to become the world's sixth-most targeted location.
Published: 2026-02-06T16:36:49
The end isn't nigh after all Chrome's latest revision of its browser extension architecture, known as Manifest v3 (MV3), was widely expected to make content blocking and privacy extensions less effective than its predecessor, Manifest v2 (MV2).
Published: 2026-02-06T00:39:52
Skills marketplace is full of stuff - like API keys and credit card numbers - that crims will find tasty Another day, another vulnerability (or two, or 200) in the security nightmare that is OpenClaw.
Published: 2026-02-05T23:32:52
Contact details were accessed in an intrusion that went undetected for months, the blogging outfit says Newsletter platform Substack has admitted that an intruder swiped user contact details months before the company noticed, forcing it to warn writers and readers that their email addresses and other account metadata were accessed without permission.
Published: 2026-02-05T19:54:18
And their toolkit includes a new, Linux kernel rootkit A state-aligned cyber group in Asia compromised government and critical infrastructure organizations across 37 countries in an ongoing espionage campaign, according to security researchers.
Published: 2026-02-05T19:21:33
Breach-tracking site flags dataset following impersonation-based intrusion Breach-tracking site Have I Been Pwned (HIBP) claims a cyberattack on Betterment affected roughly 1.4 million users although the investment company has yet to publicly confirm how many customers were affected by January's intrusion.
Published: 2026-02-05T16:25:00
Right on cue, petulant hacktivists attempt to disrupt yet another global sporting event Italy's foreign minister says the country has already started swatting away cyberattacks from Russia targeting the Milano Cortina Winter Olympics.
Published: 2026-02-05T11:49:35
Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes.
Published: 2026-02-05T11:38:13
Businesses still chase the cheapest option, but politics and licensing shocks are changing priorities, says OpenNebula Systems Interview Sovereignty remains a hot topic in the tech industry, but interpretations of what it actually means and how much it matters vary widely between organizations and sectors. While public bodies are often driven by regulation and national policy, the private sector tends to take a more pragmatic, cost-focused view.
Published: 2026-02-05T11:00:08
It's a threat straight out of sci-fi, and fiendishly hard to detect Sleeper agent-style backdoors in AI large language models pose a straight-out-of-sci-fi security threat.
Published: 2026-02-05T07:32:12
Picks chap who used to lead Redmond's security, lures replacement from Google Microsoft CEO Satya Nadella has decided Microsoft needs an engineering quality czar, and shifted Charlie Bell, the company's executive veep for security, into the new role.
Published: 2026-02-05T05:46:17
LLMs automated most phases of the attack UPDATED A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.
Published: 2026-02-04T21:09:42
US agencies told to patch by Friday Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That's according to America's lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.
Published: 2026-02-04T18:15:16
Gang walks away with nothing, victims are left with irreparable hypervisors Cybersecurity experts usually advise victims against paying ransomware crooks, but that advice goes double for those who have been targeted by the Nitrogen group. There's no way to get your data back from them!
Published: 2026-02-04T13:50:49
Affected police officers squeezed mental health services, relocated over safety fears Police Service of Northern Ireland (PSNI) employees who had their details exposed in a significant 2023 data breach will each receive 7,500 ($10,279) as part of a universal offer of compensation.
Published: 2026-02-04T11:41:59
As analyst house Gartner declares AI tool comes with unacceptable cybersecurity risk and urges admins to snuff it out If you re brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.
Published: 2026-02-04T05:28:12
Don't relax: This is a 'when, not if' scenario AI agents and other systems can't yet conduct cyberattacks fully on their own but they can help criminals in many stages of the attack chain, according to the International AI Safety report.
Published: 2026-02-03T23:57:55
Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware to both Windows and Linux machines, and yet the in-the-wild attacks still haven't received the "broad public acknowledgement" that they should, according to security researchers.
Published: 2026-02-03T19:01:03
GreyNoise's Glenn Thorpe counts the cost of missed opportunities On 59 occasions throughout 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) silently tweaked vulnerability notices to reflect their use by ransomware crooks. Experts say that's a problem.
Published: 2026-02-03T17:17:16
Algorithmic bias probe continues, CEO and former boss summoned to defend the platform's corner French police raided Elon Musk's X offices in Paris this morning as part of a criminal investigation into alleged algorithmic manipulation by foreign powers.
Published: 2026-02-03T13:09:08
Azure Storage now requires version 1.2 or newer for encrypted connections Today is the day Azure Storage stops supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 is the new minimum.
Published: 2026-02-03T12:59:03
DDoSer of 'strategically important' websites admitted to most charges Polish authorities have cuffed a 20-year-old man on suspicion of carrying out DDoS attacks.
Published: 2026-02-03T12:34:17
Your own personal Jarvis. A bot to hear your prayers. A bot that cares. Just not about keeping you safe OpenClaw, the AI-powered personal assistant users interact with via messaging apps and sometimes entrust with their credentials to various online services, has prompted a wave of malware and is delivering some shocking bills.
Published: 2026-02-03T10:14:14
Armed Forces Bill would let troops take action against unmanned threats around defense sites Britain's defense personnel will be given the authority to neutralize drones threatening military bases under measures being introduced in the Armed Forces Bill, currently making its way through Parliament.
Published: 2026-02-03T09:30:12
The group targets telecoms, critical infrastructure - all the usual high-value orgs Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure to gain a foothold in high-value targets by delivering a newly identified backdoor dubbed Chrysalis.
Published: 2026-02-02T23:23:18
The ICE-tracking service says it doesn't store usernames or addresses ICE-reporting service StopICE has blamed a US Customs and Border Protection (CBP) agent for attacking its app and website and sending users text messages warning them that their information had been "sent to the authorities."
Published: 2026-02-02T19:16:41
Ukraine's CERT says the bug went from disclosure to active exploitation in days Russia-linked attackers are already exploiting Microsoft's latest Office zero-day, with Ukraine's national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU.
Published: 2026-02-02T18:18:22
Your favorite menu item might be easy to remember but it will not secure your account Change Your Password Day took place over the weekend, and in case you doubt the need to improve this most basic element of cybersecurity hygiene, even McDonald's yes, the fast food chain is urging people to get more creative when it comes to passwords.
Published: 2026-02-02T17:05:53
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.
Published: 2026-02-02T14:10:10
Breach lingered for months before stronger signature checks shut the door A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author.
Published: 2026-02-02T13:19:27
Don't be scared of the digital dark learn how to keep the lights on Opinion Barely a month into 2026, electrical power infrastructure on two continents has tested positive for cyberattacks. One fell flat as attempts to infiltrate and disrupt the Polish distribution grid were rebuffed and reported. The other, earlier attack was part of Operation Absolute Resolve, the US abduction of Venezuela's President Maduro from Caracas on January 3.
Published: 2026-02-02T10:15:14
Your cloud security must stand alone Partner Content As cloud adoption accelerates, many organizations are increasingly relying on the native security features offered by cloud service providers (CSPs). The ability to manage web application firewalls (WAF), data encryption, and key management (KMS) within a single provider ecosystem appears efficient and convenient. However, when security and reliability are viewed through the lens of enterprise risk management, this convenience may come at a significant cost.
Published: 2026-02-02T08:00:54
Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and more Infosec in Brief As if AI weren't enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers.
Published: 2026-02-01T23:40:10
'I did not think it was going to happen to me, but here we are' Nearly every company, from tech giants like Amazon to small startups, has first-hand experience with fake IT workers applying for jobs - and sometimes even being hired.
Published: 2026-02-01T14:14:07
Consider yourselves compromised, experts warn Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors.
Published: 2026-01-30T22:01:28
Parent company Cognizant hit with multiple lawsuits Thousands more Oregonians will soon receive data breach letters in the continued fallout from the TriZetto data breach, in which someone hacked the insurance verification provider and gained access to its healthcare provider customers across multiple US states.
Published: 2026-01-30T18:32:45
BellSoft survey finds 48% prefer pre hardened images over managing vulnerabilities themselves Java developers still struggle to secure containers, with nearly half (48 percent) saying they'd rather delegate security to providers of hardened containers than worry about making their own container security decisions.
Published: 2026-01-30T00:12:02
The call is coming from inside the house opinion Maybe everything is all about timing, like the time (this week) America's lead cyber-defense agency sounded the alarm on insider threats after it came to light that its senior official uploaded sensitive documents to ChatGPT.
Published: 2026-01-29T23:19:21
The Chocolate Factory strikes again, targeting the infrastructure attackers use to stay anonymous Crims love to make it look like their traffic is actually coming from legit homes and businesses, and they do so by using residential proxy networks. Now, Google says it has "significantly degraded" what it believes is one of the world's largest residential proxy networks.
Published: 2026-01-29T17:00:00
eScan lawyers up after Morphisec claimed 'critical supply-chain compromise' A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.
Published: 2026-01-29T16:58:43
The last major nuclear arms treaty between the US and Russia just expired. Some experts believe a combination of satellite surveillance, AI, and human reviewers can take its place. Others, not so much.
Published: 2026-02-09T11:30:00
After more than 15 years of draconian measures, culminating in an ongoing internet shutdown, the Iranian regime seems to be staggering toward its digital surveillance endgame.
Published: 2026-02-09T11:00:00
Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more.
Published: 2026-02-07T11:30:00
The government has withheld details of the investigation of Renee Good’s killing but an unrelated case involving the ICE agent who shot her could force new revelations.
Published: 2026-02-06T22:14:45
ICE has used Mobile Fortify to identify immigrants and citizens alike over 100,000 times, by one estimate. It wasn't built to work like that and only got approved after DHS abandoned its own privacy rules.
Published: 2026-02-05T20:28:34
Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows.
Published: 2026-02-04T19:52:59
Two agents involved in the shooting deaths of US citizens in Minneapolis are reportedly part of highly militarized DHS units whose extreme tactics are generally reserved for war zones.
Published: 2026-02-03T19:52:29
A new report from the Public Service Alliance finds state privacy laws offer public servants few ways to protect their private data, even as threats against them are on the rise.
Published: 2026-02-03T11:00:00
The influx of security personnel from around the world is sparking concern among Italians ahead of the Milano Cortina Olympic Games.
Published: 2026-02-02T11:00:00
Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more.
Published: 2026-01-31T11:30:00
Filming federal agents in public is legal, but avoiding a dangerous even deadly confrontation isn’t guaranteed. Here’s how to record ICE and CBP agents as safely as possible and have an impact.
Published: 2026-01-31T10:30:00
WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere.
Published: 2026-01-29T18:04:13
AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had with the company’s stuffed animals.
Published: 2026-01-29T17:00:00
ICE has been using an AI-powered Palantir system to summarize tips sent to its tip line since last spring, according to a newly released Homeland Security document.
Published: 2026-01-28T21:40:18
Immigration agents have used Mobile Fortify to scan the faces of countless people in the US including many citizens.
Published: 2026-01-28T20:17:15
A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes and then escape. This is his story.
Published: 2026-01-27T11:00:00
A whistleblower trapped inside a “pig butchering” scam compound gave WIRED a vast trove of its internal materials including 4,200 pages of messages that lay out its operations in unprecedented detail.
Published: 2026-01-27T11:00:00
A federal judge ordered a new briefing due Wednesday on whether DHS is using armed raids to pressure Minnesota into abandoning its sanctuary policies, leaving ICE operations in place for now.
Published: 2026-01-26T22:39:30
Sexual deepfakes continue to get more sophisticated, capable, easy to access, and perilous for millions of women who are abused with the technology.
Published: 2026-01-26T11:30:00
The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') M1, SIMBA Telecom, Singtel, and
Published: 2026-02-09T22:31:00
Microsoft has revealed that it observed a multi stage intrusion that involved the threat actors exploiting internet exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently
Published: 2026-02-09T20:12:00
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even
Published: 2026-02-09T18:29:00
Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearer
Published: 2026-02-09T16:53:00
The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT
Published: 2026-02-09T16:28:00
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed
Published: 2026-02-09T14:07:00
BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company
Published: 2026-02-09T13:33:00
OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now scanned using VirusTotal's threat intelligence, including their new Code Insight capability,"
Published: 2026-02-08T13:02:00
Germany's Federal Office for the Protection of the Constitution (aka Bundesamt f r Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. "The focus is on high-ranking targets in
Published: 2026-02-07T16:45:00
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to
Published: 2026-02-06T20:26:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down technical debt and minimize
Published: 2026-02-06T19:13:00
A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155
Published: 2026-02-06T17:37:00
As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically
Published: 2026-02-06T16:00:00
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below - @dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31&
Published: 2026-02-06T14:10:00
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday, comes with improved coding skills, including code review and debugging capabilities, along with
Published: 2026-02-06T11:19:00
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The
Published: 2026-02-05T22:55:00
This week didn’t produce one big headline. It produced many small signals the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less visible while impact
Published: 2026-02-05T18:27:00
Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a widening
Published: 2026-02-05T17:00:00
The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we
Published: 2026-02-05T15:55:00
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that
Published: 2026-02-05T11:46:00
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX
Published: 2026-02-05T10:26:00
Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while maintaining a low false positive
Published: 2026-02-04T23:22:00
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. "The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory
Published: 2026-02-04T22:54:00
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,
Published: 2026-02-04T19:39:00
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication
Published: 2026-02-04T17:28:00
Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The
Published: 2026-02-04T15:30:00
Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since
Published: 2026-02-04T13:12:00
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry.
Published: 2026-02-04T11:56:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote
Published: 2026-02-04T11:20:00
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by
Published: 2026-02-03T22:11:00
Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their weight. The result? Bloated stacks, missed signals, and mounting pressure to do more with less. This
Published: 2026-02-03T19:44:00
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary
Published: 2026-02-03T19:30:00
Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted applications and workflows that many organizations rely on every day. For consumers, these outages are
Published: 2026-02-03T16:30:00
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit. Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania, three
Published: 2026-02-03T14:42:00
Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said. "You can also review and manage individual AI features if you choose to use them. This
Published: 2026-02-03T11:09:00
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortly
Published: 2026-02-03T10:25:00
A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks. ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It's an extension to the OpenClaw project, a self-hosted artificial intelligence (AI) assistant
Published: 2026-02-02T23:19:00
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link. The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to
Published: 2026-02-02T21:58:00
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options. The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad
Published: 2026-02-02T21:29:00
Every week brings new discoveries, attacks, and defenses that shape the state of cybersecurity. Some threats are stopped quickly, while others go unseen until they cause real damage. Sometimes a single update, exploit, or mistake changes how we think about risk and protection. Every incident shows how defenders adapt and how fast attackers try to stay ahead. This week’s recap brings you the
Published: 2026-02-02T17:29:00
For mid-market organizations, cybersecurity is a constant balancing act. Proactive, preventative security measures are essential to protect an expanding attack surface. Combined with effective protection that blocks threats, they play a critical role in stopping cyberattacks before damage is done. The challenge is that many security tools add complexity and cost that most mid-market businesses
Published: 2026-02-02T17:15:00
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org," developer Don Ho said. "The compromise occurred at the hosting
Published: 2026-02-02T14:25:00
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. "Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise
Published: 2026-02-02T11:17:00
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm
Published: 2026-02-02T10:34:00
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It's said to coincide with the nationwide unrest in Iran that began towards the end of 2025,
Published: 2026-01-31T17:32:00
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters. The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim
Published: 2026-01-31T13:28:00
CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country. The incident took place on December 29, 2025. The agency has attributed the attacks to
Published: 2026-01-31T12:35:00
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome
Published: 2026-01-30T19:12:00
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026. The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently
Published: 2026-01-30T17:38:00
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape? Introduction: One view on the scattered fight against cybercrime The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly
Published: 2026-01-30T17:00:00
BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted […]
Published: 2026-02-09T19:52:26
The European Commission is investigating a cyberattack after detecting signs that its mobile device management system was compromised. The European Commission is investigating a cyberattack on its mobile device management platform after detecting intrusion traces. Attackers may have accessed some staff data, including names and phone numbers, but so far they have not compromised any […]
Published: 2026-02-09T14:00:29
Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to run code remotely, then quickly installed Zoho ManageEngine tools for persistent remote access and Cloudflare […]
Published: 2026-02-09T12:28:54
Romania’s national oil pipeline operator Conpet said a cyberattack disrupted its business systems and temporarily knocked its website offline. Conpet is a state-controlled company that owns and operates the country’s crude oil, condensate, and liquid petroleum product pipeline network. Its main role is to transport oil from domestic production fields and import points to refineries […]
Published: 2026-02-09T08:55:40
Flickr says a flaw at a third-party email provider may have exposed users’ names, email addresses, IPs, and account activity. Flickr is a photo-sharing platform owned by SmugMug. It has over 100 million registered users and millions of active photographers. Flickr warned users about a possible data breach caused by a flaw in a third-party […]
Published: 2026-02-09T00:33:55
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting APT28 Leverages CVE-2026-21509 in Operation Neusploit Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Analyzing Dead#Vax: Analyzing Multi-Stage VHD […]
Published: 2026-02-08T13:32:19
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to […]
Published: 2026-02-08T13:26:30
DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones, […]
Published: 2026-02-08T10:04:33
Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues. Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts. […]
Published: 2026-02-07T18:02:53
CISA ordered U.S. federal agencies to improve management of edge network devices and replace unsupported ones within 12 18 months. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) instructed U.S. federal civilian agencies to strengthen how they manage edge network devices throughout their lifecycle. According to Binding Operational Directive 26-02, Mitigating Risk From End-of-Support Edge Devices, agencies must […]
Published: 2026-02-07T10:55:10