Report claims more vulnerabilities created than fixed as remediation gap widens Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested on its cloud platform, finding that more vulnerabilit
Published: 2026-02-26T15:26:07
Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed malicious repositories disguised as legitimate projects, according to Microsoft, which said a limited set of those repos were direct
Published: 2026-02-25T16:51:54
The US Cybersecurity and Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, is getting a new acting director, as reported by ABC, less than a year after Madhu Gottumukkala took charge of the agency as deputy director and acting director in May 2025. CISA's executive assistant director for cybersecurity, Nick […] 
The US Cybersecurity and Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, is getting a new acting director, as reported by ABC, less than a year after Madhu Gottumukkala took charge of the agency as deput...
Published: 2026-02-27T14:06:25
The iPhone and iPad have been approved to hold NATO-restricted information, according to an announcement on Thursday. That means off-the-shelf devices running iOS 26 and iPadOS 26 can handle classified information "without requiring special software or settings," Apple says. The NATO-restricted designation is the lowest level of classified information, and it applies to information that […] 
The iPhone and iPad have been approved to hold NATO-restricted information, according to an announcement on Thursday. That means off-the-shelf devices running iOS 26 and iPadOS 26 can handle classified information "without requiring special softwar...
Published: 2026-02-26T14:08:03
A hacker tricked a popular AI coding tool into installing OpenClaw - the viral, open-source AI agent OpenClaw that "actually does things" - absolutely everywhere. Funny as a stunt, but a sign of what to come as more and more people let autonomous software use their computers on their behalf. The hacker took advantage of […] 
A hacker tricked a popular AI coding tool into installing OpenClaw - the viral, open-source AI agent OpenClaw that "actually does things" - absolutely everywhere. Funny as a stunt, but a sign of what to come as more and more people let autonomous s...
Published: 2026-02-19T13:58:56
Texas Attorney General Ken Paxton is suing TP-Link over claims that the router-maker is misleading customers about its ties to China. In a lawsuit filed this week, Paxton claims TP-Link is "masking its Chinese connections," while serving as "an open window for Chinese-sponsored threat actors and Chinese intelligence agencies." TP-Link was founded in China, but […] 
Texas Attorney General Ken Paxton is suing TP-Link over claims that the router-maker is misleading customers about its ties to China. In a lawsuit filed this week, Paxton claims TP-Link is "masking its Chinese connections," while serving as "an ope...
Published: 2026-02-19T13:20:25
A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). [...]
Published: 2026-03-02T13:54:34
The United Kingdom's National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East. [...]
Published: 2026-03-02T10:54:33
Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. [...]
Published: 2026-03-01T16:44:55
Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. [...]
Published: 2026-02-27T15:00:27
North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance. [...]
Published: 2026-02-27T14:21:25
A yearlong Europol-coordinated operation dubbed "Project Compass" has led to 30 arrests and 179 suspects being tied to "The Com," an online cybercrime collective that targets children and teenagers. [...]
Published: 2026-02-27T13:20:15
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. [...]
Published: 2026-02-27T10:57:04
Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints. [...]
Published: 2026-02-27T10:00:10
Introduction Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents. The thr
Published: 2026-02-25T14:00:00
Written by: Peter Ukhanov, Daniel Sislo, Nick Harbour, John Scarbrough, Fernando Tomlinson, Jr., Rich Reece Introduction Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in
Published: 2026-02-17T14:00:00
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets custome... 
Published: 2026-02-20T20:00:30
NCSC urges all to review posture as escalating tensions increase risk of indirect digital spillover The UK's cybersecurity agency is warning British organizations to brace for potential digital blowback as the Middle East conflict spills further into the online world.
Published: 2026-03-02T18:44:26
We can remember it for you wholesale, and sell it back to you for big bucks Web scraping bots are increasing the pressure on the tech supply chain by scouring sites for DRAM, so their minders can snap up increasingly scarce inventory and resell it for a quick profit.
Published: 2026-03-02T14:00:06
Vulnerable citizens targeted by criminals purporting to represent fake police crisis department Scammers targeted Dubai citizens mere hours after missiles struck the city, attempting to gain access to their bank accounts, police have warned.
Published: 2026-03-02T13:42:52
PLUS: Firefox adds XSS protection; Leadership turnover at CISA; FTC exempts some data collection Infosec In Brief DNS vulnerabilities are being addressed 84 percent faster in the UK public sector thanks to an automated vulnerability scanning system established as part of a program kicked off early last year.
Published: 2026-03-02T03:27:41
Went from triumph at having busted tax dodgers to embarrassment at losing the proceeds South Korea's National Tax Service has apologized after it leaked passwords to a stash of stolen crypto, which parties unknown used to make off with the digi-cash.
Published: 2026-03-02T00:51:38
Jake Braun thinks hackers need to create a 'Digital arsenal of democracy' to defend us all Interview Hackers especially Jake Braun are "fed up with government."
Published: 2026-02-28T11:11:10
Credential and cryptocurrency theft, live surveillance, ransomware - an attacker's Swiss Army knife A new remote access trojan (RAT) being sold on cybercrime networks enables double extortion attacks on Windows machines by bundling ransomware and data theft, along with credential and cryptocurrency stealers, live surveillance, and a whole host of other illicit capabilities, all controllable from a centralized dashboard.
Published: 2026-02-27T22:59:15
Who is knocking at the Dohdoor? Digital intruders with possible links to North Korea have been infecting US education and healthcare sectors with a never-before-seen backdoor since at least December, according to security researchers.
Published: 2026-02-27T19:59:20
Smaller crews piled in as old names splintered and rebranded Ransomware payments cratered in 2025, but it seems like the cybercrooks launching the attacks didn't get the memo.
Published: 2026-02-27T16:15:08
Crooks claim they helped themselves to over 37M accounts during January hit on subcontractor Updated French online marketplace ManoMano is warning customers their personal data was siphoned off after a cyberattack hit one of its customer support subcontractors and criminals are already claiming the haul is far larger than the company's carefully worded notice suggests.
Published: 2026-02-27T15:15:07
Company refuses to pay ransom as attackers threaten larger daily dumps The Netherlands' national police is backing Odido's refusal to pay a ransom after ShinyHunters leaked a second round of records belonging to the telco.
Published: 2026-02-27T13:54:12
Report claims more vulnerabilities created than fixed as remediation gap widens Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested on its cloud platform, finding that more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable.
Published: 2026-02-26T15:26:07
Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its social engineering success.
Published: 2026-02-26T12:35:21
A rare joint alert from all five spy agencies means serious business The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.
Published: 2026-02-26T11:39:55
Anthropic fixed the flaws but the AI-enabled attack surfaces remain Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API keys by injecting malicious configurations into repositories, and then waiting for a developer to clone and open an untrustworthy project.
Published: 2026-02-26T00:33:20
UNC2814 historically targets governments and telcos A China-linked crew found a unique formula for attacking telcos and government orgs across the Americas, Asia, and Africa in its latest round of intrusions. Google's threat intelligence, along with unnamed industry partners, disrupted the gang, which used the Chocolate Factory's own spreadsheet tools as part of its exploits.
Published: 2026-02-25T20:41:03
Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed malicious repositories disguised as legitimate projects, according to Microsoft, which said a limited set of those repos were directly tied to observed compromises.
Published: 2026-02-25T16:51:54
Former Trenchant manager profited millions from cyber tools reserved for the US The former general manager of L3Harris's cyber arm will spend the next seven years behind bars for selling trade secrets to Russia.
Published: 2026-02-25T13:44:56
Security pros question assurances as company offers staff credit monitoring Wynn Resorts has confirmed that employee data was stolen from its servers, and is taking the hackers' word that they've since deleted it.
Published: 2026-02-25T12:39:06
Note to secret agents: ChatGPT is NOT a private diary A ChatGPT user with links to Chinese law enforcement tried to use the AI chatbot to run smear campaigns targeting the Japanese prime minister and other critics of the Chinese Communist Party, according to OpenAI's latest report on malicious uses of its models.
Published: 2026-02-25T10:01:09
And they're being stressed by geopolitical concerns that threaten to slow important data-sharing efforts Researchers from Georgia Tech have found that the supply chain for threat intelligence data is susceptible to adversarial action, and proposed a method to improve data sharing that they think will make it stronger.
Published: 2026-02-25T05:49:36
Discovery is getting cheaper. Validation and patching aren't What good is finding a hole if you can't fix it? Anthropic last week talked up Claude Code's improved ability to find software vulnerabilities and propose patches. But security researchers say that's not enough.
Published: 2026-02-24T22:36:53
SolarWinds + file transfer software = what attackers' dreams are made of If you run SolarWinds Serv-U, you should patch promptly. Four critical vulnerabilities in the file transfer software can allow attackers to execute code as root.
Published: 2026-02-24T19:55:07
New ransomware of choice, same critical targets North Korea's Lazarus Group appears to have added another tool to its kit. It has begun using Medusa ransomware in extortion attacks targeting at least one US healthcare organization and an unnamed victim in the Middle East, according to Symantec and Carbon Black threat hunters.
Published: 2026-02-24T18:25:04
When a one-line fix triggers thousands of PRs, something's off A Go library maintainer has urged developers to turn off GitHub's Dependabot, arguing that false positives from the dependency-scanning tool "reduce security by causing alert fatigue."
Published: 2026-02-24T16:31:13
Social media giant retorts it doesn't want to collect 'private' data, and plans to appeal The UK's data protection regulator has fined social media giant Reddit 14.47 million ($19.5 million) over its use of children's data.
Published: 2026-02-24T13:29:47
Public prosecutor mulls sentencing following investigations into two separate attacks Two South Korean teenagers were this week charged with breaching Seoul's public bike service, Ttareungyi.
Published: 2026-02-24T11:53:49
Visa applications down, executives emigrating, and AI blamed for the rest The number of international workers applying for a visa to work in the UK's tech sector dropped 11 percent between Q2 and Q3 2025, and was down 6 percent year-on-year, according to consultancy RSM UK.
Published: 2026-02-24T10:15:15
We like our surface-to-air weapons affordable Britain has joined a handful of European allies in a program to develop low-cost air defense systems, including autonomous drones or missiles, with project delivery of the first elements scheduled for as early as 2027.
Published: 2026-02-24T09:30:11
Not the first of its kind ai-pocalypse Anthropic sent the infosec community into a tizzy on Friday when it rolled out Claude Code Security, a new feature that scans codebases for vulnerabilities and suggests patches to fix the issues.
Published: 2026-02-23T19:50:01
Watchdogs warn models that can generate realistic images of people must comply with data protection laws A global coalition of privacy watchdogs has fired a warning shot at the generative AI industry, saying companies churning out realistic synthetic images can't pretend that data protection rules don't apply.
Published: 2026-02-23T16:03:38
Goal is to run software locally and stream only to owners' computers If the sour taste has still not left your mouth after Ring's Super Bowl ad, there is a $10,000 prize for anyone who can find a security flaw in the company's cameras.
Published: 2026-02-23T15:17:34
Quartet accused of attacking public institutions, claiming the government was responsible for 2024 tragedy Spanish police say four self-proclaimed members of Anonymous are in custody after allegedly carrying out several cyberattacks on public authorities in the wake of the 2024 DANA floods.
Published: 2026-02-23T12:26:30
Off-the-shelf tools helped Russian-speaking cybercrime group run riot Cybercriminals armed with off-the-shelf generative AI tools compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, according to a new incident report from AWS.
Published: 2026-02-23T11:41:47
The only good password is no password at all opinion Passwords turn 65 this year. They became a feature of computer users' lives in 1961, with MIT's Compatible Time-Sharing System (CTSS). Before then, sysops were real sysops. All jobs went through them, one at a time, and access by others was forbidden by laws written on blocks of stone.
Published: 2026-02-23T09:30:09
PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more Infosec In Brief An unknown attacker accessed the French government's database listing every bank account in the country and made off with 1.2 million records.
Published: 2026-02-22T23:26:50
Confidential complainant details passed to local politician following debate A UK councillor has dubbed her local authority's data breach "crazy" after the personal details of individuals behind a series of complaints were revealed to her.
Published: 2026-02-22T09:34:09
About 100 customers affected PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts.
Published: 2026-02-20T22:10:32
4K unintended installs in very odd supply chain attack Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their knowledge.
Published: 2026-02-20T20:05:10
What happens in Vegas Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.
Published: 2026-02-20T18:27:23
Polish arrest leads to extradition and federal prison sentence Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.
Published: 2026-02-20T14:30:20
Attempt to go 'Made in EU' offers big tech escapees a reality check where lower cloud bills come with higher effort Building a startup entirely on European infrastructure sounds like a nice sovereignty flex right up until you actually try it and realize the real price gets paid in time, tinkering, and slowly unlearning a decade of GitHub muscle memory.
Published: 2026-02-20T14:06:08
Hardcoded credential flaw in RecoverPoint already abused in espionage campaign Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024.
Published: 2026-02-20T12:13:10
Feds say trio conspired to siphon processor and cryptography IP, allegedly routing some data overseas Two former Google engineers and a third alleged accomplice are facing federal charges after prosecutors accused them of swiping sensitive chip and security technology secrets and then trying to cover their tracks when the scheme began to unravel.
Published: 2026-02-20T10:45:49
Appeals judge overrules lower tribunal in latest battle of ICO against a breached retail giant The UK's data protection watchdog has scored a small win in a lengthy legal battle against a British retail group that lost millions of data records during a 2017 breach.
Published: 2026-02-20T10:25:24
Skill at buzzword bingo also required as company seeks innovative and disruptive visionary The CEO of code review platform provider Snyk has announced he will stand down so the company can find someone better-equipped to steer the company into the age of AI.
Published: 2026-02-20T05:07:25
MIT CSAIL's 2025 AI Agent Index puts opaque automated systems under the microscope AI agents are becoming more common and more capable, without consensus or standards on how they should behave, say academic researchers.
Published: 2026-02-20T01:01:15
$300 a month buys you a backdoor that looks like legit software Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing remote monitoring and management software (RMM) as their preferred attack tools.
Published: 2026-02-19T23:46:21
FBI warns these cyber-physical attacks are on the rise Thieves stole more than $20 million from compromised ATMs last year using a malware-assisted technique that the FBI says is on the uptick across the United States.
Published: 2026-02-19T18:39:04
For now, it might not function outside of a lab Cybersecurity researchers say they've spotted the first Android malware strain that uses generative AI to improve performance once installed. But it may be only a proof of concept.
Published: 2026-02-19T16:04:52
New analysis shows that attacks on satellite navigation systems have impacted some 1,100 ships in the Middle East since the US and Israel attacked Iran on February 28.
Published: 2026-03-02T18:34:25
The conflict in the Middle East is driving oil prices up in a midterm year when Americans are already focused on high energy bills.
Published: 2026-03-02T16:03:36
The all-out air assault on the Islamic Republic might be the biggest gamble of the president’s career.
Published: 2026-03-01T17:47:31
As Israeli airstrikes hit Tehran this morning, Iranians received mysterious push notifications saying that “help is on the way,” promising amnesty if they surrender.
Published: 2026-02-28T15:58:09
As Iranian missiles targeted US-linked sites across the Gulf, the UAE’s missile shield was activated in real time.
Published: 2026-02-28T15:12:51
Plus: The top US cyber agency falls into shambles, AI models develop an upsetting penchant for nuclear weapons, and more.
Published: 2026-02-28T11:30:00
US president Donald Trump said a “major combat operation” against Iran had begun as he called for the country’s government to be overthrown.
Published: 2026-02-28T09:42:54
A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars.
Published: 2026-02-27T10:00:00
The new open source project IronCurtain uses a unique method to secure and constrain AI assistant agents before they flip your digital life upside down.
Published: 2026-02-26T20:54:51
Drug kingpin Nemesio “El Mencho” Oseguera Cervantes may be dead, but the Jalisco cartel he ran for years will likely outlive him thanks, in part, to the criminal group’s embrace of technology.
Published: 2026-02-25T09:30:00
The US Justice Department disclosures give fresh clues about how tech companies handle government inquiries about your data.
Published: 2026-02-24T23:22:38
Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online anti-censorship “portal” for the world, and more.
Published: 2026-02-21T11:30:00
Following increased surveillance and patrols of routes used by transnational drug-trafficking networks, Mexican authorities have seized approximately 10 tons of cocaine in the past week alone.
Published: 2026-02-21T10:00:00
Homeland Security aims to combine its face and fingerprint systems into one big biometric platform after dismantling centralized privacy reviews and key limits on face recognition.
Published: 2026-02-20T20:03:23
Comments and other data left on a PDF detailing Homeland Security’s proposal to build “mega” detention and processing centers reveal the personnel involved in its creation.
Published: 2026-02-20T18:27:39
Documents say customs officers in the US Virgin Islands had friendly relationships with Epstein years after his 2008 conviction, showing how the infamous sex offender tried to cultivate allies.
Published: 2026-02-20T03:29:17
The Fulu Foundation, a nonprofit that pays out bounties for removing user-hostile features, is hunting for a way to keep Ring cameras from sending data to Amazon without breaking the hardware.
Published: 2026-02-20T01:12:25
A staffer of the Incognito dark web market was secretly controlled by the FBI and still allegedly approved the sale of fentanyl-tainted pills, including those from a dealer linked to a confirmed death.
Published: 2026-02-19T23:18:09
From threat modeling to encrypted collaboration apps, we’ve collected experts’ tips and tools for safely and effectively building a group even while being targeted and tracked by the powerful.
Published: 2026-02-19T10:00:00
A database left accessible to anyone online contained billions of records, including sensitive personal data that criminals appear to have not yet exploited.
Published: 2026-02-18T17:22:10
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
Published: 2026-03-02T22:38:00
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said. "
Published: 2026-03-02T22:22:00
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points. The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
Published: 2026-03-02T18:56:00
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated requests from strange user agents. If
Published: 2026-03-02T17:25:00
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. "Protection mechanism failure in MSHTML Framework allows an unauthorized
Published: 2026-03-02T16:06:00
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and
Published: 2026-03-02T14:14:00
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. "Our vulnerability lives in the core system itself no plugins, no marketplace, no user-installed extensions just the bare OpenClaw gateway, running exactly as documented," Oasis
Published: 2026-02-28T22:51:00
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix "AIza") embedded in client-side code to provide Google-related services like
Published: 2026-02-28T15:26:00
Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk." "This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons," the
Published: 2026-02-28T10:27:00
The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added. "Criminal
Published: 2026-02-27T23:41:00
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. The non-profit entity said the compromises are likely
Published: 2026-02-27T23:29:00
Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/crypto" codebase, but injects malicious code that's responsible for exfiltrating secrets entered via terminal password
Published: 2026-02-27T21:03:00
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks. The campaign, codenamed Ruby Jumper by Zscaler ThreatLabz, involves the deployment of malware
Published: 2026-02-27T18:13:00
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a malicious Java archive (JAR) file named jd-gui.jar," the Microsoft Threat Intelligence team said in a post on X. "This downloader used PowerShell
Published: 2026-02-27T15:36:00
Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers' methods of payment have been suspended, related accounts have been disabled, and the website domain names used to pull off the scams have been blocked. Concurrently, the social
Published: 2026-02-27T13:26:00
Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for command-and-control, Aeternum stores its instructions on the public Polygon blockchain," Qrator Labs said in a report shared with The
Published: 2026-02-26T23:30:00
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor. "Dohdoor utilizes the DNS-over-HTTPS (DoH)
Published: 2026-02-26T20:47:00
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth paying attention to. AI-powered command
Published: 2026-02-26T19:58:00
Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex and highly professional criminal ecosystem. The era of the cloud brought general availability of
Published: 2026-02-26T17:36:00
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code
Published: 2026-02-26T16:05:00
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by a user named
Published: 2026-02-26T15:39:00
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain
Published: 2026-02-26T11:43:00
Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"
Published: 2026-02-25T23:16:00
Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables executing
Published: 2026-02-25T22:30:00
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to
Published: 2026-02-25T20:36:00
Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room for real threats to slip through. So where does triage go wrong? Here are five triage
Published: 2026-02-25T20:00:00
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.
Published: 2026-02-25T18:13:00
Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is a systemic
Published: 2026-02-25T16:30:00
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams
Published: 2026-02-25T14:19:00
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary
Published: 2026-02-25T12:34:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute
Published: 2026-02-25T10:53:00
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a
Published: 2026-02-25T00:22:00
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional
Published: 2026-02-24T19:51:00
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be
Published: 2026-02-24T17:28:00
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare
Published: 2026-02-24T17:22:00
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several
Published: 2026-02-24T15:24:00
Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms
Published: 2026-02-24T11:34:00
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. "The campaign relies on basic tooling and the exploitation of legitimate services
Published: 2026-02-24T01:11:00
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim
Published: 2026-02-23T23:29:00
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools
Published: 2026-02-23T18:30:00
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the attack surface, often in
Published: 2026-02-23T17:28:00
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded
Published: 2026-02-23T15:50:00
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share
Published: 2026-02-23T12:55:00
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate
Published: 2026-02-21T20:19:00
Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted
Published: 2026-02-21T13:28:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code
Published: 2026-02-21T12:51:00
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite,
Published: 2026-02-21T10:00:00
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the
Published: 2026-02-20T21:15:00
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI
Published: 2026-02-20T19:50:00
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage
Published: 2026-02-20T17:25:00
Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code […]
Published: 2026-03-02T14:45:52
North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz […]
Published: 2026-03-02T12:38:26
Europol’s Project Compass led to 30 arrests targeting ‘The Com’ network, identifying 62 victims and protecting four children from harm. A yearlong operation, code-named Project Compass, led by Europol has dealt a major blow to The Com,’ a cybercrime network known for targeting children and teenagers. The joint effort, called Project Compass and coordinated by […]
Published: 2026-03-02T10:26:25
“ClawJacked” flaw let malicious sites hijack OpenClaw AI agents to steal data; patch released in version 2026.2.26. A high-severity vulnerability called ClawJacked in OpenClaw allowed malicious websites to brute-force and take control of local AI agent instances. Oasis Security discovered the flaw, which enabled silent data theft. OpenClaw addressed the issue with version 2026.2.26, released […]
Published: 2026-03-02T09:42:34
Ukrainian citizen Yurii Nazarenko admitted running OnlyFake, an AI-driven site that sold over 10,000 fake IDs worldwide. Ukrainian man Yurii Nazarenko pleaded guilty to operating OnlyFake, an AI-powered site that generated and sold more than 10,000 counterfeit IDs globally. “United States Attorney for the Southern District of New York, Jay Clayton, and Assistant Director in Charge […]
Published: 2026-03-02T08:43:04
Cybercrime group ShinyHunters leaked the full Odido dataset, the Netherlands is facing the biggest data leak in its history. Odido is a Dutch telecommunications company and one of the largest mobile network operators in the Netherlands. It was formed when T-Mobile Netherlands and Tele2 were rebranded as Odido in 2023 after private equity firms Apax Partners and Warburg Pincus […]
Published: 2026-03-01T19:12:55
Hackers abused Claude Code to build exploits and steal 150GB of data in a cyberattack targeting Mexican government systems. Hackers abused Anthropic’s Claude Code AI assistant to develop exploits, create custom tools, and automatically exfiltrate more than 150GB of data in an attack on Mexican government systems, the Israeli cybersecurity firm Gambit Security reports. The […]
Published: 2026-03-01T13:49:07
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Technical Deep Dive: The Monero Mining Campaign Operation Olalampo: Inside MuddyWater’s Latest Campaign VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) Operation MacroMaze: new APT28 campaign using basic tooling and legit […]
Published: 2026-03-01T10:30:16
About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. Sangoma FreePBX is an open-source, web-based platform for managing Asterisk-powered VoIP phone systems. Maintained by Sangoma Technologies, it allows businesses […]
Published: 2026-03-01T10:01:54
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Canadian Tire 2025 data breach impacts 38 million users Iran ’s Internet near-totally blacked out amid […]
Published: 2026-03-01T00:35:00