Author: Andy Stern
-
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure
NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-warning-severe-cyberattacks/
-
Notepad++ lieferte monatelang Backdoors statt Updates – Notepad++-Super-GAU: Wie das Admin-Tool zur APT-Waffe wurde
First seen on security-insider.de Jump to article: www.security-insider.de/notepad-plus-plus-super-gau-apt-backdoor-a-5db1240aced2e8b2a1b4739eea71cf01/
-
Millionenschaden: Glücksspielportale mit 3.000 geklauten Identitäten betrogen
Tags: unclassifiedNeukunden bekommen auf Glücksspielportalen häufig Willkommensboni. Zwei junge Männer sollen sich dabei um drei Millionen US-Dollar bereichert haben. First seen on golem.de Jump to article: www.golem.de/news/millionenschaden-gluecksspielportale-mit-3-000-geklauten-identitaeten-abgezockt-2602-205209.html
-
FireMon und Illumio stellen erste Zero-Trust-Control-Plane für hybride Unternehmen vor
Die Herausforderungen bei der Einführung von Zero Trust liegen oft in der Implementierung. Konflikte zwischen Segmentierungs- und Firewall-Richtlinien verzögern die Bereitstellung, sodass selbst starke Designs unvollständig bleiben und nicht durchgesetzt werden können. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/firemon-und-illumio-stellen-erste-zero-trust-control-plane-fuer-hybride-unternehmen-vor/a43648/
-
British Army splashes $86M on AI gear to speed up the battlefield kill chain
Tags: aiTroops fitted with new comms kit as part of Project ASGARD First seen on theregister.com Jump to article: www.theregister.com/2026/02/10/mod_project_asgard/
-
Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data
Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and…
-
Windows Error Reporting Flaw Allows Attackers to Elevate Privileges
A newly documented Windows vulnerability, CVE-2026-20817, impacts the Windows Error Reporting Service (WER) and enables local privilege escalation. The issue matters because WER runs as NT AUTHORITY\SYSTEM, so any mistake in its permission checks can become a direct path to full device takeover.”‹ Researchers explain that WER listens for client requests over an ALPC port…
-
Safer Internet Day 2026 – So profitieren Anbieter von einer sichereren digitalen Welt
Tags: InternetFirst seen on security-insider.de Jump to article: www.security-insider.de/safer-internet-day-2026-engagement-fuer-sichere-digitale-welt-a-6de9ddc8365c7b3adc90a0be8487a388/
-
OpenClaw legt Defizite in der KI-Sicherheit offen
Tags: aiOpenClaw ist ein Blick in die Zukunft: KI-Assistenten, die nicht nur Vorschläge machen, sondern handeln. Die Herausforderung für die Sicherheit liegt nicht in den Ergebnissen der KI, sondern in den Zugriffsrechten, die wir ihr übertragen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/openclaw-legt-defizite-in-der-ki-sicherheit-offen/a43645/
-
European Governments Breached in Zero-Day Attacks Targeting Ivanti
The European Commission and government agencies in Finland and the Netherlands have suffered potentially related breaches First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/european-governments-zeroday/
-
Axios Vulnerability Allows Attackers to Trigger DoS and Crash Node.js Servers
A serious security flaw has been discovered in Axios, one of the most popular HTTP client libraries for Node.js, allowing attackers to crash servers and trigger denial-of-service (DoS) attacks. The vulnerability, tracked as CVE-2026-25639, affects all versions up to and including 1.13.4. Axios Vulnerability The vulnerability exploits Axios’s mergeConfig function, which processes configuration objects before making HTTP…
-
ENISA Updates Its International Strategy to Strengthen EU’s Cybersecurity Cooperation
The European Union Agency for Cybersecurity has released an updated international strategy to reinforce the EU’s cybersecurity ecosystem and strengthen cooperation beyond Europe’s borders. The revised ENISA International Strategy refreshes the agency’s approach to working with global partners while ensuring stronger alignment with the European Union’s international cybersecurity policies, core values, and long-term objectives. First…
-
FIIG Securities Fined AU$2.5 Million Following Prolonged Cybersecurity Failures
Australian fixed-income firm FIIG Securities has been fined AU$2.5 million after the Federal Court found it failed to adequately protect client data from cybersecurity threats over a period exceeding four years. The penalty follows a major FIIG cyberattack in 2023 that resulted in the theft and exposure of highly sensitive personal and financial information belonging to thousands of clients. First seen on thecyberexpress.com…
-
Podcast Besser Wissen: Politische Radiopiraten in Deutschland
Tags: germanyWie eine neue politische Bewegung das Radio für sich entdeckt und genutzt hat, besprechen wir mit dem Medienwissenschaftler Jan Bönkost im Podcast. First seen on golem.de Jump to article: www.golem.de/news/podcast-besser-wissen-politische-radiopiraten-in-deutschland-2602-205170.html
-
Attackers Weaponize Windows Shortcut Files to Deploy Global Group Ransomware
A high-volume phishing campaign leveraging the Phorpiex botnet has been distributing GLOBAL GROUP ransomware through weaponized Windows shortcut files. The attack begins with an email attachment named Document.doc.lnk. Windows’ default behavior of hiding known file extensions makes this shortcut appear as a legitimate Word document to unsuspecting users. Attackers enhance deception by borrowing icons from…
-
China-linked APT UNC3886 targets Singapore telcos
China-linked group UNC3886 targeted Singapore ‘s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major…
-
Artificial intelligence now finance sector’s ‘connective tissue’
Major study finds debate over AI adoption is over as almost every finance firm in the world is already using the technology First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638913/Artificial-intelligence-now-finance-sectors-connective-tissue
-
DuckDuckGo enables AI voice chat without saving voice data
DuckDuckGo has added voice chat to Duck.ai, allowing users to speak to an AI assistant while keeping audio private, unrecorded, and excluded from AI training. Voice chat is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/duckduckgo-duck-ai-voice-chat-feature/
-
Navigating MiCA: A Practical Compliance Guide for European CASPs
MiCA creates a single EU crypto rulebook, replacing national regimes with unified licensing, capital, and compliance rules for all CASPs. First seen on hackread.com Jump to article: hackread.com/navigating-mica-compliance-guide-european-casps/
-
Zentrales IT-Thema: ‘Algorithmen und Datenstrukturen für Dummies” Neuerscheinung zum verständlichen Einstieg
Tags: unclassifiedFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/it-algorithmen-datenstrukturen-dummies-neuerscheinung-verstaendlichkeit-einstieg
-
Face scans and ID checks are coming to Discord
Tags: accessDiscord users will soon see a change to how their accounts work. From early March 2026, access to some features will require age verification using an ID or a face scan. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/discord-age-verification-settings/
-
OpenClaw Moltbook: KI-Agenten, die handeln und die Menschen, die zuschauen
KI-Agenten wie OpenClaw unterscheiden sich von klassischen Chatbots, da sie eigenständig handeln, Informationen speichern und Aufgaben über längere Zeiträume koordinieren können, was neue Sicherheitsrisiken birgt. Besonders gefährlich ist, dass Angreifer durch Prompt Injection die Agenten dazu bringen können, ihre legitimen Zugriffsrechte missbräuchlich zu nutzen, ohne das System direkt zu hacken. Um Risiken zu minimieren, sollten……
-
How AI is reshaping attack path analysis
Cybersecurity teams are overwhelmed with data and short on clarity, while adversaries use AI to move faster and operate at unprecedented scale. Most organizations collect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/plextrac-attack-path-visualization/
-
Fancy Bear Exploits Microsoft Zero-Day to Deploy Backdoors and Email Stealers
Fancy Bear has launched a sophisticated campaign exploiting a critical zero-day vulnerability in Microsoft RTF files to target users across Central and Eastern Europe. The operation, dubbed >>Operation Neusploit,<< demonstrates the group's continued evolution in tradecraft and its strategic focus on regions of geopolitical interest to Russia. The group embedded malicious code within specially crafted…
-
15,200 OpenClaw Control Panels Exposed Online with Full System Access
A critical security oversight has left thousands of AI agents wide open to the public internet. 15,200 instances of the OpenClaw AI framework (formerly Clawdbot and Moltbot) are vulnerable to remote takeover. The STRIKE team used internet-wide reconnaissance, including favicon fingerprinting, to identify approximately 42,900 unique IP addresses hosting OpenClaw control panels across 82 countries.…
-
Fugitive behind $73M ‘pig butchering’ scheme gets 20 years in prison
A dual Chinese and St. Kitts and Nevis national was sentenced to 20 years in prison in absentia for his role in an international cryptocurrency investment scheme (also known as pig butchering or romance baiting) that defrauded victims of more than $73 million. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fugitive-behind-73m-pig-butchering-scheme-gets-20-years-in-prison/
-
Compliance und Langzeitarchivierung – S3-kompatible Archivspeicherlösung für ManagedProvider
First seen on security-insider.de Jump to article: www.security-insider.de/s3-kompatible-archivspeicherloesung-fuer-managed-service-provider-a-d18a67aad0f16bea4f9fe591b3ef9794/
-
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data
The Netherlands’ Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country’s parliament on Friday.”On January 29, the National…
-
Harmlose Mails verschwunden: Microsoft gesteht Phishing-Panne bei Exchange Online
Wer bei Exchange Online seit einigen Tagen E-Mails vermisst, ist damit nicht allein. Laut Microsoft macht die Phishing-Erkennung Probleme. First seen on golem.de Jump to article: www.golem.de/news/harmlose-mails-verschwunden-microsoft-gesteht-phishing-panne-bei-exchange-online-2602-205202.html