Author: Andy Stern
-
CVE-2025-64712 in Unstructured.io Puts Amazon, Google, and Tech Giants at Risk of Remote Code Execution
A newly disclosed critical flaw, CVE-2025-64712 (CVSS 9.8), in Unstructured.io’s “unstructured” ETL library could let attackers perform arbitrary file writes and potentially achieve remote code execution (RCE) on systems that process untrusted documents. Unstructured is widely used to convert messy business files into AI-ready text and embeddings, and the vendor’s ecosystem footprint is often cited as spanning…
-
Flucht vor der Polizei: Malware-Entwickler täuscht eigenen Tod vor
Tags: malwareMit einer gefälschten Sterbeurkunde wollte ein Malware-Entwickler einer Haftstrafe entgehen. Doch seine Gewohnheiten wurden ihm zum Verhängnis. First seen on golem.de Jump to article: www.golem.de/news/flucht-vor-der-polizei-malware-entwickler-taeuscht-eigenen-tod-vor-2602-205389.html
-
Top Dutch telco Odido admits 6.2M customers caught in contact system caper
Names, addresses, bank account numbers accessed but biz insists passwords and call data untouched First seen on theregister.com Jump to article: www.theregister.com/2026/02/13/odido_breach/
-
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager.The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes. First seen on thehackernews.com…
-
CISA flags critical Microsoft SCCM flaw as exploited in attacks
CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-microsoft-configmgr-rce-flaw-as-exploited-in-attacks/
-
Top Dutch telco Odido admits 6.2M customers caught in contact system caper
Names, addresses, bank account numbers accessed but biz insists passwords and call data untouched First seen on theregister.com Jump to article: www.theregister.com/2026/02/13/odido_breach/
-
The foundation problem: How a lack of accountability is destroying cybersecurity
Tags: business, compliance, cybersecurity, healthcare, jobs, monitoring, risk, technology, training, vulnerabilityThe accountability gap: When leaders don’t take ownership, it shows up in predictable ways. Some are obvious, like teams that have a high turnover rate, projects that never finish or the same problems recurring month after month, year after year. Others, like technical debt, are far more insidious. Technical debt accumulates until it becomes a…
-
KnowBe4 Appoints Kelly Morgan as Chief Customer Officer to Drive Global Customer Lifecycle Strategy
KnowBe4 has announced the appointment of Kelly Morgan as its new Chief Customer Officer (CCO), reinforcing the company’s commitment to delivering measurable customer outcomes as it continues to expand in the Human and AI Risk Management market. Morgan will oversee KnowBe4’s global end-to-end customer lifecycle, leading the Customer Success, Customer Support, Managed Services and Professional…
-
Autonomes Fahren: Waymo ruft an, Deutschland legt auf
Die Google-Tochter Waymo entwickelt autonome Fahrzeuge. Die Rechtslage in Deutschland erlaubt den Einsatz aber momentan nicht. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/autonomes-fahren-waymo-ruft-an-deutschland-legt-auf-325932.html
-
Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-ai-assistants-google-chrome/
-
npm’s Update to Harden Their Supply Chain, and Points to Consider
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks here’s what you need to know for a safer Node…
-
Fake shops target Winter Olympics 2026 fans
Tags: unclassifiedOlympic merchandise is already being used as bait. We’ve identified nearly 20 fake shop sites targeting fans globally. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/fake-shops-target-winter-olympics-2026-fans/
-
The Cyber Express Weekly Roundup: Escalating Breaches, Regulatory Crackdowns, and Global Cybercrime Developments
As February 2026 progresses, this week’s The Cyber Express Weekly Roundup examines a series of cybersecurity incidents and enforcement actions spanning Europe, Africa, Australia, and the United States. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/weekly-roundup-cyber-express-feb-2026/
-
Moltbook: Das perfekte Setup für einen Sicherheitsalptraum
Tags: unclassifiedMoltbook bietet einen extrem faszinierenden Einblick in die Welt der KI. Aber: Es ohne Security-Wissen zu nutzen, wäre mehr als fahrlässig. First seen on golem.de Jump to article: www.golem.de/news/moltbook-das-perfekte-setup-fuer-einen-sicherheitsalptraum-2602-205337.html
-
Moltbook: Das perfekte Setup für einen Sicherheitsalptraum
Tags: unclassifiedMoltbook bietet einen extrem faszinierenden Einblick in die Welt der KI. Aber: Es ohne Security-Wissen zu nutzen, wäre mehr als fahrlässig. First seen on golem.de Jump to article: www.golem.de/news/moltbook-das-perfekte-setup-fuer-einen-sicherheitsalptraum-2602-205337.html
-
Static Design to Adaptive Control: How Artificial Intelligence Improves Modern Material Handling Equipment Systems
AI enables material handling systems to adapt to demand volatility through predictive design, dynamic control, and smarter maintenance without replacing core engineering. First seen on hackread.com Jump to article: hackread.com/how-artificial-intelligence-improves-material-handling-equipment/
-
Moltbook: Das perfekte Setup für einen Sicherheitsalptraum
Tags: unclassifiedMoltbook bietet einen extrem faszinierenden Einblick in die Welt der KI. Aber: Es ohne Security-Wissen zu nutzen, wäre mehr als fahrlässig. First seen on golem.de Jump to article: www.golem.de/news/moltbook-das-perfekte-setup-fuer-einen-sicherheitsalptraum-2602-205337.html
-
GenAI-Nutzung kann aus ahnungslosen Mitarbeitern Insider-Bedrohungen machen
Das Risiko steigt weiter, wenn Mitarbeiter unbeabsichtigt sensible Informationen wie API-Schlüssel oder Passwörter in GenAI-Plattformen offenlegen. Werden solche Daten von Angreifern abgefangen, dann können sich diese als vertrauenswürdige Nutzer ausgeben und unbemerkt auf Unternehmenssysteme zugreifen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/genai-nutzung-kann-aus-ahnungslosen-mitarbeitern-insider-bedrohungen-machen/a43686/
-
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/13/beyondtrust-cve-2026-1731-poc-exploit-activity/
-
Fake shops target Winter Olympics 2026 fans
Tags: unclassifiedOlympic merchandise is already being used as bait. We’ve identified nearly 20 fake shop sites targeting fans globally. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/fake-shops-target-winter-olympics-2026-fans/
-
Okta for AI Agents macht Schatten-KI sichtbar und kontrollierbar
Okta verbessert KI-Sicherheit, indem es unbekannte KI-Agenten von versteckten Risiken in kontrollierte Assets umwandelt, die sichere Innovation ermöglichen. Auf diese Weise lassen sich KI-Agenten nicht nur identifizieren, sondern über ihren gesamten Lebenszyklus hinweg sicher integrieren, verwalten und schützen ohne Innovation auszubremsen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/okta-for-ai-agents-macht-schatten-ki-sichtbar-und-kontrollierbar/a43727/
-
Chrome Extensions Infect 500K Users to Hijack VKontakte Accounts
A long-running Chrome extension malware campaign has silently hijacked more than 500,000 VKontakte (VK) accounts, forcing users into attacker-controlled groups, resetting their settings every 30 days, and abusing VK’s own infrastructure as command-and-control. What appeared to be harmless VK customization tools were in reality a tightly maintained malware project operated by a single threat actor…
-
Gedanken zum Europäischen Datenschutztag – Warum man Datenschutz neu denken sollte
Tags: unclassifiedFirst seen on security-insider.de Jump to article: www.security-insider.de/warum-man-datenschutz-neu-denken-sollte-a-56cf7420a230bce88031c40040e110eb/
-
What is a SAML Assertion in Single Sign-On?
Learn what a SAML assertion is in Single Sign-On. Discover how these XML trust tokens securely exchange identity data between IdPs and Service Providers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/what-is-a-saml-assertion-in-single-sign-on/
-
state-backed hackers exploit Gemini AI for cyber recon and attacks
Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to…
-
Malicious Chrome AI Extensions Target 260,000 Users with Injected Iframes
As AI tools like ChatGPT, Claude, Gemini, and Grok gain mainstream adoption, cybercriminals are weaponizing their popularity to distribute malicious browser extensions. Security researchers have uncovered a coordinated campaign involving 30 Chrome extensions that masquerade as legitimate AI assistants while secretly deploying dangerous surveillance capabilities affecting over 260,000 users. The malicious extensions pose as AI-powered…
-
Check Point Sets Out Four-Pillar Blueprint for Securing the AI-Driven Enterprise
Check Point Software Technologies has unveiled a new AI-focused security strategy alongside three acquisitions aimed at strengthening its platform across AI agent protection, exposure management and managed service provider (MSP) environments. The announcement outlines a four-pillar framework designed to help organisations manage the growing cyber risks associated with rapid AI adoption. As enterprises embed AI…
-
Malicious Chrome AI Extensions Target 260,000 Users with Injected Iframes
As AI tools like ChatGPT, Claude, Gemini, and Grok gain mainstream adoption, cybercriminals are weaponizing their popularity to distribute malicious browser extensions. Security researchers have uncovered a coordinated campaign involving 30 Chrome extensions that masquerade as legitimate AI assistants while secretly deploying dangerous surveillance capabilities affecting over 260,000 users. The malicious extensions pose as AI-powered…