Category: SecurityNews
-
Zero-Days, Shadow AI, and Stealth Tactics Define This Week in Cybersecurity
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/zero-days-shadow-ai-and-stealth-tactics-define-this-week-in-cybersecurity/
-
Sex toys maker Tenga says hacker stole customer information
The Japanese sex toy maker said a hacker broke into an employee’s inbox and stole customer names, email addresses, and correspondence, including order details and customer service inquiries. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/13/sex-toys-maker-tenga-says-hacker-stole-customer-information/
-
AI agent seemingly tries to shame open source developer for rejected pull request
Belligerent bot bullies maintainer in blog post to get its way First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/ai_bot_developer_rejected_pull_request/
-
Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign
Malicious Chrome extensions hijacked over 500K VK accounts using multi-stage payloads and stealthy persistence techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-chrome-extensions-hijack-500000-vk-accounts-in-stealth-campaign/
-
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
-
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
-
New NCSC-Led OT Security Guidance for Nuclear Reactors
Four Principles Positioning the Nuclear Ecosystem for Long-Term Cyber Resilience OT weaknesses are compounding across utilities, with 22% of critical infrastructure firms reporting OT incidents and external access driving half of breaches. U.K. NCSC’s new guidance outlines connectivity principles that utilities can embed to avoid costly retrofits and compliance issues. First seen on govinfosecurity.com Jump…
-
1,800+ Windows Servers Hit by BADIIS SEO Malware
Over 1,800 Windows IIS servers were compromised by BADIIS malware in a stealthy global SEO poisoning campaign. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/1800-windows-servers-hit-by-badiis-seo-malware/
-
Valentine’s Day: Cyber Experts Heed Caution When Looking For Love (and Gifts) Online
Ahead of Valentine’s Day, cybersecurity experts are warning consumers to be cautious online, whether they’re looking for love or trying to grab a last minute gift. Why do scams increase around Valentine’s Day? Anne Cutler, Cybersecurity Expert at Keeper Security, notes: >>Valentine’s Day is one of the easiest moments of the year for romance scams…
-
Münchner Sicherheitskonferenz: Schwarz Digits und BSI bauen geheime Cloud
Schwarz Digits baut mit dem BSI Clouds für die öffentliche Verwaltung, um das bestehende Vendor Lock-in zu beenden. Es soll bis zur Stufe Geheim gehen. First seen on golem.de Jump to article: www.golem.de/news/muenchner-sicherheitskonferenz-schwarz-digits-und-bsi-bauen-geheime-cloud-2602-205408.html
-
Why PAM Implementations Struggle
Privileged Access Management (PAM) is widely recognized as a foundational security control for Zero Trust, ransomware prevention, and compliance with frameworks such as NIST, ISO 27001, and SOC 2. Yet despite heavy investment, many organizations struggle to realize the promised value of PAM. Projects stall, adoption remains low, and security teams are left managing complex systems that deliver limited risk reduction. ……
-
Attackers finally get around to exploiting critical Microsoft bug from 2024
As if admins haven’t had enough to do this week First seen on theregister.com Jump to article: www.theregister.com/2026/02/13/critical_microsoft_bug_from_2024/
-
Alert: ‘Severe Cyberthreat’ to Critical Infrastructure
Develop ‘Strong Resilience and Recovery Plans,’ Urges UK Cybersecurity Agency. Following Poland’s energy grid being targeted by Russian nation-state attackers, Britain has issued a severe cyberthreat alert to its domestic critical national infrastructure operators, urging them to refine their defensive and resilience posture ahead of any unexpected escalation in targeting. First seen on govinfosecurity.com Jump…
-
Randall Munroe’s XKCD ‘International Station’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/02/randall-munroes-xkcd-international-station/
-
Researchers unearth 30-year-old vulnerability in libpng library
Tags: advisory, ai, cvss, exploit, flaw, network, open-source, ransomware, software, threat, tool, update, vulnerability, zero-daypng_set_quantize, which is used for reducing the number of colors in PNG images, and present in all versions of libpng prior to version 1.6.55.”When the function is called with no histogram and the number of colours in the palette is more than twice the maximum supported by the user’s display, certain palettes will cause the…
-
Space emerges as new front in great power competition, officials warn
Tags: vulnerabilitySpace looks increasingly like the next arena of great power competition, crowded with satellites, vulnerable to disruption, and governed by rules written for a far simpler age. First seen on therecord.media Jump to article: therecord.media/space-cybersecurity-new-front-war
-
Ransomware Groups Claimed 2,000 Attacks in Just Three Months
Ransomware attacks surged 52% in 2025, with supply chain breaches nearly doubling as groups like Qilin drive record monthly incidents worldwide. The post Ransomware Groups Claimed 2,000 Attacks in Just Three Months appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ransomware-attacks-surge-2025/
-
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-under-pressure-defenses-byovd-attacks
-
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-under-pressure-defenses-byovd-attacks
-
Nation-State Hackers Put Defense Industrial Base Under Siege
Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors’ networks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/nation-state-hackers-defense-industrial-base-under-siege
-
AI Agents ‘Swarm,’ Security Complexity Follows Suit
As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/ai-agents-swarm-security-complexity
-
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL.Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and First seen on…
-
Check Point Unveils a New Security Strategy for Enterprises in the AI Age
Check Point is rolling out a new four-pillar cybersecurity strategy to give security teams an edge in the ongoing AI arms race with threat actors and is making three acquisitions that will play a critical role in getting it going. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/check-point-unveils-a-new-security-strategy-for-enterprises-in-the-ai-age/
-
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG).The tech giant’s threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense…
-
The Rise of Continuous Penetration Testing-as-a-Service (PTaaS)
Traditional penetration testing has long been a cornerstone of cyber assurance. For many organisations, structured annual or biannual tests have provided an effective way to validate security controls, support compliance requirements, and identify material weaknesses across infrastructure, applications, and external attack surfaces. However, enterprise environments now change at a pace that is difficult to reconcile”¦…
-
The Rise of Continuous Penetration Testing-as-a-Service (PTaaS)
Traditional penetration testing has long been a cornerstone of cyber assurance. For many organisations, structured annual or biannual tests have provided an effective way to validate security controls, support compliance requirements, and identify material weaknesses across infrastructure, applications, and external attack surfaces. However, enterprise environments now change at a pace that is difficult to reconcile”¦…
-
Critical flaw in BeyondTrust Remote Support sees early signs of exploitation
The vulnerability is a variant of a CVE linked to the 2024 hack of the U.S. Treasury Department, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-flaw-beyondtrust-remote-support-early-exploitation/812215/