Tag: hacker

Hackers Exploit Cortex XDR Live Terminal for C2 Communications

Feb 25, 2026 2:37 PM

Tags: backdoor, communications, cyber, edr, exploit, hacker, malicious, tool

Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy, EDR”‘trusted command”‘and”‘control (C2) channel, effectively turning a built”‘in response tool into a “living off the land” backdoor on protected endpoints. This abuse leverages the agent’s trusted communications and flexible remote”‘execution capabilities to blend malicious operations into normal Cortex XDR traffic. Cortex XDR Live…
Sonderabteilung des Staatsschutzes betroffen – Hacker aus China erbeuten in Italien Geheimdaten

Feb 25, 2026 2:37 PM

Tags: china, hacker

First seen on security-insider.de Jump to article: www.security-insider.de/chinesische-hacker-erbeuten-daten-italienischer-staatsschutz-a-0a5936e1cf2feb29b924f322c4a12efb/
Jetzt patchen: Immer mehr Angriffe auf VMware-Instanzen beobachtet

Feb 25, 2026 1:36 PM

Tags: bug, cyberattack, hacker, vmware

Hacker haben einen Weg gefunden, VMware-Instanzen über eine alte Sicherheitslücke zu attackieren. Hinweise auf Attacken mehren sich. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-immer-mehr-angriffe-auf-vmware-instanzen-beobachtet-2602-205828.html
Android RAT SURXRAT Grants Hackers Full Device Control and Data Exfiltration

Feb 25, 2026 9:37 AM

Tags: access, ai, android, control, cyber, data, hacker, malware, rat, service, threat

SURXRAT is an actively developed Android Remote Access Trojan (RAT) sold as a commercial malware-as-a-service (MaaS) on Telegram, giving attackers full device control and powerful data”‘stealing capabilities. It combines large”‘scale affiliate distribution, cloud”‘hosted command”‘and”‘control, and even experimental AI modules, making it a serious and evolving threat for Android users. The Indonesian operator runs a channel…
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks

Feb 25, 2026 7:05 AM

Tags: attack, backdoor, cyber, hacker, malicious, malware, microsoft, threat

Microsoft has warned that threat actors are weaponizing malicious Next.js repositories to compromise developers through what appear to be legitimate projects and recruiting”‘style technical assessments. The campaign abuses normal workflows in Visual Studio Code and Node.js to reach a staged command”‘and”‘control (C2) backdoor without relying on traditional malware installers. Attackers publish repositories that appear to…
News brief: Nation-state hackers active on the global stage

Feb 24, 2026 8:02 PM

Tags: hacker

Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366639319/News-brief-Nation-state-hackers-active-on-the-global-stage
Marquis sues firewall provider SonicWall, alleges security failings with its firewall backup led to ransomware attack

Feb 24, 2026 6:00 PM

Tags: attack, backup, breach, fintech, firewall, hacker, ransomware

Fintech giant Marquis is suing its firewall provider SonicWall, claiming that an earlier breach with SonicWall allowed hackers to deploy ransomware on Marquis’ network. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/24/marquis-sonicwall-lawsuit-ransomware-firewall-breach/
Amazon: Low-Skill Hacker Used AI Tools to Breach FortiGate Devices Globally

Feb 24, 2026 5:02 PM

Tags: ai, breach, cyberattack, hacker, russia, tool

Amazon says a Russian speaking low-skill hacker used AI tools to breach hundreds of FortiGate devices worldwide, showing how AI can scale cyberattacks with basic methods. First seen on hackread.com Jump to article: hackread.com/amazon-hacker-ai-tools-breach-fortigate-devices/
Conduent data breach grows, affecting at least 25M people

Feb 24, 2026 4:01 PM

Tags: breach, data, data-breach, government, hacker

The number of people affected by a data breach at government contractor giant Conduent is growing, as millions of people continue to receive notices warning them that hackers stole their personal data. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/24/conduent-data-breach-grows-affecting-at-least-25m-people/
North Korean Lazarus Group Expands Ransomware Activity With Medusa

Feb 24, 2026 4:01 PM

Tags: attack, group, hacker, healthcare, lazarus, north-korea, ransomware

Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/north-korean-lazarus-group-medusa/
North Korean Hackers Continue to Target US Healthcare

Feb 24, 2026 3:02 PM

Tags: attack, extortion, group, hacker, healthcare, intelligence, lazarus, north-korea, ransomware, threat

Report: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks. North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report. First seen on govinfosecurity.com…
Romanian Hacker Extradited to US Admits Hacking Oregon State Network

Feb 24, 2026 2:02 PM

Tags: fraud, government, hacker, hacking, network, office

Catalin Dragomir admits to hacking an Oregon government office and selling network access. Read more on the $250k fraud case and his 2026 sentencing. First seen on hackread.com Jump to article: hackread.com/romanian-hacker-extradited-us-hacking-oregon-state/
North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East

Feb 24, 2026 1:02 PM

Tags: attack, country, cybersecurity, hacker, hacking, healthcare, lazarus, middle-east, military, north-korea, ransomware

Cybersecurity researchers said they saw Medusa attacks launched by members of Lazarus, a well-known North Korean hacking operation housed within the country’s military, against a company in the Middle East and a healthcare organization in the U.S. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-using-medusa-ransomware
North Korean Lazarus group linked to Medusa ransomware attacks

Feb 24, 2026 1:02 PM

Tags: attack, extortion, group, hacker, healthcare, lazarus, north-korea, ransomware, threat

North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
Hackers Use Steganographic Images to Bypass Anti-Malware and Deploy Malware

Feb 24, 2026 10:01 AM

Tags: access, attack, cyber, hacker, malicious, malware, tool, windows

Hackers are abusing steganography in PNG images to smuggle a Pulsar Remote Access Trojan (RAT) into Windows systems through a malicious NPM package named buildrunner”‘dev. The attack starts with a typosquatted NPM package, buildrunner”‘dev, which impersonates the abandoned “buildrunner”/”build-runner” tools to catch developers who mistype or assume it is a maintained fork. Its package.json looks harmless but defines a postinstall hook…
Hackers Exploit DeepSeek and Claude AI to Launch Global Attacks on FortiGate Devices

Feb 24, 2026 7:02 AM

Tags: ai, attack, breach, credentials, cyber, exploit, firewall, hacker

Hackers are using commercial AI models DeepSeek and Claude to automate attacks against FortiGate firewalls worldwide, turning basic misconfigurations into a high”‘volume intrusion campaign. In early February 2026, a misconfigured SimpleHTTP server running on 212.11.64[.]250:9999 was found exposing more than 1,400 files and 139 subdirectories, including stolen FortiGate configurations, Active Directory maps, credential dumps, exploit…
600+ FortiGate Devices Hacked by AI-Armed Amateur

Feb 24, 2026 1:01 AM

Tags: ai, backup, credentials, firewall, hacker, ransomware, russia

A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/600-fortigate-devices-hacked-ai-amateur
Hackers target vulnerabilities in Roundcube Webmail

Feb 23, 2026 7:01 PM

Tags: cisa, exploit, flaw, hacker, kev, vulnerability

CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-target-vulnerabilities-in-roundcube-webmail/812839/
Russian-speaking hackers used gen AI tools to compromise 600 firewalls, Amazon says

Feb 23, 2026 7:01 PM

Tags: ai, firewall, hacker, intelligence, russia, threat, tool

A Russian-speaking threat actor used commercial generative artificial intelligence tools to help compromise more than 600 FortiGate firewall devices across more than 55 countries earlier this year, researchers have found. First seen on therecord.media Jump to article: therecord.media/gen-ai-fortigate-hackers-russia
Air CÃ´te d’Ivoire confirms cyberattack following ransomware claims

Feb 23, 2026 7:01 PM

Tags: cyberattack, data, hacker, ransomware

Air CÃ´te d’Ivoire did not respond to requests for comment but released a statement on Friday confirming reports that hackers had breached its systems on February 8. Last week, the INC ransomware gang claimed it stole 208 GB of data from the airline. First seen on therecord.media Jump to article: therecord.media/air-cote-divoire-confirms-cyberattack
AI Let ‘Unsophisticated’ Hacker Breach 600 Fortinet Firewalls, AWS Says, As AI Lowers ‘The Barrier’ For Threat Actors

Feb 23, 2026 6:01 PM

Tags: ai, attack, breach, cyber, cybersecurity, firewall, fortinet, hacker, LLM, threat

Hackers use AI, GenAI and LLMs to breach Fortinet FortiGate firewalls as cybersecurity and threat actors leverage AI for cyber-attacks, AWS report finds. First seen on crn.com Jump to article: www.crn.com/news/security/2026/ai-let-unsophisticated-hacker-breach-600-fortinet-firewalls-aws-says-as-ai-lowers-the-barrier-for-threat-actors
VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report

Feb 23, 2026 6:01 PM

Tags: access, backdoor, china, exploit, flaw, hacker, ivanti, network, vpn

Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN product, which allowed the hackers to gain access to 119 other unnamed organizations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/23/vpn-flaws-allowed-chinese-hackers-to-compromise-dozens-of-ivanti-customers-says-report/
Romanian hacker pleads guilty to selling access to Oregon state networks

Feb 23, 2026 5:02 PM

Tags: access, hacker, network, unauthorized

A Romanian man pleaded guilty to selling admin access to Oregon’s state network for $3,000 in Bitcoin and repeatedly accessing it to prove control. Catalin Dragomir (45) from Romania, pleaded guilty in the U.S. for selling unauthorized admin access to an Oregon state emergency management network. He gained access in June 2021, advertised it, and…
So ticken KI-Agenten für Cybersicherheit

Feb 23, 2026 4:00 PM

Tags: ai, cybersecurity, cyersecurity, hacker, soc

Immer mehr Security-Operation-Centers (SOC) setzen im Kampf gegen Hacker und Downtimes auf die Hilfe künstlicher Intelligenz. KI-Agenten, die wie SOC-Teams miteinander autonom kollaborieren, sind in diesem Zusammenhang die neueste Evolutionsstufe. Ontinue wirft einen Blick unter die Haube solcher Multi-Agenten-Systeme.”‹ Multi-Agenten-Systeme (MAS), bestehend aus hochspezialisierten KI-Agenten, die im Verbund miteinander arbeiten, sind vor allem im Cybersecurity-Kontext…
Hacker stiehlt Daten von Tausenden RTL-Mitarbeitern

Feb 23, 2026 2:00 PM

Tags: access, cyberattack, dark-web, group, hacker, mail, phishing, social-engineering

Ein Hacker hat sich Zugriff auf Mitarbeiterdaten von RTL verschafft.Die RTL Group wurde offenbar Opfer einer Cyberattacke. Wie Cybernews berichtet, brüstet sich ein Cyberkrimineller namens LuneBF mit gestohlenen Daten von mehr als 27.000 Mitarbeitern der Mediengruppe. In seinem Darknet-Post behauptet der Angreifer, sich Zugriff auf die Intranet-Website der RTL Group verschafft zu haben.Als Beweis für…
Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs

Feb 23, 2026 2:00 PM

Tags: encryption, exploit, hacker, malicious, malware, password, phishing, wifi, windows

A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys. First seen on hackread.com Jump to article: hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
Von unerfahrenem Hacker: Hunderte Firewalls mithilfe von KI infiltriert

Feb 23, 2026 12:01 PM

Tags: ai, firewall, fortinet, hacker

Innerhalb weniger Wochen hat ein unerfahrener Angreifer laut AWS dank KI-Nutzung weltweit über 600 Fortinet-Firewalls kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-unerfahrenem-hacker-hunderte-firewalls-mithilfe-von-ki-infiltriert-2602-205719.html
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures

Feb 23, 2026 9:01 AM

Tags: credentials, cyber, exploit, hacker, jobs, malicious, malware, north-korea, software, threat

North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean threat actors have impersonated recruiters and hiring managers, luring software developers into executing booby-trapped code…