Cybersecurity News from Across the Internet
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October … Read More “Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker – The Hacker News” »
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below – CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system … Read More “SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution – The Hacker News” »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute … Read More “CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability – The Hacker News” »
Lazarus Group is now using Medusa ransomware in attacks on healthcare and social services, signaling a move toward profit-focused cybercrime. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
An ex-L3 Harris executive was sentenced to over seven years in prison Tuesday after pleading guilty to selling eight zero-day exploits to a Russian broker in exchange for millions of dollars. Williams, 39, admitted to two counts of theft of trade secrets in U.S. District Court in Washington, D.C., last year, acknowledging he took at … Read More “Ex-L3Harris executive sentenced to 87 months in prison for selling zero-day exploits to Russian broker – CyberScoop” »
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. “Attackers can craft hidden instructions inside a … Read More “RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN – The Hacker News” »
Anthropic claims Chinese AI firms distilled Claude to train rival AI models, raising concerns about model extraction, security risks, and AI distillation abuse. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
DTEX claims insider incidents cost $19.5m in 2025, with employee negligence most expensive – Read More –
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor’s targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional … Read More “UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware – The Hacker News” »
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information – Read More –
Amazon says a Russian speaking low-skill hacker used AI tools to breach hundreds of FortiGate devices worldwide, showing how AI can scale cyberattacks with basic methods. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Learn how to strengthen app performance without slowing innovation using metrics, observability, scalability planning, and disciplined release strategies. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Strengthen DDoS Readiness with proactive protection strategies, risk assessments, traffic monitoring, scalable defenses, and rapid response planning. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Wilmington, North America, 24th February 2026, CyberNewswire – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks – Read More –
Catalin Dragomir admits to hacking an Oregon government office and selling network access. Read more on the $250k fraud case and his 2026 sentencing. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes – Read More –
Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom’s threat intelligence division said it also identified the same threat actors mounting an … Read More “Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks – The Hacker News” »
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of … Read More “Identity Prioritization isn’t a Backlog Problem – It’s a Risk Math Problem – The Hacker News” »
Anthropic accused DeepSeek, Moonshot and MiniMax of illicitly using Claude to steal some of the AI model’s capabilities – Read More –
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. “The group used several … Read More “UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors – The Hacker News” »
CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective – Read More –
Cyberattacks reached victims faster and came from a wider range of threat groups than ever last year, CrowdStrike said in its annual global threat report released Tuesday, adding that cybercriminals and nation-states increasingly relied on predictable tactics to evade detection by exploiting trusted systems. The average breakout time — how long it took financially-motivated attackers … Read More “CrowdStrike says attackers are moving through networks in under 30 minutes – CyberScoop” »
Anthropic on Monday said it identified “industrial-scale campaigns” mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude’s capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms – … Read More “Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model – The Hacker News” »
The Digital Personal Data Protection (DPDP) Act in India has fundamentally altered the way that SaaS firms and startups… The post DPDP Act for SaaS and Startups: How to Scale Privacy-by-Design Without Slowing Product appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Data breaches in 2026 explained, new cyber threats, AI driven attacks, common breach causes, and practical security strategies for individuals and businesses – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation … Read More “APT28 Targeted European Entities Using Webhook-Based Macro Malware – The Hacker News” »
Anthropic on Monday accused three Chinese artificial intelligence laboratories of stealthily trying to siphon Claude’s capabilities for their own models, potentially in a way that could fuel offensive cyber operations. The U.S. AI startup said the three labs, DeepSeek, Moonshot and MiniMax, ran “industrial-scale campaigns” with a tactic known as “distillation.” It involves sending bulk … Read More “Anthropic accuses Chinese labs of trying to illicitly take Claude’s capabilities – CyberScoop” »
16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. “Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim – Read More – … Read More “Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb – The Hacker News” »
Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure – Read More –
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers – Read More –
PayPal has confirmed a data leak in its Working Capital loan system that exposed names, dates of birth, and Social Security numbers for six months. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Top technology stacks for MVP development in 2026, best tools for fast launch, scalability, cost efficiency, and proven frameworks for startups building products. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal … Read More “⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More – The Hacker News” »
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances – Read More –
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the … Read More “How Exposed Endpoints Increase Risk Across LLM Infrastructure – The Hacker News” »
Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident – Read More –
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious … Read More “Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens – The Hacker News” »
A new FBI Flash alert claims $20m was lost to ATM jackpotting attacks in 2025 alone – Read More –
University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday – Read More –
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, 2026, has resulted in the deployment of new … Read More “MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP – The Hacker News” »
Researchers demonstrate multiple attacks against major password managers, showing how compromised servers and design flaws can expose encrypted vault data. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Posted by Egidio Romano on Feb 22 —————————————————————————- SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability —————————————————————————- [-] Software Link: https://www.smartertools.com/smartermail/business-email-server [-] Affected Versions: Build 9518 and prior builds. [-] Vulnerability Description: User input passed through the… – Read More – Full Disclosure
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 22 SEC Consult Vulnerability Lab Security Advisory < 20260218-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: NesterSoft WorkTime (on-prem/cloud) vulnerable version: <= 11.8.8 fixed version: No patch available, vendor unresponsive. CVE number: CVE-2025-15563, CVE-2025-15562, CVE-2025-15561… – Read More – Full Disclosure
Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers at CyberProof have identified a new fake captcha campaign linked to the ClickFix operation. This stealthy infostealer targets over 25 browsers, cryptocurrency wallets like MetaMask, and gaming accounts by tricking users into executing malicious PowerShell commands. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. “No exploitation of FortiGate – … Read More “AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries – The Hacker News” »
![[KIS-2026-04] SmarterMail](https://attackfeed.com/wp-content/uploads/2026/02/fulldisclosure-img-jjsJpG.webp "[KIS-2026-04] SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability")
