Cybersecurity News from Across the Internet
AI bots are having existential crises, inventing religions, and allegedly plotting against humanity… or so the internet would have you believe. We dig into Moltbook, the “AI-only” social network that sent Twitter into a meltdown, attracted breathless talk of the singularity, and turned out to be far less Terminator and far more humans role-playing as … Read More “Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were – GRAHAM CLULEY” »
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. … Read More “First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials – The Hacker News” »
Another Department of Homeland Security shutdown would hamper the Cybersecurity and Infrastructure Security Agency’s ability to respond to threats, offer services, develop new capabilities and finish writing a key regulation, its acting director told Congress Wednesday. Some of those activities would continue on a limited basis, while others would halt entirely, acting CISA leader Madhu … Read More “Acting CISA chief says DHS funding lapse would limit, halt some agency work – CyberScoop” »
Ransomware groups crop up like weeds, angling for striking positions in a crowded field rife with turnover, infighting and unbridled competition. Yet, they rarely emerge, as 0APT did late last month, claiming roughly 200 victims out of the gate. Researchers have thus far seen no evidence confirming 0APT attacked any of its alleged victims, which … Read More “0APT ransomware group rises swiftly with bluster, along with genuine threat of attack – CyberScoop” »
AI apps are making their way into healthcare. It’s not clear that rigorous data security or privacy practices will be part of the package. OpenAI, Anthropic and Google have all rolled out AI-powered health offerings from over the past year. These products are designed to provide health and wellness advice to individual users or organizations, … Read More “Your AI doctor doesn’t have to follow the same privacy rules as your real one – CyberScoop” »
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware – Read More –
For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade … Read More “Kimwolf Botnet Swamps Anonymity Network I2P – Krebs on Security” »
Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which … Read More “APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities – The Hacker News” »
It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere – … Read More “Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms – The Hacker News” »
New York, NY, 11th February 2026, CyberNewswire – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Republicans in Congress are moving ahead with two pieces of legislation this week that would dramatically reshape the nation’s election laws. Together, the SAVE America Act and MEGA Act would shift key voter certification powers to the executive branch, require stricter proof of citizenship for voter registration, and allow states to more easily access federal … Read More “GOP Congress moves to shape election law in Trump’s image – CyberScoop” »
Republicans in Congress are moving ahead with two pieces of legislation this week that would dramatically reshape the nation’s election laws. Together, the SAVE America Act and MEGA Act would shift key voter certification powers to the executive branch, require stricter proof of citizenship for voter registration, and allow states to more easily access federal … Read More “GOP Congress moves to shape election law in Trump’s image – CyberScoop” »
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they … Read More “Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments – The Hacker News” »
A federal court has sentenced crypto-scammer Daren Li to 20 years in absentia – Read More –
Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. “The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of – Read More – The … Read More “SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits – The Hacker News” »
Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified … Read More “Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days – The Hacker News” »
Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. “The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of – Read More – The … Read More “SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits – The Hacker News” »
This year should break all the records in terms of vulnerability disclosed, reaching or even surpassing 50,000 new CVEs disclosed – Read More –
Six actively exploited zero-day bug have been patched by Microsoft – Read More –
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. “The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported … Read More “North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations – The Hacker News” »
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe After Effects is a digital effects, motion graphics, and compositing application. Adobe Audition is a comprehensive toolset that includes multitrack, waveform, and spectral display for creating, mixing, editing, and restoring audio content. Adobe Bridge is … Read More “Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; … Read More “Critical Patches Issued for Microsoft Products, February 10, 2026 – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for arbitrary code execution. FortiAuthenticator is a centralized identity and access management (IAM) solution that secures network access by managing user identities, Multi-Factor Authentication (MFA), and certificate management. FortiClientEMS is a centralized management platform for deploying, configuring, monitoring, and enforcing … Read More “Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, the most severe of which could allow for authentication bypass. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could a remote unauthenticated attacker to leak specific stored credential data. – Read More – Cyber Security Advisories … Read More “Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for Authentication Bypass – Cyber Security Advisories – MS-ISAC” »
Test Data Management tools for 2026 ranked for QA and DevOps teams, comparing speed, self service, masking, CI/CD fit, and enterprise readiness. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers are already exploiting in the wild. Zero-day #1 this month is CVE-2026-21510, a security feature bypass vulnerability in Windows Shell wherein a single click on a … Read More “Patch Tuesday, February 2026 Edition – Krebs on Security” »
Microsoft’s latest security update is littered with zero-day vulnerabilities, actively exploited defects that account for more than 10% of the total CVEs the vendor addressed in this month’s Patch Tuesday update. The vendor addressed 59 vulnerabilities affecting its various products for business operations and underlying systems, including six defects that were actively exploited prior to … Read More “Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities – CyberScoop” »
I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can … Read More “The February 2026 Security Update Review – Zero Day Initiative – Blog” »
The information technology (IT) workers associated with the Democratic People’s Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they’re impersonating, marking a new escalation of the fraudulent scheme. “These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent – … Read More “DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies – The Hacker News” »
Most engagement data is compromised by bots and spoofing. Datavault AI treats engagement as a security problem, verifying real human actions at the source. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators. Tuesday’s alert follows a Jan. 30 report from Poland’s Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian … Read More “After major Poland energy grid cyberattack, CISA issues warning to U.S. audience – CyberScoop” »
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files – Read More –
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection – … Read More “Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools – The Hacker News” »
Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, … Read More “From Ransomware to Residency: Inside the Rise of the Digital Parasite – The Hacker News” »
ZeroDayRAT is a new mobile spyware targeting Android and iOS, offering attackers persistent access – Read More –
Picus Security warns of the increasingly sophisticated ways malicious activity is staying hidden – Read More –
Attackers are using Pride Month themed phishing emails to target employees worldwide, abusing trusted email platforms like SendGrid to harvest credentials. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Operation Cyber Guardian was Singapore’s largest and longest running anti-cyber threat law enforcement operation – Read More –
SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company’s Chief Commercial Officer, Derek Curtis, said. “Prior to the breach, we … Read More “Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server – The Hacker News” »
January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI’s total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates … Read More “ZAST.AI Raises $6M Pre-A to Scale “Zero False Positive” AI-Powered Code Security – The Hacker News” »
NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers – Read More –
MiCA creates a single EU crypto rulebook, replacing national regimes with unified licensing, capital, and compliance rules for all CASPs. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The European Commission and government agencies in Finland and the Netherlands have suffered potentially related breaches – Read More –
The Netherlands’ Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country’s parliament on Friday. “On January 29, the … Read More “Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data – The Hacker News” »
How to ensure the ‘organisational memory’ of past vulnerabilities is not lost. – Read More – NCSC Feed
Around 1.6 billion people around the world have iPhones, and while Apple is usually diligent regarding security, there are two major problems that have surfaced. These problems leave iPhone users completely vulnerable to cyber criminal attacks and if users don’t address, they can steal all of your personal data and even your financial information. The … Read More “Apple Sends Alert – iPhones are at Risk – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »
Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability … Read More “Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution – The Hacker News” »
The Digital Personal Data Protection (DPDP) Act in India transforms the privacy compliance documentation of companies to user experience… The post Designing DPDP Compliant Consent and Notice Flows appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
The Trump administration has made U.S. dominance in artificial intelligence a national priority, but some critics say a light-touch approach to regulating security and safety in U.S. models is making it harder to promote adoption in other countries. White House officials have said since taking office that Trump intended to move away from predecessor Joe … Read More “Critics warn America’s ‘move fast’ AI strategy could cost it the global market – CyberScoop” »
