AttackFeed by Joe Wagner

Apple disclosed a zero-day vulnerability Wednesday that the vendor warned was previously “exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in a security update. The memory-corruption vulnerability — CVE-2026-20700 — affects iPhones and iPads and was exploited on devices running versions of iOS before iOS 26. The Cybersecurity and Infrastructure … Read More “Apple discloses first actively exploited zero-day of 2026  – CyberScoop” »

Proofpoint announced Thursday it has acquired Acuvity, an AI security startup, as the cybersecurity company moves to address security risks stemming from widespread corporate adoption of agentic AI. The acquisition strengthens Proofpoint‘s capabilities in monitoring and securing AI-powered systems that are increasingly handling sensitive business functions across enterprises.  Financial terms of the deal were not … Read More “Proofpoint acquires Acuvity to tackle the security risks of agentic AI  – CyberScoop” »

A new report from Google found evidence that state-sponsored hacking groups have leveraged AI tool Gemini at nearly every stage of the cyber attack cycle. The research underscores how AI tools have matured in their cyber offensive capabilities, even as it doesn’t reveal novel or paradigm shifting uses of the technology. John Hultquist, chief analyst … Read More “Google finds state-sponsored hackers use AI at ‘all stages’ of attack cycle   – CyberScoop” »

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active … Read More “Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems  – The Hacker News” »

The Cybersecurity and Infrastructure Security Agency will hold sector-by-sector town halls in the coming weeks to get feedback on a stalled regulation requiring critical infrastructure owners and operators to report when they suffer major cyberattacks. The meeting dates, set to be published in the Federal Register Friday, would “allow external stakeholders a limited additional opportunity … Read More “CISA to host industry feedback sessions on cyber incident reporting regulation  – CyberScoop” »

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction … Read More “Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support  – The Hacker News” »

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active … Read More “Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems  – The Hacker News” »

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry … Read More “ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories  – The Hacker News” »

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point  … Read More “The CTEM Divide: Why 84% of Security Programs Are Falling Behind  – The Hacker News” »

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and … Read More “83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure  – The Hacker News” »

A 29-year-old Polish man has been charged in connection with a data breach that exposed the personal details of around 2.5 million customers of the popular Polish e-commerce website Morele.net. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability … Read More “Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices  – The Hacker News” »

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. … Read More “First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials  – The Hacker News” »

Another Department of Homeland Security shutdown would hamper the Cybersecurity and Infrastructure Security Agency’s ability to respond to threats, offer services, develop new capabilities and finish writing a key regulation, its acting director told Congress Wednesday. Some of those activities would continue on a limited basis, while others would halt entirely, acting CISA leader Madhu … Read More “Acting CISA chief says DHS funding lapse would limit, halt some agency work  – CyberScoop” »

Ransomware groups crop up like weeds, angling for striking positions in a crowded field rife with turnover, infighting and unbridled competition. Yet, they rarely emerge, as 0APT did late last month, claiming roughly 200 victims out of the gate. Researchers have thus far seen no evidence confirming 0APT attacked any of its alleged victims, which … Read More “0APT ransomware group rises swiftly with bluster, along with genuine threat of attack  – CyberScoop” »

AI apps are making their way into healthcare. It’s not clear that rigorous data security or privacy practices will be part of the package. OpenAI, Anthropic and Google have all rolled out AI-powered health offerings from over the past year. These products are designed to provide health and wellness advice to individual users or organizations, … Read More “Your AI doctor doesn’t have to follow the same privacy rules as your real one  – CyberScoop” »

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade … Read More “Kimwolf Botnet Swamps Anonymity Network I2P  – Krebs on Security” »

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which … Read More “APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities  – The Hacker News” »

It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere  – … Read More “Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms  – The Hacker News” »

New York, NY, 11th February 2026, CyberNewswire  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Republicans in Congress are moving ahead with two pieces of legislation this week that would dramatically reshape the nation’s election laws. Together, the SAVE America Act and MEGA Act would shift key voter certification powers to the executive branch,  require stricter proof of citizenship for voter registration, and allow states to more easily access federal … Read More “GOP Congress moves to shape election law in Trump’s image  – CyberScoop” »

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they … Read More “Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. “The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of  – Read More  – The … Read More “SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits  – The Hacker News” »

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified … Read More “Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days  – The Hacker News” »

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. “The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of  – Read More  – The … Read More “SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits  – The Hacker News” »

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. “The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported … Read More “North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations  – The Hacker News” »