Recent Posts
News•Feb 10, 2026
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India
A newly released Aryaka report details a Pakistan‑attributed APT36 campaign that has launched a three‑pronged cyber assault on Indian government and defense entities. The operation employs three distinct Remote Access Trojans—GETA (a .NET Windows RAT), ARES (a Python‑based Linux RAT), and Desk (a Go‑based PowerPoint add‑in). All three rely on phishing‑borne payloads, living‑off‑the‑land binaries, and encrypted C2 channels to maintain stealthy, long‑term persistence for intelligence gathering.
By SecurityWeek
News•Feb 10, 2026
New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices
ZeroDayRAT, a commercial mobile spyware kit, provides full remote control of iOS and Android devices. Available through Telegram, the toolkit includes live camera streaming, keylogging, GPS tracking, and modules for bank credential harvesting and clipboard‑based crypto theft. Researchers at iVerify...
By SecurityWeek
News•Feb 10, 2026
New ‘SSHStalker’ Linux Botnet Uses Old Techniques
Security firm Flare has uncovered a new Linux botnet named SSHStalker that relies on a suite of decade‑old exploits and IRC‑based control mechanisms. The malware chain deploys multiple C‑based and Perl IRC bots, leverages 19 Linux kernel vulnerabilities from 2009,...
By SecurityWeek
News•Feb 9, 2026
Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats
Outtake, a cybersecurity startup, announced a $40 million Series B round to accelerate its unified digital‑trust platform amid a surge in AI‑driven phishing and impersonation attacks. The round, led by ICONIQ and featuring investors such as Satya Nadella and Nikesh Arora, brings total capital...
By SecurityWeek
News•Feb 9, 2026
Cybersecurity M&A Roundup: 34 Deals Announced in January 2026
January 2026 saw 34 cybersecurity M&A announcements, underscoring rapid consolidation in the sector. CrowdStrike led the pack, agreeing to acquire SGNL for $740 million and Seraphic Security for about $420 million, bolstering its identity and browser‑runtime defenses. Other notable deals include Delinea’s...
By SecurityWeek
News•Feb 6, 2026
‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks
Cisco’s Talos researchers have identified a China‑linked adversary‑in‑the‑middle framework called DKnife, operating since at least 2019. The platform comprises seven Linux‑based implants that perform deep packet inspection, traffic manipulation, and delivery of backdoors such as ShadowPad and DarkNimbus. DKnife targets...
By SecurityWeek
News•Feb 6, 2026
5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel
The House Energy Subcommittee advanced five bipartisan bills aimed at strengthening both physical and cyber defenses of the United States electric grid and broader energy infrastructure. The legislation updates Department of Energy programs, extends cybersecurity support for rural utilities through...
By SecurityWeek
News•Feb 5, 2026
Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
Security researcher Sygnia uncovered a coordinated network of more than 150 cloned law‑firm websites used in an AI‑powered fraud scheme. The domains are spread across multiple registrars, each with its own SSL certificate and often hidden behind Cloudflare to evade...
By SecurityWeek
News•Feb 5, 2026
VS Code Configs Expose GitHub Codespaces to Attacks
Orca Security discovered that GitHub Codespaces automatically executes VS Code configuration files in the *.vscode* folder when a repository or pull request is opened. Malicious JSON files such as settings.json or devcontainer.json can inject bash commands, leading to remote code execution...
By SecurityWeek
News•Feb 5, 2026
Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries
Palo Alto Networks identified a state‑sponsored cyber‑espionage group, TGR‑STA‑1030, conducting a "Shadow Campaign" that has breached at least 70 organizations in 37 countries, including government ministries, law‑enforcement agencies, and telecom operators. The group, likely linked to China, leverages sophisticated phishing...
By SecurityWeek
News•Feb 5, 2026
Cisco, F5 Patch High-Severity Vulnerabilities
Cisco and F5 released emergency patches this week addressing multiple high‑severity flaws across their flagship products. Cisco fixed two critical bugs—CVE‑2026‑20119, a remote, unauthenticated DoS in TelePresence CE and RoomOS, and CVE‑2026‑20098, an authenticated file‑upload that grants root command execution...
By SecurityWeek
News•Feb 3, 2026
Critical React Native Vulnerability Exploited in the Wild
A critical‑severity flaw (CVE‑2025‑11953, CVSS 9.8) in the React Native Community CLI’s Metro bundler has been actively exploited since late December. The vulnerability allows unauthenticated remote OS command execution via simple POST requests to development servers that bind to external interfaces....
By SecurityWeek
News•Jan 30, 2026
In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
SecurityWeek’s weekly roundup highlights a flurry of cyber‑related developments. Mitsubishi Electric completed its roughly $1 billion purchase of industrial‑security firm Nozomi Networks, while LastPass disrupted a backup‑themed phishing campaign and warned of a new wave of attacks. CISA announced it will...
By SecurityWeek
News•Jan 30, 2026
Aisy Launches Out of Stealth to Transform Vulnerability Management
Aisy has emerged from stealth, securing $2.3 million seed funding from Osney Capital, Flying Fish Ventures, and 6 Degrees Capital. The startup offers an AI‑assisted platform that maps an organization’s infrastructure from an attacker’s viewpoint and then analyzes existing vulnerability tickets to...
By SecurityWeek
Deals•Jan 30, 2026
Aisy Raises $2.3M Seed Round to Transform Vulnerability Management
Aisy, an AI‑assisted vulnerability management startup, announced a $2.3 million seed round led by Osney Capital, Flying Fish Ventures and 6 Degrees Capital, along with other angel investors. The funding will support the launch of its platform that helps security teams prioritize...
SecurityWeek
Deals•Jan 30, 2026
Mitsubishi Electric Completes Acquisition of Nozomi Networks
Mitsubishi Electric has completed its acquisition of industrial cybersecurity firm Nozomi Networks, making it a wholly owned subsidiary that will operate independently. The deal value was not disclosed. The acquisition expands Mitsubishi's capabilities in industrial IoT security.
SecurityWeek
News•Jan 28, 2026
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL
A total of twelve vulnerabilities in OpenSSL have been patched, including a high‑severity remote code execution (RCE) flaw. All issues were identified by a single cybersecurity research firm and disclosed through coordinated channels. The fixes address weaknesses that could allow...
By SecurityWeek
Deals•Jan 28, 2026
Mesh Security Raises $12M Series A Led by Lobby Capital
Cybersecurity mesh architecture provider Mesh Security announced a $12 million Series A funding round, bringing its total capital raised to over $16 million. The round was led by Lobby Capital with participation from S Ventures and BrightPixel Capital. The capital...
SecurityWeek
News•Jan 27, 2026
Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
A threat actor published sixteen browser extensions on Chrome Web Store and Microsoft Edge Add‑ons, posing as ChatGPT productivity tools. The extensions inject main‑world JavaScript into chatgpt.com to harvest authentication tokens, chat history, telemetry, and other metadata. Over 900 combined...
By SecurityWeek
News•Jan 26, 2026
Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms
Security researchers at SEC Consult uncovered more than 20 vulnerabilities in Dormakaba’s Exos access‑control platform, affecting hardware managers, registration units, and central software. The flaws include hard‑coded credentials, weak passwords, privilege escalation, and command‑injection, which could let attackers remotely unlock doors...
By SecurityWeek
News•Jan 23, 2026
In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
SecurityWeek’s weekly roundup highlights a record €1.2 billion in GDPR fines in 2025, with Ireland accounting for the bulk of penalties, and a 22 % jump in breach notifications. Mandiant released Net‑NTLMv1 rainbow tables that can crack legacy hashes in under 12 hours,...
By SecurityWeek
News•Jan 23, 2026
Organizations Warned of Exploited Zimbra Collaboration Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE‑2025‑68645, a local file inclusion flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and urged immediate patching. The vulnerability resides in the RestFilter servlet, allowing unauthenticated attackers...
By SecurityWeek
News•Jan 22, 2026
The Upside Down Is Real: What Stranger Things Teaches Us About Modern Cybersecurity
The article likens modern cybersecurity challenges to the Upside Down world of Stranger Things, using the show’s portals as a metaphor for today’s sprawling attack surface. It stresses that every IoT, cloud, or OT connection acts as a hidden entry point...
By SecurityWeek
News•Jan 22, 2026
Old Attack, New Speed: Researchers Optimize Page Cache Exploits
Researchers from TU Graz have revived Linux page‑cache attacks, demonstrating sub‑microsecond flush times and full attack loops completing in 0.6‑2.3 µs—up to six orders of magnitude faster than prior work. The paper details new techniques that work across kernel versions from 2003...
By SecurityWeek
News•Jan 21, 2026
CyberNut Closes $5M Growth Capital for K-12 Security Awareness Training
CyberNut, a Miami‑based startup, closed a $5 million minority growth equity round led by Growth Street Partners to scale its K‑12 cybersecurity awareness platform. The company, which emerged from stealth in May 2024 after raising $800,000 in pre‑seed capital, already serves over...
By SecurityWeek
News•Jan 21, 2026
AiFWall Emerges From Stealth With an AI Firewall
aiFWall Inc emerged from stealth, releasing a free AI firewall that protects both inbound prompts and outbound responses of agentic AI deployments. The product leverages contextual analysis and a central AI engine to create just‑in‑time threat markers from malicious prompts....
By SecurityWeek
News•Jan 21, 2026
North Korean Hackers Target macOS Developers via Malicious VS Code Projects
North Korean threat actors have launched a new campaign that abuses Visual Studio Code task configuration files to deliver macOS malware. The attackers masquerade as recruiters, enticing developers to clone malicious GitHub or GitLab repositories under the guise of job...
By SecurityWeek
News•Jan 21, 2026
Why Identity Security Must Move Beyond MFA
Enterprise MFA usage has reached roughly 70% in early 2025, cementing it as a core defense against automated attacks. Yet cybercriminals exploit AI‑driven phishing, SIM swapping, and credential theft to bypass even strong multi‑factor controls. Recent data shows a 63%...
By SecurityWeek
News•Jan 21, 2026
Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore
SecurityWeek’s Cyber Insights 2026 warns that APIs, already handling roughly 83 % of internet traffic, will become even more critical as agentic AI proliferates. The rise of autonomous AI agents is set to double the number of API endpoints by 2026, expanding...
By SecurityWeek
News•Jan 21, 2026
Oracle’s First 2026 CPU Delivers 337 New Security Patches
Oracle has issued its first Critical Patch Update for 2026, delivering 337 security patches that address roughly 230 unique CVEs across more than 30 products. More than two dozen of the fixes target critical‑severity bugs, and over 235 patches remediate...
By SecurityWeek
News•Jan 19, 2026
‘SolyxImmortal’ Information Stealer Emerges
Cyfirma has uncovered a new Python‑based information stealer dubbed SolyxImmortal, targeting Windows machines. The malware runs silently, establishes persistence in the user’s AppData folder, and exfiltrates credentials, keystrokes, and screenshots through hard‑coded Discord webhooks over HTTPS. It harvests Chrome master...
By SecurityWeek
News•Jan 19, 2026
Cyber Insights 2026: Information Sharing
Cybersecurity information sharing remains essential but faces structural challenges. The Cybersecurity Information Sharing Act of 2015, set to lapse on Jan 30 2026, threatens to curtail the legal protections that encourage voluntary threat‑intel exchange, while the CISA agency confronts funding cuts and...
By SecurityWeek
News•Jan 16, 2026
Cybersecurity Firms React to China’s Reported Software Ban
China’s government has ordered domestic companies to cease using cybersecurity software from U.S. and Israeli vendors, naming more than a dozen firms including CrowdStrike, Palo Alto Networks, and Check Point. Most of the listed companies say they have little or no...
By SecurityWeek
News•Jan 15, 2026
New StackWarp Attack Threatens Confidential VMs on AMD Processors
Researchers at Germany's CISPA Helmholtz Center disclosed StackWarp, a new hardware vulnerability that spans AMD Zen 1 through Zen 5 processors. The flaw exploits a synchronization error in the CPU's stack engine, allowing a malicious host to manipulate a guest VM's stack...
By SecurityWeek
News•Jan 15, 2026
Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls
Tenzai evaluated five leading AI coding agents—Anysphere Cursor, Claude Code, OpenAI Codex, Replit, and Cognition Devin—by having them build three identical apps. The 15 generated applications contained 69 vulnerabilities, with no exploitable SQL injection or XSS but universal SSRF issues...
By SecurityWeek
News•Jan 15, 2026
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Phoenix Contact and Aveva issued a dozen Patch Tuesday advisories on Jan. 15, 2026, addressing critical and high‑severity flaws across edge devices, process automation platforms, routers and optimization software. Siemens released five advisories,...
By SecurityWeek
News•Jan 14, 2026
RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement
Microsoft announced a joint operation with international law enforcement to dismantle RedVDS, a cybercrime‑as‑a‑service platform that provides disposable Windows VMs for phishing, BEC and financial fraud. Launched in 2019, RedVDS charged as little as $24 per month and is tied...
By SecurityWeek
News•Jan 14, 2026
Predator Spyware Turns Failed Attacks Into Intelligence for Future Exploits
New research by Jamf uncovers that the Predator spyware, sold by Intellexa, includes a self‑diagnostic system that reports detailed error codes when attacks fail. These codes convey why deployments were aborted—such as detection of developer mode, proxies, or analysis tools—allowing...
By SecurityWeek
News•Jan 13, 2026
After Goldman, JPMorgan Discloses Law Firm Data Breach
JPMorgan Chase disclosed to the Maine Attorney General that a data breach at law firm Fried Frank exposed personal information of 659 investors in a private‑equity fund. The breach involved unauthorized copying of files containing names, contact details, account numbers,...
By SecurityWeek
News•Jan 12, 2026
Hackers Accessed University of Hawaii Cancer Center Patient Data; They Weren’t Immediately Notified
Hackers infiltrated the University of Hawaiʻi Cancer Center’s servers in August, exfiltrating participants' Social Security numbers and other personal data. The university delayed reporting the ransomware attack to the state legislature until December, missing the statutory 20‑day notification window. UH...
By SecurityWeek
News•Jan 9, 2026
Tim Kosiba Named NSA Deputy Director
Timothy Kosiba has been appointed the National Security Agency’s 21st Deputy Director, a role confirmed by President Donald J. Trump after designation by Secretary of War Pete Hegseth and DNI Tulsi Gabbard. Kosiba returns as the agency’s most senior civilian...
By SecurityWeek
News•Jan 9, 2026
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
The FBI has warned that North Korean APT group Kimsuky is deploying a new spear‑phishing technique called quishing, which embeds malicious QR codes in email attachments. Scanning the QR code redirects victims to mobile‑optimized phishing pages that harvest device data...
By SecurityWeek
News•Jan 8, 2026
CrowdStrike to Buy Identity Security Firm SGNL for $740 Million in Cash
CrowdStrike announced a $740 million cash acquisition of identity‑security startup SGNL, aiming to embed real‑time, AI‑aware access controls into its platform. SGNL’s identity‑first solution eliminates static credentials and continuously grants or revokes permissions for human, non‑human and AI agents. The deal,...
By SecurityWeek
News•Jan 8, 2026
Researchers Expose WHILL Wheelchair Safety Risks via Remote Hacking
Security researchers from QED Secure Solutions uncovered a critical Bluetooth authentication flaw in WHILL’s Model C2 and Model F electric wheelchairs (CVE‑2025‑14346). The vulnerability allows attackers within range to pair with the device, seize control of movement, override speed limits,...
By SecurityWeek
News•Jan 7, 2026
The Loudest Voices in Security Often Have the Least to Lose
The article argues that the most vocal cybersecurity commentators often lack accountability, leading to hype over substance. It illustrates five harmful personas—panic inducer, hype rider, Chicken Little, pessimist, and dismisser—who prioritize fear, trends, or dismissal instead of evidence‑based solutions. By...
By SecurityWeek