3 Threat Groups Started Targeting ICS/OT in 2025: Dragos
Dragos’ 2026 Year in Review OT/ICS report adds three new adversaries—Sylvanite, Azurite and Pyroxene—targeting industrial control systems in 2025. Sylvanite acts as a rapid‑exploitation broker, weaponising n‑day flaws within 48 hours and handing access to the Voltzite group across power, oil, water and manufacturing sectors. Azurite focuses on stealing OT network diagrams, PLC configurations and HMI data, using compromised routers and edge devices to pivot into operational environments. Pyroxene, linked to Iranian actors, blends social‑engineering lures such as fake LinkedIn recruiter profiles with wiper malware to move from IT to OT and threaten disruption.
Dutch Carrier Odido Discloses Data Breach Impacting 6 Million
Dutch mobile carrier Odido announced a data breach that exposed personal information of more than 6 million customers, including names, addresses, phone numbers, email, dates of birth, bank account and passport or driver‑license details. The intrusion occurred on February 7‑8 and targeted...
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Aveva, and Phoenix Contact released a flurry of Patch Tuesday advisories on February 11, 2026, addressing high‑severity flaws across dozens of OT products. Siemens issued eight advisories covering Desigo CC, Sentron Powermanager, Simcenter Femap, NX, and...
EU Unconditionally Approves Google’s $32B Acquisition of Wiz
The European Commission has given unconditional approval to Google’s $32 billion acquisition of cloud‑security firm Wiz, allowing the deal to close without any remedial conditions. The EU antitrust review concluded that the transaction poses no significant competition risk in the European...
RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India
A newly released Aryaka report details a Pakistan‑attributed APT36 campaign that has launched a three‑pronged cyber assault on Indian government and defense entities. The operation employs three distinct Remote Access Trojans—GETA (a .NET Windows RAT), ARES (a Python‑based Linux RAT),...
New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices
ZeroDayRAT, a commercial mobile spyware kit, provides full remote control of iOS and Android devices. Available through Telegram, the toolkit includes live camera streaming, keylogging, GPS tracking, and modules for bank credential harvesting and clipboard‑based crypto theft. Researchers at iVerify...
New ‘SSHStalker’ Linux Botnet Uses Old Techniques
Security firm Flare has uncovered a new Linux botnet named SSHStalker that relies on a suite of decade‑old exploits and IRC‑based control mechanisms. The malware chain deploys multiple C‑based and Perl IRC bots, leverages 19 Linux kernel vulnerabilities from 2009,...
Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats
Outtake, a cybersecurity startup, announced a $40 million Series B round to accelerate its unified digital‑trust platform amid a surge in AI‑driven phishing and impersonation attacks. The round, led by ICONIQ and featuring investors such as Satya Nadella and Nikesh Arora, brings total capital...
Cybersecurity M&A Roundup: 34 Deals Announced in January 2026
January 2026 saw 34 cybersecurity M&A announcements, underscoring rapid consolidation in the sector. CrowdStrike led the pack, agreeing to acquire SGNL for $740 million and Seraphic Security for about $420 million, bolstering its identity and browser‑runtime defenses. Other notable deals include Delinea’s...
‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks
Cisco’s Talos researchers have identified a China‑linked adversary‑in‑the‑middle framework called DKnife, operating since at least 2019. The platform comprises seven Linux‑based implants that perform deep packet inspection, traffic manipulation, and delivery of backdoors such as ShadowPad and DarkNimbus. DKnife targets...
5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel
The House Energy Subcommittee advanced five bipartisan bills aimed at strengthening both physical and cyber defenses of the United States electric grid and broader energy infrastructure. The legislation updates Department of Energy programs, extends cybersecurity support for rural utilities through...
Researchers Expose Network of 150 Cloned Law Firm Websites in AI-Powered Scam Campaign
Security researcher Sygnia uncovered a coordinated network of more than 150 cloned law‑firm websites used in an AI‑powered fraud scheme. The domains are spread across multiple registrars, each with its own SSL certificate and often hidden behind Cloudflare to evade...
VS Code Configs Expose GitHub Codespaces to Attacks
Orca Security discovered that GitHub Codespaces automatically executes VS Code configuration files in the *.vscode* folder when a repository or pull request is opened. Malicious JSON files such as settings.json or devcontainer.json can inject bash commands, leading to remote code execution...
Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries
Palo Alto Networks identified a state‑sponsored cyber‑espionage group, TGR‑STA‑1030, conducting a "Shadow Campaign" that has breached at least 70 organizations in 37 countries, including government ministries, law‑enforcement agencies, and telecom operators. The group, likely linked to China, leverages sophisticated phishing...
Cisco, F5 Patch High-Severity Vulnerabilities
Cisco and F5 released emergency patches this week addressing multiple high‑severity flaws across their flagship products. Cisco fixed two critical bugs—CVE‑2026‑20119, a remote, unauthenticated DoS in TelePresence CE and RoomOS, and CVE‑2026‑20098, an authenticated file‑upload that grants root command execution...
Critical React Native Vulnerability Exploited in the Wild
A critical‑severity flaw (CVE‑2025‑11953, CVSS 9.8) in the React Native Community CLI’s Metro bundler has been actively exploited since late December. The vulnerability allows unauthenticated remote OS command execution via simple POST requests to development servers that bind to external interfaces....
In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
SecurityWeek’s weekly roundup highlights a flurry of cyber‑related developments. Mitsubishi Electric completed its roughly $1 billion purchase of industrial‑security firm Nozomi Networks, while LastPass disrupted a backup‑themed phishing campaign and warned of a new wave of attacks. CISA announced it will...
Aisy Launches Out of Stealth to Transform Vulnerability Management
Aisy has emerged from stealth, securing $2.3 million seed funding from Osney Capital, Flying Fish Ventures, and 6 Degrees Capital. The startup offers an AI‑assisted platform that maps an organization’s infrastructure from an attacker’s viewpoint and then analyzes existing vulnerability tickets to...
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL
A total of twelve vulnerabilities in OpenSSL have been patched, including a high‑severity remote code execution (RCE) flaw. All issues were identified by a single cybersecurity research firm and disclosed through coordinated channels. The fixes address weaknesses that could allow...
Chrome, Edge Extensions Caught Stealing ChatGPT Sessions
A threat actor published sixteen browser extensions on Chrome Web Store and Microsoft Edge Add‑ons, posing as ChatGPT productivity tools. The extensions inject main‑world JavaScript into chatgpt.com to harvest authentication tokens, chat history, telemetry, and other metadata. Over 900 combined...
Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms
Security researchers at SEC Consult uncovered more than 20 vulnerabilities in Dormakaba’s Exos access‑control platform, affecting hardware managers, registration units, and central software. The flaws include hard‑coded credentials, weak passwords, privilege escalation, and command‑injection, which could let attackers remotely unlock doors...
In Other News: €1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
SecurityWeek’s weekly roundup highlights a record €1.2 billion in GDPR fines in 2025, with Ireland accounting for the bulk of penalties, and a 22 % jump in breach notifications. Mandiant released Net‑NTLMv1 rainbow tables that can crack legacy hashes in under 12 hours,...
Organizations Warned of Exploited Zimbra Collaboration Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE‑2025‑68645, a local file inclusion flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and urged immediate patching. The vulnerability resides in the RestFilter servlet, allowing unauthenticated attackers...
The Upside Down Is Real: What Stranger Things Teaches Us About Modern Cybersecurity
The article likens modern cybersecurity challenges to the Upside Down world of Stranger Things, using the show’s portals as a metaphor for today’s sprawling attack surface. It stresses that every IoT, cloud, or OT connection acts as a hidden entry point...
Old Attack, New Speed: Researchers Optimize Page Cache Exploits
Researchers from TU Graz have revived Linux page‑cache attacks, demonstrating sub‑microsecond flush times and full attack loops completing in 0.6‑2.3 µs—up to six orders of magnitude faster than prior work. The paper details new techniques that work across kernel versions from 2003...
CyberNut Closes $5M Growth Capital for K-12 Security Awareness Training
CyberNut, a Miami‑based startup, closed a $5 million minority growth equity round led by Growth Street Partners to scale its K‑12 cybersecurity awareness platform. The company, which emerged from stealth in May 2024 after raising $800,000 in pre‑seed capital, already serves over...
AiFWall Emerges From Stealth With an AI Firewall
aiFWall Inc emerged from stealth, releasing a free AI firewall that protects both inbound prompts and outbound responses of agentic AI deployments. The product leverages contextual analysis and a central AI engine to create just‑in‑time threat markers from malicious prompts....
North Korean Hackers Target macOS Developers via Malicious VS Code Projects
North Korean threat actors have launched a new campaign that abuses Visual Studio Code task configuration files to deliver macOS malware. The attackers masquerade as recruiters, enticing developers to clone malicious GitHub or GitLab repositories under the guise of job...
Why Identity Security Must Move Beyond MFA
Enterprise MFA usage has reached roughly 70% in early 2025, cementing it as a core defense against automated attacks. Yet cybercriminals exploit AI‑driven phishing, SIM swapping, and credential theft to bypass even strong multi‑factor controls. Recent data shows a 63%...
Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore
SecurityWeek’s Cyber Insights 2026 warns that APIs, already handling roughly 83 % of internet traffic, will become even more critical as agentic AI proliferates. The rise of autonomous AI agents is set to double the number of API endpoints by 2026, expanding...
Oracle’s First 2026 CPU Delivers 337 New Security Patches
Oracle has issued its first Critical Patch Update for 2026, delivering 337 security patches that address roughly 230 unique CVEs across more than 30 products. More than two dozen of the fixes target critical‑severity bugs, and over 235 patches remediate...
‘SolyxImmortal’ Information Stealer Emerges
Cyfirma has uncovered a new Python‑based information stealer dubbed SolyxImmortal, targeting Windows machines. The malware runs silently, establishes persistence in the user’s AppData folder, and exfiltrates credentials, keystrokes, and screenshots through hard‑coded Discord webhooks over HTTPS. It harvests Chrome master...
Cyber Insights 2026: Information Sharing
Cybersecurity information sharing remains essential but faces structural challenges. The Cybersecurity Information Sharing Act of 2015, set to lapse on Jan 30 2026, threatens to curtail the legal protections that encourage voluntary threat‑intel exchange, while the CISA agency confronts funding cuts and...
Cybersecurity Firms React to China’s Reported Software Ban
China’s government has ordered domestic companies to cease using cybersecurity software from U.S. and Israeli vendors, naming more than a dozen firms including CrowdStrike, Palo Alto Networks, and Check Point. Most of the listed companies say they have little or no...
New StackWarp Attack Threatens Confidential VMs on AMD Processors
Researchers at Germany's CISPA Helmholtz Center disclosed StackWarp, a new hardware vulnerability that spans AMD Zen 1 through Zen 5 processors. The flaw exploits a synchronization error in the CPU's stack engine, allowing a malicious host to manipulate a guest VM's stack...
Vibe Coding Tested: AI Agents Nail SQLi but Fail Miserably on Security Controls
Tenzai evaluated five leading AI coding agents—Anysphere Cursor, Claude Code, OpenAI Codex, Replit, and Cognition Devin—by having them build three identical apps. The 15 generated applications contained 69 vulnerabilities, with no exploitable SQL injection or XSS but universal SSRF issues...
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Aveva, Phoenix Contact
Industrial control system vendors Siemens, Schneider Electric, Phoenix Contact and Aveva issued a dozen Patch Tuesday advisories on Jan. 15, 2026, addressing critical and high‑severity flaws across edge devices, process automation platforms, routers and optimization software. Siemens released five advisories,...
RedVDS Cybercrime Service Disrupted by Microsoft and Law Enforcement
Microsoft announced a joint operation with international law enforcement to dismantle RedVDS, a cybercrime‑as‑a‑service platform that provides disposable Windows VMs for phishing, BEC and financial fraud. Launched in 2019, RedVDS charged as little as $24 per month and is tied...
Predator Spyware Turns Failed Attacks Into Intelligence for Future Exploits
New research by Jamf uncovers that the Predator spyware, sold by Intellexa, includes a self‑diagnostic system that reports detailed error codes when attacks fail. These codes convey why deployments were aborted—such as detection of developer mode, proxies, or analysis tools—allowing...
After Goldman, JPMorgan Discloses Law Firm Data Breach
JPMorgan Chase disclosed to the Maine Attorney General that a data breach at law firm Fried Frank exposed personal information of 659 investors in a private‑equity fund. The breach involved unauthorized copying of files containing names, contact details, account numbers,...
Hackers Accessed University of Hawaii Cancer Center Patient Data; They Weren’t Immediately Notified
Hackers infiltrated the University of Hawaiʻi Cancer Center’s servers in August, exfiltrating participants' Social Security numbers and other personal data. The university delayed reporting the ransomware attack to the state legislature until December, missing the statutory 20‑day notification window. UH...
Tim Kosiba Named NSA Deputy Director
Timothy Kosiba has been appointed the National Security Agency’s 21st Deputy Director, a role confirmed by President Donald J. Trump after designation by Secretary of War Pete Hegseth and DNI Tulsi Gabbard. Kosiba returns as the agency’s most senior civilian...
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
The FBI has warned that North Korean APT group Kimsuky is deploying a new spear‑phishing technique called quishing, which embeds malicious QR codes in email attachments. Scanning the QR code redirects victims to mobile‑optimized phishing pages that harvest device data...
CrowdStrike to Buy Identity Security Firm SGNL for $740 Million in Cash
CrowdStrike announced a $740 million cash acquisition of identity‑security startup SGNL, aiming to embed real‑time, AI‑aware access controls into its platform. SGNL’s identity‑first solution eliminates static credentials and continuously grants or revokes permissions for human, non‑human and AI agents. The deal,...
Researchers Expose WHILL Wheelchair Safety Risks via Remote Hacking
Security researchers from QED Secure Solutions uncovered a critical Bluetooth authentication flaw in WHILL’s Model C2 and Model F electric wheelchairs (CVE‑2025‑14346). The vulnerability allows attackers within range to pair with the device, seize control of movement, override speed limits,...
The Loudest Voices in Security Often Have the Least to Lose
The article argues that the most vocal cybersecurity commentators often lack accountability, leading to hype over substance. It illustrates five harmful personas—panic inducer, hype rider, Chicken Little, pessimist, and dismisser—who prioritize fear, trends, or dismissal instead of evidence‑based solutions. By...
Cybersecurity Firms Secured $14 Billion in Funding in 2025: Analysis
Cybersecurity firms raised nearly $14 billion in 2025 across 392 funding rounds, marking a 47% increase over 2024 and the strongest year since the 2021 $20 billion peak. While seed and Series A deals comprised two‑thirds of the rounds, late‑stage financings delivered half...
