Category: Cyber Security News

Three critical vulnerabilities have been found in four popular Visual Studio Code extensions. These extensions have been downloaded over 128 million times. The vulnerabilities are identified as CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717. The findings from the OX Security Research team, later…

Read more →

Apache Tomcat has disclosed CVE-2026-24733, a Low-severity security constraint bypass that can be triggered via HTTP/0.9 requests when certain access-control rules are configured in a specific way. The Apache Tomcat security team identified the issue, and the original advisory was…

Read more →

Security Advisory has revealed multiple vulnerabilities in Jenkins Core, including a stored Cross-Site Scripting (XSS) flaw that could expose build environments to severe security risks. The issues, identified as CVE-2026-27099 and CVE-2026-27100, were responsibly disclosed under the Jenkins Bug Bounty Program sponsored by the European…

Read more →

A new Python-based infostealer called CharlieKirk Grabber has been identified targeting Windows systems, with a focused goal of stealing stored login credentials, browser cookies, and session data. The malware is built to work as a “smash-and-grab” threat — it launches…

Read more →

A 19 February 2026 FBI FLASH (FLASH-20260219-001) warns banks and ATM operators about a rise in malware-enabled “jackpotting,” where criminals exploit physical access and software gaps to make machines pay out cash without a real transaction, a pattern now seen…

Read more →

Three Silicon Valley engineers have been indicted for allegedly stealing confidential technology data from Google and other major companies and transferring that information to unauthorized locations, including Iran. The defendants Samaneh Ghandali (41), Mohammadjavad “Mohammad” Khosravi (40), and Soroor Ghandali (32), all…

Read more →

A public proof-of-concept exploit has been released for CVE-2026-2441, a critical use-after-free zero-day vulnerability in Google Chrome’s Blink CSS engine that Google confirmed is being actively exploited in the wild. Security researcher Shaheen Fazim reported the flaw on February 11,…

Read more →

Large language models, commonly known as LLMs, are increasingly being asked to generate passwords — and new research has shown that the passwords they produce are far weaker than they appear. A password like G7$kL9#mQ2&xP4!w may look convincingly random, but it carries…

Read more →

Hackers are increasingly abusing OAuth applications in Microsoft Entra ID to gain persistent access, blending in as normal “business integrations” while keeping access even after defenders reset passwords. Recent Wiz research and incident reporting show attackers using fake OAuth apps, deceptive consent…

Read more →

A critical vulnerability in BeyondTrust’s remote support software is being actively exploited by hackers to deliver dangerous backdoors on compromised systems. The flaw, tracked as CVE-2026-1731, carries a CVSS score of 9.9 and lets attackers run system commands with no…

Read more →

Microsoft has patched a high-severity remote code execution (RCE) vulnerability in the modern Windows Notepad application, tracked as CVE-2026-20841, as part of its February 2026 Patch Tuesday release cycle. The flaw, rooted in command injection, was originally discovered by Cristian…

Read more →

PentAGI introduces an AI-driven approach to penetration testing, automating complex workflows with tools like Nmap and Metasploit while generating detailed reports. Developed by VXControl and released on GitHub in early 2025, this open-source platform empowers security professionals to conduct autonomous…

Read more →

An ongoing phishing campaign that targets Microsoft 365 users by abusing OAuth tokens to gain long‑term access to corporate data, which focuses on business users in North America and aims to compromise Outlook, Teams, and OneDrive without directly stealing passwords.…

Read more →

A significant security update for the Chrome Stable Channel to address multiple vulnerabilities, including high-severity flaws affecting the browser’s core engines. The tech giant announced the rollout of versions 145.0.7632.109/110 for Windows and Mac, as well as 144.0.7559.109 for Linux.…

Read more →

Splunk has disclosed a high-severity vulnerability in Splunk Enterprise for Windows that allows a low-privileged local user to escalate their privileges to SYSTEM level through a DLL search-order hijacking attack. Tracked as CVE-2026-20140 and published on February 18, 2026, under…

Read more →

The most downloaded AI agent skill on OpenClaw’s ClawHub marketplace was functional malware, not a productivity tool. OpenClaw, an open-source AI agent platform, operates a public skill marketplace called ClawHub, where third-party developers can publish plugins, or “skills,” that extend…

Read more →

Adidas has confirmed it is actively investigating a potential data breach involving one of its independent third-party partners after a threat actor operating under the alias “LAPSUS-GROUP” posted claims on BreachForums on February 16, 2026, alleging unauthorized access to the…

Read more →

The most downloaded AI agent skill on OpenClaw’s ClawHub marketplace was functional malware, not a productivity tool. OpenClaw, an open-source AI agent platform, operates a public skill marketplace called ClawHub, where third-party developers can publish plugins, or “skills,” that extend…

Read more →

The emergence of a distinct vulnerability disclosure ecosystem within China has introduced a complex layer to the global threat landscape. Unlike the centralized CVE system used internationally, China maintains two separate databases—the CNVD and CNNVD—which operate with different disclosure timelines…

Read more →

The first known Android malware family to weaponize a generative AI model, specifically Google’s Gemini, as part of its active execution flow. Discovered in February 2026, the malware represents a significant evolutionary step in mobile threats and follows ESET’s earlier…

Read more →