Security researchers have uncovered six critical denial-of-service vulnerabilities in the Socomec DIRIS M-70 industrial gateway used for power monitoring and energy management in critical infrastructure. The flaws were discovered through an innovative emulation technique that bypassed hardware debugging limitations by…
Category: Cyber Security News
Hackers Leveraging Emoji Code to Hide Malicious Code and Evade Security Detections
Threat actors have begun using an obfuscation technique called emoji smuggling to hide malicious code from security systems. This attack method exploits Unicode encoding and emoji characters to bypass traditional security filters that scan for suspicious ASCII text patterns. Standard…
XWorm Malware Delivered via Fake Financial Receipts Targeting Windows Systems to Steal Logins and Sessions
A sophisticated multi-stage malware campaign is actively targeting Brazilian and Latin American (LATAM) businesses using fake bank receipts to deliver XWorm v5.6, a commodity remote access trojan (RAT) capable of stealing credentials, hijacking sessions, and enabling downstream ransomware deployment. The…
AI Dev Tool Cline’s npm Token Hijacked by Hackers for 8 Hours
A compromised publish token gave attackers brief but concerning access to the Cline CLI npm package, exposing developers who installed it during an 8-hour window on February 17, 2026. The incident highlights the growing risk of supply chain attacks targeting…
Critical Authentication Bypass in better-auth API Keys Plugin Allows Unauthenticated Account Takeover
A critical authentication bypass vulnerability in the better-auth API keys plugin allows unauthenticated attackers to mint privileged API keys for arbitrary users. The flaw, tracked as CVE-2025-61928, affects all versions of the better-auth library prior to 1.3.26 — a package…
Microsoft Defender Unveils Centralized Script Library with Copilot Analysis for Enhanced Live Response
Microsoft has introduced a new Library Management experience in Microsoft Defender for Endpoint, designed to fundamentally transform how security analysts manage the scripts and tools they rely on during live response investigations. Announced on February 16, 2026, the enhancement addresses…
Advanced Crypto Mining Malware Spreads Through External Drives and Air-Gapped Systems
A sophisticated cryptocurrency mining campaign has emerged, targeting systems through external storage devices with the ability to compromise even air-gapped environments. The malware operates as a multi-stage infection that prioritizes mining Monero cryptocurrency while establishing persistent mechanisms to resist removal.…
MCP Servers can be Exploited to Execute Arbitrary Code and Exfiltrate Sensitive Data
The Model Context Protocol (MCP) emerged as a breakthrough standard in November 2024, designed by Anthropic to seamlessly connect AI assistants with external systems and data sources. This innovation allows Large Language Models (LLMs) to interact with tools and repositories,…
Microsoft Teams to Prompt Mobile Users for Browser Choice with Non-Office and PDF Links
Microsoft is rolling out a significant update to Teams Mobile on Android and iOS that changes how non-Office and PDF links are handled within the app. Beginning in late February 2026, users will be presented with a browser selection prompt…
Guardian AI-Penetration Testing Tool Connects Gemini, GPT-4 with 19 Security Tools Including Nmap
A new open-source framework is reshaping how security professionals approach penetration testing by placing multiple large language models directly at the helm of automated security assessments. Guardian, developed by Zakir Kun and available on GitHub, is an enterprise-grade AI-powered penetration…
OpenAI Launches EVMbench to Detect, Patch, and Exploit Vulnerabilities in Blockchain Environments
OpenAI, in collaboration with crypto investment firm Paradigm, has introduced EVMbench, a new benchmark designed to evaluate the ability of AI agents to detect, patch, and exploit high-severity vulnerabilities in smart contracts. The release marks a significant step in measuring…
Hackers Can Leverage Grok and Copilot for Stealthy Malware Communication and Control
A novel attack technique that repurposes mainstream AI assistants, specifically xAI’s Grok and Microsoft Copilot, as covert command-and-control (C2) relays, enabling attackers to tunnel malicious traffic through platforms that enterprise networks already trust and permit by default. Dubbed “AI as…
Fake CAPTCHA (ClickFix) Attack Chain Leads to Enterprise‑Wide Malware Infection in Organisations
A sophisticated cyberattack campaign leveraging “ClickFix” social engineering has emerged, posing a severe threat to enterprise networks globally. These massive campaigns, which trick users into executing malicious code under the guise of resolving a fake technical error, have become increasingly…
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in The Wild Targeting Corporate Networks
Two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) have emerged as a major threat to enterprise networks, with active exploitation campaigns targeting corporate infrastructure across multiple countries. The vulnerabilities, identified as CVE-2026-1281 and CVE-2026-1340, enable unauthenticated attackers to…
Cryptocurrency Scams Target Asia, Combining Malvertising and Pig Butchering with Losses Up to ¥10 Million
A sophisticated cryptocurrency scam campaign is currently targeting users across Asia, with a heavy and specific focus on Japan. This operation uniquely combines two distinct fraud models into a single, highly effective attack vector: malvertising and “pig butchering.” By blending…
Malware Campaign Delivers Remote Access Backdoor and Fake MetaMask Wallet to Steal Cryptocurrency Funds
North Korean threat actors have launched a sophisticated attack campaign targeting IT professionals in cryptocurrency, Web3, and artificial intelligence sectors. The ongoing operation, known as Contagious Interview, deploys remote access backdoors alongside trojanized MetaMask wallet extensions designed to steal digital…
Microsoft 365 Exchange URL Filtering Update Quarantines Legitimate Emails as Phishing
A faulty URL filtering rule update in Microsoft Exchange Online triggered a widespread false-positive storm beginning February 9, 2026, causing legitimate email messages to be incorrectly flagged as phishing and quarantined, disrupting email workflows for organizations globally. Microsoft tracked the…
Microsoft 365 Copilot Flaw Allows AI Assistant to Summarize Sensitive Emails
A security flaw in Microsoft 365 Copilot is causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, bypassing configured Data Loss Prevention (DLP) policies dxposing potentially sensitive organizational data to unauthorized AI processing. The issue,…
ClickFix Abuses Legitimate Homebrew Workflow to Deploy Cuckoo Stealer on macOS for Credential Harvesting
A sophisticated social engineering campaign is targeting macOS developers through fake Homebrew installation pages that deploy Cuckoo Stealer, a comprehensive credential-harvesting malware. The attack leverages the ClickFix technique, which tricks users into executing malicious Terminal commands disguised as legitimate software…
ClawHavoc Poisoned OpenClaw’s ClawHub with 1,184 Malicious Skills, Enabling Data Theft and Backdoor Access
A large-scale supply chain poisoning campaign that targeted OpenClaw’s official marketplace, ClawHub, distributing 1,184 malicious “Skills” designed to steal data and establish backdoor access on compromised systems. OpenClaw, a fast-growing open-source AI agent platform, enables users to install plugin-like Skills…