A critical Remote Code Execution (RCE) vulnerability in Mozilla Firefox was caused by a single-character typo in the SpiderMonkey JavaScript engine’s WebAssembly garbage collection code, where a developer mistakenly typed “&” (bitwise AND) instead of “|” (bitwise OR). Security researcher…
CISA Adds Windows Video ActiveX Control RCE Flaw to KEV Catalog Following Active Exploitation
A long-dormant Microsoft Windows vulnerability, CVE-2008-0015, has been added to the Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw, first disclosed more than a decade ago, impacts the Windows Video ActiveX Control component and poses…
Anthropic Releases Claude Sonnet 4.6 with Improved Coding, Computer Use, and 1M Token Context Window
Anthropic has officially launched Claude Sonnet 4.6, its most capable mid-tier model to date, delivering a comprehensive upgrade across coding, computer use, long-context reasoning, agent planning, knowledge work, and design, all at the same price point as its predecessor. The…
You can jailbreak an F-35 just like an iPhone, says Dutch defense chief
No worries if the US doesn’t want to be friends with Europe anymore Lockheed Martin’s F-35 fighter aircraft can be jailbroken “just like an iPhone,” the Netherlands’ defense secretary has claimed.… This article has been indexed from The Register –…
From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses
The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs. We’re now seeing this pattern…
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations
Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise‑wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side‑loading, and dual malware families…
1-15 February 2026 Cyber Attacks Timeline
In the first half of February 2026 I collected 96 events (6.4 events/day) with a threat landscape dominated by malware with 33%, (it was 38% in the second half of last month, once again ahead of ransomware (up to 20%…
3 Ways to Start Your Intelligent Workflow Program
Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to…
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group…
ClawHavoc Infects OpenClaw’s ClawHub with 1,184 Malicious Skills, Exposing Data Theft Risks
A large-scale supply chain poisoning campaign dubbed ClawHavoc has hit OpenClaw’s official skill marketplace, ClawHub, with at least 1,184 malicious “Skills” historically published on the platform. The incident highlights how fast-growing AI agent ecosystems can become high-value malware distribution channels when plugins…
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar…
Building an Effective Incident Response Strategy to Combat Cyberattacks
Developing a robust Incident Response (IR) strategy is vital for minimizing risks and damage during cyberattacks. Learn how to create an effective IR plan, the six phases of incident response, and the importance of assembling a skilled IR team with…
Notepad++ secures update channel in wake of supply chain compromise
Notepad++, the popular text and source code editor for Windows whose update mechanism was hijacked last year, The post Notepad++ secures update channel in wake of supply chain compromise appeared first on Help Net Security. This article has been indexed…
Record Number of Ransomware Victims and Groups in 2025
Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025 This article has been indexed from www.infosecurity-magazine.com Read the original article: Record Number of Ransomware Victims and Groups in 2025
“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities
A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing. This article has been indexed from Cisco Talos Blog Read the original…
HackerOne ‘updating’ Ts&Cs after bug hunters question if they’re training AI
CEO lauds security researchers, insists they’re not ‘inputs’ HackerOne has clarified its stance on GenAI after researchers fretted their submissions were being used to train its models.… This article has been indexed from The Register – Security Read the original…
Prompt Control is the New Front Door of Application Security
Discover how AI-driven systems are redefining application security. Research highlights the importance of focusing on inference layers, prompt control, and token management to effectively secure AI inference services and minimize risks associated with cost, latency, and data leakage. The post…
One stolen credential is all it takes to compromise everything
Attackers often gain access through routine workflows like email logins, browser sessions, and SaaS integrations. A single stolen credential can give them a quick path to move across systems when access permissions are broad and visibility is fragmented. That pattern…
IT Security News Hourly Summary 2026-02-18 12h : 11 posts
11 posts were published in the last hour 10:34 : ClickFix Exploits Homebrew Workflow to Deploy Cuckoo Stealer for macOS Credential Theft 10:34 : New Phishing Campaign Targets Booking.com Partners and Customers in Multi-Stage Financial Fraud Scheme 10:34 : Scammers…
ClickFix Exploits Homebrew Workflow to Deploy Cuckoo Stealer for macOS Credential Theft
ClickFix is being weaponized against macOS developers by turning a trusted Homebrew workflow into a stealthy delivery channel for a new infostealer dubbed Cuckoo Stealer. The campaign shows how attackers can skip exploit chains entirely and instead rely on users…
New Phishing Campaign Targets Booking.com Partners and Customers in Multi-Stage Financial Fraud Scheme
A new Booking.com‑themed phishing campaign is abusing trust in travel brands to steal money and sensitive data from both hotels and guests. The scheme can start as a service message, but it can end with payment fraud and card exposure.…
Scammers use fake “Gemini” AI chatbot to sell fake “Google Coin”
An AI chatbot posing as Google’s Gemini is being used to pitch fake “Google Coin,” promising 7x returns. This article has been indexed from Malwarebytes Read the original article: Scammers use fake “Gemini” AI chatbot to sell fake “Google Coin”
CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5
The vulnerability added to CISA’s KEV catalog affects ThreatSonar Anti-Ransomware and it was patched in 2024. The post CISA: Hackers Exploiting Vulnerability in Product of Taiwan Security Firm TeamT5 appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Security Metrics That Actually Predict a Breach
Identity drift, stale access paths, alert fatigue, and risky change patterns are the security metrics most likely to predict a breach. The post Security Metrics That Actually Predict a Breach appeared first on Security Boulevard. This article has been indexed…