North Korean nation-state threat actors have been running a two-part operation — posing as job recruiters while embedding fake workers inside real companies. Since at least 2022, these actors have tricked software developers into running malicious code during fake technical…
New Phishing Framework Starkiller Proxies Real Login Pages to Bypass MFA
A highly sophisticated phishing framework named Starkiller has recently emerged, offering attackers an advanced method to steal credentials and bypass multi-factor authentication. Developed by a group known as Jinkusu, this malicious toolkit is sold as a commercial software-as-a-service product. Unlike…
Microsoft MFA Down – 504 Gateway Timeout Errors Disrupting MFA Access for U.S. Users
Microsoft is currently investigating a significant service degradation affecting Multi-Factor Authentication (MFA) across its Microsoft 365 suite, with users in the North America region reporting widespread 504 gateway timeout errors when attempting to authenticate into MFA-protected services. The incident, tracked…
AI Powered Attacks Target Hundreds of Fortinet Firewalls in Weeks
Cybercrime sophistication is no longer primarily determined by technical mastery but by the ability to industrialize opportunities as well. An anonymous, Russian-speaking threat actor quietly orchestrated a campaign over five weeks ago that compromised more than 600 FortiGate devices…
Dragos Warns of New State-Backed Threat Groups Targeting Critical Infrastructure
A fresh wave of state-backed hacking targeted vital systems more aggressively over the past twelve months, as newer collectives appeared while long-known teams kept their campaigns running, per Dragos’ latest yearly analysis. Operating underground until now, three distinct gangs…
Anthropic Launches Claude Code Security To Autonomously Detect And Patch Bugs
Anthropic has introduced Claude Code Security, a new AI-powered capability in its Claude Code assistant that promises to raise the bar for software security by scanning entire codebases for vulnerabilities and suggesting human-reviewed patches. The feature is currently rolling…
Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach
A youX breach exposed sensitive borrower data in Australia, including over 200,000 driver’s licence numbers, raising fraud and phishing risks. The post Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach appeared first on TechRepublic. This article has been…
NDSS 2025 – Generating API Parameter Security Rules With LLM For API Misuse Detection
Session 13B: API Security Authors, Creators & Presenters: Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi Yang (Institute of Information Engineering, Chinese Academy of…
Hackers target vulnerabilities in Roundcube Webmail
CISA has added the flaws, one of which is considered critical, to its Known Exploited Vulnerabilities catalog. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Hackers target vulnerabilities in Roundcube Webmail
IT Security News Hourly Summary 2026-02-23 18h : 6 posts
6 posts were published in the last hour 16:34 : VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report 16:34 : The Apple-Google AI Deal: What $1 Billion Says About Who’s Really Winning the AI Race…
VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report
Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN product, which allowed the hackers to gain access to 119 other unnamed organizations. This article has been indexed from…
The Apple-Google AI Deal: What $1 Billion Says About Who’s Really Winning the AI Race
Apple chose Google’s Gemini over ChatGPT for Siri’s AI upgrade. This $1B/year deal reveals who’s actually winning the AI race—and it’s not who you think. The post The Apple-Google AI Deal: What $1 Billion Says About Who’s Really Winning the…
AI helps novice threat actor compromise FortiGate devices in dozens of countries
Generative AI tools analyzed target networks and wrote exploit code, giving an opportunistic attacker an outsized impact, according to a new Amazon report. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: AI helps…
Global regulators say AI image tools don’t get a free pass on privacy rules
Watchdogs warn models that can generate realistic images of people must comply with data protection laws A global coalition of privacy watchdogs has fired a warning shot at the generative AI industry, saying companies churning out realistic synthetic images can’t…
US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
The Everest ransomware group has taken credit for a hacker attack on Vikor Scientific, now called Vanta Diagnostics. The post US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach appeared first on SecurityWeek. This article has been indexed from…
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers This article has been indexed from www.infosecurity-magazine.com Read the original article: Shai-Hulud-Like Worm Targets Developers via npm and AI Tools
PayPal Confirms Six-Month Data Exposure Linked to Loan System Error
PayPal has confirmed a data leak in its Working Capital loan system that exposed names, dates of birth, and Social Security numbers for six months. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
Out of the Shadows: How to Safely Migrate Data for AI Deployments
As genAI adoption accelerates, organizations must strengthen governance and visibility to prevent shadow AI and protect sensitive data. The post Out of the Shadows: How to Safely Migrate Data for AI Deployments appeared first on eSecurity Planet. This article has…
Romanian hacker pleads guilty to selling access to Oregon state networks
A Romanian man pleaded guilty to selling admin access to Oregon’s state network for $3,000 in Bitcoin and repeatedly accessing it to prove control. Catalin Dragomir (45) from Romania, pleaded guilty in the U.S. for selling unauthorized admin access to…
Break free of Ring’s servers, earn a five-figure bounty
Goal is to run software locally and stream only to owners’ computers If the sour taste has still not left your mouth after Ring’s Super Bowl ad, there is a $10,000 prize for anyone who can find a security flaw…
How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC
Originally published at How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC by Sona Mirzoyan. About the Customer Company: SmugMug Industry: Image Hosting … The post How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC appeared first on EasyDMARC. The…
Confronting Vault Sprawl And The Risks It Brings
Vault sprawl means duplicated secrets, fragmented access, and unclear ownership. Learn how GitGuardian’s NHI Governance restores control across the enterprise. The post Confronting Vault Sprawl And The Risks It Brings appeared first on Security Boulevard. This article has been indexed…
Spanish police arrest suspected Anonymous members over DDoS attacks on government sites
Spanish police (Guardia Civil) arrested four members of the hacktivist group Anonymous Fénix over DDoS attacks targeting ministries, political parties and public institutions. Police raid (Source: Guardia Civil) Police identified the organization’s leadership, including its administrator and moderator, who were…
Fake troubleshooting tip on ClawHub leads to infostealer infection
A new malware delivery campaign has hit ClawHub, the official online repository for “skills” that augment the capabilities of the popular OpenClaw AI agent. Unlike previous ones, this campaign does not aim to trick users into downloading a bogus, malicious…