LLM-generated passwords may look complex and “high entropy,” but new research shows they are highly predictable, frequently repeated, and far weaker than traditional cryptographic password generators. At the core of a secure password generator is a CSPRNG, which produces characters…
Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali,…
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025. The agency said 1,900 ATM jackpotting incidents have been reported since…
PromptSpy abuses Gemini AI to gain persistent access on Android
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can…
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
INTERPOL’s Operation Red Card 2.0 led to 651 arrests across 16 African countries and recovered over $4.3 million from online scams. INTERPOL’s Operation Red Card 2.0, a joint effort involving law enforcement agencies from 16 African countries, resulted in 651…
651 arrested, $4.3 million recovered in African cybercrime sweep
Operation Red Card 2.0, supported by INTERPOL and involving law enforcement agencies from 16 African countries, led to 651 arrests and the recovery of more than $4.3 million from online scams. In Nigeria police took down a fraud ring that…
CISA’s DELL order, Android AI malware, browsers as weak link
CISA orders urgent patch of Dell flaw Android malware uses Gemini to navigate infected devices Half of all cyberattacks start in the browser, says Palo Alto Networks Get the full show notes here: https://cisoseries.com/cybersecurity-news-cisas-dell-order-android-ai-malware-browsers-as-weak-link/ Huge thanks to our sponsor, Conveyor…
Apple Updates iPhones After Targeted Attacks
Apple updates iOS, iPadOS, macOS after Google uncovers security flaw being actively exploited to target specific individuals This article has been indexed from Silicon UK Read the original article: Apple Updates iPhones After Targeted Attacks
Google Rushes Out Critical Chrome Update to Address Serious PDFium and V8 Vulnerabilities
Google has rushed out a vital security patch for Chrome, fixing three flaws that could let attackers run malicious code on users’ devices. The Stable Channel update bumps versions to 145.0.7632.109/.110 for Windows and Mac, and 144.0.7559.109 for Linux. High-severity…
Is Poshmark safe? How to buy and sell without getting scammed
Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches. This article has been indexed from WeLiveSecurity Read the original…
PromptSpy ushers in the era of Android threats using GenAI
ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow This article has been indexed from WeLiveSecurity Read the original article: PromptSpy ushers in the era of Android threats using GenAI
PentAGI – Automated AI-Powered Penetration Testing Tool that Integrates 20+ Security Tools
PentAGI introduces an AI-driven approach to penetration testing, automating complex workflows with tools like Nmap and Metasploit while generating detailed reports. Developed by VXControl and released on GitHub in early 2025, this open-source platform empowers security professionals to conduct autonomous…
Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens and Gain Persistent Access
An ongoing phishing campaign that targets Microsoft 365 users by abusing OAuth tokens to gain long‑term access to corporate data, which focuses on business users in North America and aims to compromise Outlook, Teams, and OneDrive without directly stealing passwords.…
Security Compass brings policy-driven security and compliance to agentic AI development
Security Compass released SD Elements for Agentic AI Workflow, enabling organizations to stay in control of security and compliance as AI becomes part of software development. AI agents introduce an unprecedented opportunity to accelerate the velocity of software development, but…
IT Security News Hourly Summary 2026-02-20 09h : 6 posts
6 posts were published in the last hour 7:34 : PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence 7:34 : Why AISPM Isn’t Enough for the Agentic Era 7:13 : How Scammers Use AI to Build Fake Websites…
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
The malware leverages Gemini to analyze on-screen elements and ensure that it remains on the device even after a reboot. The post PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence appeared first on SecurityWeek. This article has been…
Why AISPM Isn’t Enough for the Agentic Era
AI agents have moved from novelty to operational reality, acting autonomously across business systems in ways traditional AI security posture management (AISPM) and IAM can’t fully govern. Learn why risk now emerges at runtime, where existing posture tools fall short,…
How Scammers Use AI to Build Fake Websites
Scammers are now using artificial intelligence to build convincing, professional-looking websites in minutes. Rather than cloning ecommerce giants like Amazon, criminals are posing as real… The post How Scammers Use AI to Build Fake Websites appeared first on Panda Security…
Hackers Exploit Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT
Hackers are actively exploiting a critical vulnerability in BeyondTrust’s remote support software to deploy the VShell backdoor and SparkRAT remote access trojan, enabling full compromise of exposed systems. The vulnerability, tracked as CVE-2026-1731, is being used in real-world attacks against…
Google Issues Emergency Chrome Security Update to Address High-Severity PDFium and V8 Flaws
A significant security update for the Chrome Stable Channel to address multiple vulnerabilities, including high-severity flaws affecting the browser’s core engines. The tech giant announced the rollout of versions 145.0.7632.109/110 for Windows and Mac, as well as 144.0.7559.109 for Linux.…
The CISO view of fraud risk across the retail payment ecosystem
In this Help Net Security interview, Paul Suarez, VP and CISO at Casey’s, explains how his team manages patching and upgrades for fuel payment systems with long hardware lifecycles. He also discusses risks tied to QR code payments and outlines…
ESET Discovers First Android Malware to Abuse Generative AI for Dynamic UI Manipulation
Security researchers at ESET have uncovered what they describe as the first known case of Android malware abusing generative AI to manipulate a device’s user interface in real time. Dubbed PromptSpy, the newly identified malware family uses Google’s Gemini to analyze on-screen content and dynamically…
CISA Warns of Critical Security Vulnerability in Honeywell Cameras
CISA has warned that a critical security vulnerability (CVE-2026-1670) has been identified in four Honeywell CCTV camera models. “Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially…
Quantum security is turning into a supply chain problem
Supplier onboarding, invoice processing, and procurement platforms run on encrypted data flows that were built for long-term trust. In many organizations, that trust still depends on cryptographic standards like RSA and elliptic curve cryptography (ECC), even as security teams begin…