For years, governments have focused only on the stick of compliance when they could leverage the carrot of tax incentives. Theoretically, compliance fines and penalties should act as a deterrent that improves accountability and reduces data breaches. However, many vendors…
Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens for Persistent Access
A new phishing campaign exploiting Microsoft’s OAuth 2.0 Device Authorization Grant flow to gain unauthorized and persistent access to Microsoft 365 accounts. The sophisticated attack active since December 2025 specifically targets professionals and enterprises in North America, with over 44%…
Uptime Kuma: Open-source monitoring tool
Service availability monitoring remains a daily operational requirement across IT teams, SaaS providers, and internal infrastructure groups. Many environments rely on automated checks and alerting to track outages, latency issues, and service degradation across web applications and network endpoints. Uptime…
Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran
Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali,…
PromptSpy: First Android AI Malware Leverages Google’s Gemini for Decision-Making
PromptSpy is a newly discovered Android malware family that abuses Google’s Gemini generative AI model to make real‑time decisions on how to manipulate the user interface and stay active on infected devices. PromptSpy’s AI‑assisted functionality is focused on persistence rather…
AI Agents Are Quietly Redefining Enterprise Security Risk
AI agents now operate across enterprise systems, creating new risk via prompt injection, plugins, and persistent memory. Here’s how to adapt security. The post AI Agents Are Quietly Redefining Enterprise Security Risk appeared first on TechRepublic. This article has been…
CISA Orders Emergency Patch for Actively Exploited Dell Flaw;
CISA Orders Emergency Patch for Actively Exploited Dell Flaw; Texas Sues TP-Link; Massive ID Verification Data Leak; SSA Database Leak Allegations Host Jim Love covers four cybersecurity stories: Cybersecurity Today would like to thank Meter for their support in bringing…
Snyk CEO bails, wants someone with more AI experience to replace him
Skill at buzzword bingo also required as company seeks innovative and disruptive visionary The CEO of code review platform provider Snyk has announced he will stand down so the company can find someone better-equipped to steer the company into the…
CarMax – 431,371 breached accounts
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses. This article has been indexed from…
New infosec products of the week: February 20, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Compliance Scorecard, Impart Security, Redpanda, and Virtana. Impart enables safe, in-app enforcement against AI-powered bots Impart Security has launched Programmable Bot Protection, a runtime approach…
IT Security News Hourly Summary 2026-02-20 06h : 1 posts
1 posts were published in the last hour 4:13 : Jeffrey Epstein’s Ties to CBP Agents Sparked a DOJ Probe
Jeffrey Epstein’s Ties to CBP Agents Sparked a DOJ Probe
Documents say customs officers in the US Virgin Islands had friendly relationships with Epstein years after his 2008 conviction, showing how the infamous sex offender tried to cultivate allies. This article has been indexed from Security Latest Read the original…
Splunk Enterprise for Windows Vulnerability Let Attackers Hijack DLLs and Gain SYSTEM Access
Splunk has disclosed a high-severity vulnerability in Splunk Enterprise for Windows that allows a low-privileged local user to escalate their privileges to SYSTEM level through a DLL search-order hijacking attack. Tracked as CVE-2026-20140 and published on February 18, 2026, under…
Hackers Use Fake Oura AI Server to Spread StealC Malware
Cybersecurity analysts have uncovered a fresh wave of malicious activity involving the SmartLoader malware framework. In this campaign, attackers circulated a compromised version of an Oura Model Context Protocol server in order to deploy a data-stealing program known as…
ISC Stormcast For Friday, February 20th, 2026 https://isc.sans.edu/podcastdetail/9818, (Fri, Feb 20th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, February 20th, 2026…
Lattice-Based Zero Trust Identity Verification for AI Agents
Explore lattice-based zero trust identity verification for AI agents. Secure MCP deployments with quantum-resistant encryption and 4D access control. The post Lattice-Based Zero Trust Identity Verification for AI Agents appeared first on Security Boulevard. This article has been indexed from…
IT Security News Hourly Summary 2026-02-20 03h : 2 posts
2 posts were published in the last hour 1:34 : A $10K Bounty Awaits Anyone Who Can Hack Ring Cameras to Stop Sharing Data With Amazon 1:22 : AI agents abound, unbound by rules or safety disclosures
A $10K Bounty Awaits Anyone Who Can Hack Ring Cameras to Stop Sharing Data With Amazon
The Fulu Foundation, a nonprofit that pays out bounties for removing user-hostile features, is hunting for a way to keep Ring cameras from sending data to Amazon—without breaking the hardware. This article has been indexed from Security Latest Read the…
AI agents abound, unbound by rules or safety disclosures
MIT CSAIL’s 2025 AI Agent Index puts opaque automated systems under the microscope AI agents are becoming more common and more capable, without consensus or standards on how they should behave, say academic researchers.… This article has been indexed from…
Crims create fake remote management vendor that actually sells a RAT
$300 a month buys you a backdoor that looks like legit software Researchers at Proofpoint late last month uncovered what they describe as a “weird twist” on the growing trend of criminals abusing remote monitoring and management software (RMM) as…
An FBI ‘Asset’ Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years
A staffer of the Incognito dark web market was secretly controlled by the FBI—and still allegedly approved the sale of fentanyl-tainted pills, including those from a dealer linked to a confirmed death. This article has been indexed from Security Latest…
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal…
IT Security News Hourly Summary 2026-02-20 00h : 11 posts
11 posts were published in the last hour 23:4 : VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) 23:4 : FBI says ATM ‘jackpotting’ attacks are on the rise, and netting hackers millions in stolen cash 22:55…
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials. The post VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) appeared first on Unit 42. This article has…