A compromised publish token gave attackers brief but concerning access to the Cline CLI npm package, exposing developers who installed it during an 8-hour window on February 17, 2026. The incident highlights the growing risk of supply chain attacks targeting…
Critical Authentication Bypass in better-auth API Keys Plugin Allows Unauthenticated Account Takeover
A critical authentication bypass vulnerability in the better-auth API keys plugin allows unauthenticated attackers to mint privileged API keys for arbitrary users. The flaw, tracked as CVE-2025-61928, affects all versions of the better-auth library prior to 1.3.26 — a package…
OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts
OpenClaw faces security vulnerabilities and misconfiguration risks despite rapid patches and its transition to an OpenAI-backed foundation. The post OpenClaw Security Issues Continue as SecureClaw Open Source Tool Debuts appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
UK sounds alarm on rising cyber risks to businesses
The UK government launched a national campaign urging businesses to strengthen basic cyber defenses. The initiative follows new figures highlighting the scale of the threat. Serious cyber incidents cost businesses an average of £195,000, with about half of small firms…
Flaws in Popular Software Development App Extensions Allow Data Exfiltration
Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched This article has been indexed from www.infosecurity-magazine.com Read the original article: Flaws in Popular Software Development App Extensions Allow Data Exfiltration
IT Security News Hourly Summary 2026-02-19 12h : 7 posts
7 posts were published in the last hour 10:34 : How to Organize Safely in the Age of Surveillance 10:34 : Irish regulator probes X after Grok allegedly generated sexual images of children 10:34 : Fake IPTV Apps Spread Massiv…
How to Organize Safely in the Age of Surveillance
From threat modeling to encrypted collaboration apps, we’ve collected experts’ tips and tools for safely and effectively building a group—even while being targeted and tracked by the powerful. This article has been indexed from Security Latest Read the original article:…
Irish regulator probes X after Grok allegedly generated sexual images of children
Ireland’s Data Protection Commission opened a probe into X over Grok AI tool allegedly generating sexual images, including of children. Ireland’s Data Protection Commission has launched another investigation into X over Grok’s AI image generator. The probe focuses on reports…
Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users
Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that’s designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the…
Copilot summarizes confidential emails, ShinyHunters targets CarGurus, Texas sues TP-Link
Microsoft Copilot summarizes confidential emails ShinyHunters takes CarGurus records Texas sues TP-Link over router hack Get the full show notes here: Huge thanks to our sponsor, Conveyor Every fast-growing company hits this one moment. Sales wants to close bigger enterprise…
Infostealer Found Stealing OpenClaw AI Identity and Memory Files
Researchers at Hudson Rock have identified a live infection where an infostealer exfiltrated a victim’s OpenClaw configuration. The discovery highlights a shift in malware behaviour toward harvesting personal AI identity files. This article has been indexed from Hackread – Cybersecurity…
Must-Have Investments for Security-Aware & Productive Teams
Explore must-have investments that boost team security, productivity, and collaboration with the right tools, training, and infrastructure. The post Must-Have Investments for Security-Aware & Productive Teams appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read…
Researchers Reveal Six New OpenClaw Vulnerabilities
Endor Labs has published details of six new vulnerabilities in popular AI assistant OpenClaw This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Reveal Six New OpenClaw Vulnerabilities
Microsoft Defender Introduces Centralized Script Library Powered by Copilot for Live Response
Microsoft has unveiled a significant enhancement to its Defender platform: centralized library management for live response operations, powered by Microsoft Security Copilot. This new capability addresses a critical workflow limitation that previously required security analysts to upload scripts and tools…
Microsoft Defender Unveils Centralized Script Library with Copilot Analysis for Enhanced Live Response
Microsoft has introduced a new Library Management experience in Microsoft Defender for Endpoint, designed to fundamentally transform how security analysts manage the scripts and tools they rely on during live response investigations. Announced on February 16, 2026, the enhancement addresses…
Advanced Crypto Mining Malware Spreads Through External Drives and Air-Gapped Systems
A sophisticated cryptocurrency mining campaign has emerged, targeting systems through external storage devices with the ability to compromise even air-gapped environments. The malware operates as a multi-stage infection that prioritizes mining Monero cryptocurrency while establishing persistent mechanisms to resist removal.…
German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack
The cyberattack disrupted information and booking systems and lasted for several hours. The post German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: German…
Threat Actors Using Fake Google Forms Site to Harvest Google Logins
A new phishing campaign in which threat actors are using a convincing fake version of Google Forms to steal Google account credentials. Cybercriminals are once again exploiting a trusted brand Google to trick job seekers and steal their credentials. The…
CISA Alerts Organizations to Honeywell CCTV Flaw Enabling Account Takeovers
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting multiple Honeywell CCTV camera products that could allow attackers to take over user accounts and gain unauthorized access to camera feeds. The flaw,…
Open-source benchmark EVMbench tests how well AI agents handle smart contract exploits
Smart contract exploits continue to drain funds from blockchain projects, even as auditing tools and bug bounty programs grow. The problem is tied to how Ethereum Virtual Machine (EVM) contracts work: code is deployed permanently, runs autonomously, and often controls…
Microsoft signals breakthrough in data storage that can last for generations
Microsoft announced progress on Project Silica, its research initiative focused on developing durable, long-term quartz glass-based data storage technology. Close up of Writer showing high-speed multi-beam data encoding on laser pulses (Source: Microsoft) Rising global data volumes increase the need…
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran’s ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with…
Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports
Amnesty reports Angolan journalist’s iPhone was infected by Intellexa’s Predator spyware via a WhatsApp link in May 2024. Amnesty International reports that in May 2024, Intellexa’s Predator spyware infected the iPhone of Teixeira Cândido, an Angolan journalist and press freedom…
Why the US–EU Privacy Divide Still Matters in the Age of AI
Explore the evolving landscape of privacy and security in the age of AI. This article examines the cultural and regulatory differences between the U.S. and Europe, the limitations of current policies, and the imperative for architectural solutions to ensure that…