A critical security flaw has been identified in CentOS 9 that allows a local user to escalate their privileges to root. The vulnerability, which stems from a Use-After-Free (UAF) condition in the Linux kernel’s networking subsystem, was awarded first place…
The hidden cost of putting off security decisions
In this Help Net Security video, Hanah Darley, Chief AI Officer, Geordie AI, talks about how putting off security risk decisions creates long-term costs that often stay hidden. Drawing on her work with CISOs and security leaders, she shows how…
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched…
Hackers Exploit Windows Screensaver to Deploy RMM Tools, Gain Remote Access
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) software to establish persistent control over…
Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek. This article has been indexed from…
CISA Advisory Highlights Exploited SmarterTools Vulnerability in Recent Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting SmarterTools SmarterMail to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-24423, this flaw is actively being weaponized in the wild, with security researchers confirming its use in…
Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. The post Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek. This article has been indexed from…
New infosec products of the week: February 6, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Avast, Fingerprint, Gremlin, and Socure. Gremlin launches Disaster Recovery Testing for zone, region, and datacenter failovers Gremlin, the proactive reliability platform, launched Disaster Recovery Testing:…
OpenClaw, MoltBot, Clawdbot – From Bad to Worse
In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the vulnerabilities in OpenClaw Marketplace, a rapid AI-assisted AWS…
Betterment Data Breach Exposes Sensitive Information of 1.4 Million Customers
Automated investment platform Betterment has confirmed a data breach affecting approximately 1.4 million customers. The incident, which occurred in January 2026, was the result of a targeted social engineering attack rather than a direct exploit of the company’s core infrastructure.…
Spam Campaign Distributes Fake PDFs, Deploys Remote Monitoring Tools for Ongoing Access
An ongoing spam campaign that leverages social engineering to deploy legitimate Remote Monitoring and Management (RMM) software on victim networks. By disguising malicious payloads as essential Adobe Acrobat updates, threat actors are successfully bypassing traditional security controls and establishing persistent…
IT Security News Hourly Summary 2026-02-06 06h : 2 posts
2 posts were published in the last hour 4:37 : New CentOS 9 Vulnerability Lets Attackers Escalate to Root Privileges – PoC Released 4:37 : Orchid Security Launches Tool to Monitor Identity Behavior Across Business Applications
New CentOS 9 Vulnerability Lets Attackers Escalate to Root Privileges – PoC Released
A critical use-after-free (UAF) vulnerability in the Linux kernel’s sch_cake queuing discipline (Qdisc) affects CentOS 9, allowing local users to gain root privileges. Security firm SSD Secure Disclosure published details on February 5, 2026, noting the flaw won first place…
Orchid Security Launches Tool to Monitor Identity Behavior Across Business Applications
Modern organizations rely on a wide range of software systems to run daily operations. While identity and access management tools were originally designed to control users and directory services, much of today’s identity activity no longer sits inside those…
Zscaler Acquires Browser Security Firm SquareX
Zscaler says the acquisition will allow customers to embed lightweight extensions into any browser, providing increased security and eliminating the need for third-party browsers. The post Zscaler Acquires Browser Security Firm SquareX appeared first on SecurityWeek. This article has been indexed…
ISC Stormcast For Friday, February 6th, 2026 https://isc.sans.edu/podcastdetail/9798, (Fri, Feb 6th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, February 6th, 2026…
IT Security News Hourly Summary 2026-02-06 03h : 1 posts
1 posts were published in the last hour 1:9 : Ad blocking is alive and well, despite Chrome’s attempts to make it harder
Ad blocking is alive and well, despite Chrome’s attempts to make it harder
The end isn’t nigh after all Chrome’s latest revision of its browser extension architecture, known as Manifest v3 (MV3), was widely expected to make content blocking and privacy extensions less effective than its predecessor, Manifest v2 (MV2).… This article has…
OpenClaw reveals meaty personal information after simple cracks
Skills marketplace is full of stuff – like API keys and credit card numbers – that crims will find tasty Another day, another vulnerability (or two, or 200) in the security nightmare that is OpenClaw.… This article has been indexed…
Substack Breach: 662,752 User Records Leaked on Cybercrime Forum
Substack confirms a breach after hacker accessed internal user records now circulating on crime forums, exposing emails, phone numbers, and account metadata. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
IT Security News Hourly Summary 2026-02-06 00h : 2 posts
2 posts were published in the last hour 22:55 : IT Security News Daily Summary 2026-02-05 22:13 : U.S. Public Sector Under Siege
IT Security News Daily Summary 2026-02-05
166 posts were published in the last hour 22:13 : U.S. Public Sector Under Siege 21:36 : Architecting Immutable Data Integrity with Amazon QLDB and Blockchain 21:36 : 10,000+ Active Infections Traced to SystemBC Botnet 21:36 : Hacker claims theft…
U.S. Public Sector Under Siege
Discover why Government and Education must prioritize Cyber Risk Management. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article: U.S. Public Sector Under Siege
Architecting Immutable Data Integrity with Amazon QLDB and Blockchain
In the current landscape of ransomware and sophisticated SQL injection attacks, standard database security is no longer sufficient. We rely heavily on cryptographic hashes (such as SHA-256) to verify data integrity. The logic is simple: if the hash changes, the…