A sophisticated way to bypass email security by weaponizing legitimate messages from trusted companies like Apple and PayPal. These attacks, known as DKIM replay attacks, exploit email authentication systems to deliver scams that appear completely authentic. The technique is deceptively…
Officials sound the alarm: Phishing attacks on politicians, journalists via Signal messenger
Attackers believed to be state-sponsored are currently attempting to take control of Signal accounts belonging to politicians, journalists, and other high-profile individuals in Germany and across Europe. In doing so, they pose, for example, as a Signal support chatbot. This…
Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor
Huntress confirmed active SolarWinds Web Help Desk exploits, where attackers installed Zoho tools for persistence, and used Velociraptor for control. On February 7, 2026, Huntress investigated an active attack abusing SolarWinds Web Help Desk flaws. Attackers exploited unpatched versions to…
Cybersecurity M&A Roundup: 34 Deals Announced in January 2026
Significant cybersecurity M&A deals announced by CrowdStrike, Infoblox, JumpCloud, LevelBlue, OneSpan, and Radware. The post Cybersecurity M&A Roundup: 34 Deals Announced in January 2026 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Cybersecurity…
Hackers Use Signal QR Codes to Spy on Military and Political Leaders
Hackers are using Signal QR codes and fake support scams to spy on military and political leaders, German security agencies warn. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
Active Exploitation of SolarWinds Web Help Desk RCE Used to Drop Custom Malware
Threat actors are actively exploiting critical vulnerabilities in SolarWinds Web Help Desk (WHD) to deploy custom malware and establish persistent remote control. Security researchers observed these attacks starting on February 7, 2026, targeting organizations that had not yet applied the…
Node.js LTX Stealer Emerges as New Threat to Login Credentials
A new, sophisticated malware campaign dubbed “LTX Stealer.” This malware represents a shift in attacker techniques, utilizing legitimate software frameworks and cloud services to hide its activities and steal sensitive user data. By mimicking standard Windows processes, LTX Stealer is…
Recent SolarWinds Flaws Potentially Exploited as Zero-Days
Vulnerable SolarWinds Web Help Desk instances were exploited in December 2025 for initial access. The post Recent SolarWinds Flaws Potentially Exploited as Zero-Days appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Recent SolarWinds…
New Node.js Based LTX Stealer Attack Users to Exfiltrate Login Credentials
A sophisticated new malware strain dubbed “LTX Stealer” has emerged in the cyber threat landscape, utilizing a unique Node.js-based architecture to compromise Windows systems. First surfacing in early 2026, this malicious tool is designed to harvest sensitive user information, including…
Roundcube Webmail Vulnerability Let Attackers Track Email Opens
Roundcube, one of the world’s most popular open-source webmail solutions, has released critical security updates to address a privacy bypass vulnerability. The flaw detailed by NULL CATHEDRAL allowed attackers to load remote images and track email opens, even when users…
Hackers Exploit Legitimate Apple and PayPal Invoice Emails in DKIM Replay Attacks
Cybersecurity threats are swiftly evolving beyond easily spotted, poorly written phishing emails to sophisticated methods that leverage trusted digital infrastructure. Attackers are now exploiting legitimate business workflows within widely used platforms, effectively turning reputable services into unwitting accomplices for financial…
Microsoft Exchange Online Flags Customers Legitimate Email as Phishing
Microsoft Exchange Online is experiencing a service degradation that incorrectly flags legitimate customer emails as phishing, quarantining them and disrupting communications. The issue, identified as EX1227432, started on February 5, 2026, at 10:31 AM EST and remains ongoing. Microsoft classifies…
SmarterTools Hit by Ransomware via Vulnerability in Its Own Product
SmarterTools says customers were impacted after hackers compromised a data center used for quality control testing. The post SmarterTools Hit by Ransomware via Vulnerability in Its Own Product appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
ShinyHunters Targets Okta and Microsoft SSO in Data Breach
Several voice-based social engineering attacks have prompted renewed scrutiny of single sign-on ecosystem security assumptions. The cybercrime collective ShinyHunters has publicly announced that it has carried out an extensive campaign to harvest SSO credentials from approximately 100 organizations, signaling…
How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring
Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through.…
YARA-X 1.13.0 Release, (Mon, Feb 9th)
YARA-X's 1.13.0 release brings 4 improvements and 4 bugfixes. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: YARA-X 1.13.0 Release, (Mon, Feb 9th)
Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)
Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Quick Howto: Extract URLs from RTF…
ISC Stormcast For Monday, February 9th, 2026 https://isc.sans.edu/podcastdetail/9800, (Mon, Feb 9th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, February 9th, 2026…
ScarCruft Exploits Trusted Cloud Services and OLE Documents to Deliver Malware
The North Korean-backed advanced persistent threat (APT) group known as ScarCruft has significantly evolved its attack techniques. In a departure from their established methods, the group is now using a sophisticated OLE-based dropper to distribute its signature malware, ROKRAT. This…
How the GNU C Compiler became the Clippy of cryptography
Security devs forced to hide Boolean logic from overeager optimizer FOSDEM 2026 The creators of security software have encountered an unlikely foe in their attempts to protect us: modern compilers.… This article has been indexed from The Register – Security…
AI Is Here to Replace Nuclear Treaties. Scared Yet?
The last major nuclear arms treaty between the US and Russia just expired. Some experts believe a combination of satellite surveillance, AI, and human reviewers can take its place. Others, not so much. This article has been indexed from Security…
Follow the money: Switzerland remains Europe’s top destination for tech pay
Average Swiss salaries dwarf those on offer across the rest of the continent European techies looking for the biggest payday are far better off in Switzerland than anywhere else, with average salaries eclipsing all other countries on the continent.… This…
Linux kernel 6.19 reaches stable release, kernel 7.0 work is already underway
Development activity on the Linux kernel continues into early 2026 with the stable release of version 6.19. Kernel maintainers have completed the pre-release cycle and merged the final set of changes into the mainline tree. The release follows the ongoing…
BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)
BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day (CVE-2024-12356) that…