A new phishing campaign has been observed delivering an updated variant of XWorm, a Remote Access Trojan (RAT) that can give attackers full remote control of infected Microsoft Windows systems. First tracked in 2022, XWorm is still actively distributed and…
Zimbra Security Update – Patch for XSS, XXE & LDAP Injection Vulnerabilities
In a critical move for email server security, Zimbra released version 10.1.16 on February 4, 2026, tackling high-severity vulnerabilities including cross-site scripting (XSS), XML external entity (XXE), and LDAP injection. Labelled as high-patch severity and deployment risk, this update urges…
Check Point Announces Trio of Acquisitions Amid Solid 2025 Earnings Beat
Check Point has acquired Israeli cybersecurity companies Cyata, Cyclops, and Rotate. The post Check Point Announces Trio of Acquisitions Amid Solid 2025 Earnings Beat appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Check…
CVE-2025-64712 in Unstructured.io Puts Amazon, Google, and Tech Giants at Risk of Remote Code Execution
A newly disclosed critical flaw, CVE-2025-64712 (CVSS 9.8), in Unstructured.io’s “unstructured” ETL library could let attackers perform arbitrary file writes and potentially achieve remote code execution (RCE) on systems that process untrusted documents. Unstructured is widely used to convert messy business files…
Dutch Carrier Odido Discloses Data Breach Impacting 6 Million
Hackers stole personal information such as names, addresses, and phone numbers from a customer contact system. The post Dutch Carrier Odido Discloses Data Breach Impacting 6 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta…
Munich Security Conference: Cyber Threats Lead G7 Risk Index, Disinformation Ranks Third
G7 countries ranked cyber-attacks as the top risk, while BICS members placed cyber threats only as the eighth most pressing risk This article has been indexed from www.infosecurity-magazine.com Read the original article: Munich Security Conference: Cyber Threats Lead G7 Risk…
KnowBe4 Appoints Kelly Morgan as Chief Customer Officer to Drive Global Customer Lifecycle Strategy
KnowBe4 has announced the appointment of Kelly Morgan as its new Chief Customer Officer (CCO), reinforcing the company’s commitment to delivering measurable customer outcomes as it continues to expand in the Human and AI Risk Management market. Morgan will oversee…
Top Dutch telco Odido admits 6.2M customers caught in contact system caper
Names, addresses, bank account numbers accessed – but biz insists passwords and call data untouched The Netherlands’ largest mobile network operator (MNO) has admitted that a breach of its customer contact system may have affected around 6.2 million people.… This…
Static Design to Adaptive Control: How Artificial Intelligence Improves Modern Material Handling Equipment Systems
AI enables material handling systems to adapt to demand volatility through predictive design, dynamic control, and smarter maintenance without replacing core engineering. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
The $17 Billion Wake-Up Call: Securing Crypto in the Age of AI Scams
AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
Google: state-backed hackers exploit Gemini AI for cyber recon and attacks
Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked.…
BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release
Exploitation attempts target CVE-2026-1731, a critical unauthenticated remote code execution flaw in BeyondTrust Remote Support. The post BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
npm’s Update to Harden Their Supply Chain, and Points to Consider
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is…
Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake AI Assistants in Google Chrome Web…
IT Security News Hourly Summary 2026-02-13 12h : 14 posts
14 posts were published in the last hour 11:5 : Chrome Extensions Infect 500K Users to Hijack VKontakte Accounts 11:5 : Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report 11:4 : OysterLoader Multi‑Stage…
Malicious Chrome AI Extensions Target 260,000 Users with Injected Iframes
As AI tools like ChatGPT, Claude, Gemini, and Grok gain mainstream adoption, cybercriminals are weaponizing their popularity to distribute malicious browser extensions. Security researchers have uncovered a coordinated campaign involving 30 Chrome extensions that masquerade as legitimate AI assistants while…
Chrome Extensions Infect 500K Users to Hijack VKontakte Accounts
A long-running Chrome extension malware campaign has silently hijacked more than 500,000 VKontakte (VK) accounts, forcing users into attacker-controlled groups, resetting their settings every 30 days, and abusing VK’s own infrastructure as command-and-control. What appeared to be harmless VK customization…
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
The distribution of malicious software through pirated games and cracked applications continues to be a highly effective strategy for cybercriminals. By exploiting the widespread desire for free access to premium content, attackers can easily bypass initial user suspicions and deliver…
OysterLoader Multi‑Stage Evasion Loader Uncovered with Advanced Obfuscation and Rhysida Ransomware Links
A sophisticated malware loader known as OysterLoader has emerged as a significant threat in the cybersecurity landscape, employing multiple layers of obfuscation to evade detection and deliver dangerous payloads. First identified in June 2024 by Rapid7, this C++ malware is…
CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities
Disclosed at the end of January, the SolarWinds vulnerability was likely exploited as a zero-day since December 2025. The post CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel,” Ryan Dewhurst, Head of Threat Intelligence at…
Check Point Sets Out Four-Pillar Blueprint for Securing the AI-Driven Enterprise
Check Point Software Technologies has unveiled a new AI-focused security strategy alongside three acquisitions aimed at strengthening its platform across AI agent protection, exposure management and managed service provider (MSP) environments. The announcement outlines a four-pillar framework designed to help…
Post‑Quantum Authentication: How Consumer Apps Can Stay Secure in a Quantum‑Ready World?
Post-quantum authentication helps consumer apps stay secure against quantum computing threats with future-proof encryption and identity protection. The post Post‑Quantum Authentication: How Consumer Apps Can Stay Secure in a Quantum‑Ready World? appeared first on Security Boulevard. This article has been…