Tag: Cyber Security News

A widespread exploitation of OpenClaw, formerly known as MoltBot and ClawdBot, by multiple hacking groups to deploy malicious payloads. OpenClaw, an open-source autonomous AI framework developed by Peter Steinberger, now at OpenAI, has become a high-severity target following its viral adoption in late January…

Read more →

Superagentic AI has released SuperClaw, an open-source, pre-deployment security testing framework built specifically for autonomous AI coding agents. Announced in late 2025, SuperClaw addresses a growing blind spot in enterprise AI adoption: agents are routinely deployed with broad tool access…

Read more →

A financially motivated threat actor exploited various commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries between January 11 and February 18, 2026. The campaign marks a defining demonstration of how AI is lowering…

Read more →

A new supply chain worm is actively targeting the npm ecosystem, with a research team identifying at least 19 malicious npm packages designed to steal developer and CI/CD secrets and automatically spread across repositories and workflows. The campaign, tracked as…

Read more →

Shares of major cybersecurity companies nosedived on Friday after AI startup Anthropic unveiled Claude Code Security, a new AI-powered tool capable of autonomously scanning codebases for software vulnerabilities and suggesting targeted patches sparking fears that artificial intelligence could begin displacing…

Read more →

A new feature inside Claude Code enables developers and security teams to identify and remediate vulnerabilities across their codebases, known as Claude Code Security. Currently available in a limited research preview, the tool offers AI-powered code scanning that goes beyond…

Read more →

VoIP desk phones are trusted devices, but many are managed like office furniture. A newly disclosed flaw in Grandstream phones shows how a simple network-facing bug can turn a handset into an entry point for eavesdropping and wider access. In…

Read more →

PayPal has issued a formal data breach notification disclosing that a coding error in its PayPal Working Capital (PPWC) loan application exposed the personally identifiable information (PII) of an undisclosed number of customers for approximately six months, from July 1,…

Read more →

Three critical vulnerabilities have been found in four popular Visual Studio Code extensions. These extensions have been downloaded over 128 million times. The vulnerabilities are identified as CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717. The findings from the OX Security Research team, later…

Read more →

Apache Tomcat has disclosed CVE-2026-24733, a Low-severity security constraint bypass that can be triggered via HTTP/0.9 requests when certain access-control rules are configured in a specific way. The Apache Tomcat security team identified the issue, and the original advisory was…

Read more →

Security Advisory has revealed multiple vulnerabilities in Jenkins Core, including a stored Cross-Site Scripting (XSS) flaw that could expose build environments to severe security risks. The issues, identified as CVE-2026-27099 and CVE-2026-27100, were responsibly disclosed under the Jenkins Bug Bounty Program sponsored by the European…

Read more →

A new Python-based infostealer called CharlieKirk Grabber has been identified targeting Windows systems, with a focused goal of stealing stored login credentials, browser cookies, and session data. The malware is built to work as a “smash-and-grab” threat — it launches…

Read more →

A 19 February 2026 FBI FLASH (FLASH-20260219-001) warns banks and ATM operators about a rise in malware-enabled “jackpotting,” where criminals exploit physical access and software gaps to make machines pay out cash without a real transaction, a pattern now seen…

Read more →

Three Silicon Valley engineers have been indicted for allegedly stealing confidential technology data from Google and other major companies and transferring that information to unauthorized locations, including Iran. The defendants Samaneh Ghandali (41), Mohammadjavad “Mohammad” Khosravi (40), and Soroor Ghandali (32), all…

Read more →

A public proof-of-concept exploit has been released for CVE-2026-2441, a critical use-after-free zero-day vulnerability in Google Chrome’s Blink CSS engine that Google confirmed is being actively exploited in the wild. Security researcher Shaheen Fazim reported the flaw on February 11,…

Read more →

Large language models, commonly known as LLMs, are increasingly being asked to generate passwords — and new research has shown that the passwords they produce are far weaker than they appear. A password like G7$kL9#mQ2&xP4!w may look convincingly random, but it carries…

Read more →

Hackers are increasingly abusing OAuth applications in Microsoft Entra ID to gain persistent access, blending in as normal “business integrations” while keeping access even after defenders reset passwords. Recent Wiz research and incident reporting show attackers using fake OAuth apps, deceptive consent…

Read more →

A critical vulnerability in BeyondTrust’s remote support software is being actively exploited by hackers to deliver dangerous backdoors on compromised systems. The flaw, tracked as CVE-2026-1731, carries a CVSS score of 9.9 and lets attackers run system commands with no…

Read more →

Microsoft has patched a high-severity remote code execution (RCE) vulnerability in the modern Windows Notepad application, tracked as CVE-2026-20841, as part of its February 2026 Patch Tuesday release cycle. The flaw, rooted in command injection, was originally discovered by Cristian…

Read more →

PentAGI introduces an AI-driven approach to penetration testing, automating complex workflows with tools like Nmap and Metasploit while generating detailed reports. Developed by VXControl and released on GitHub in early 2025, this open-source platform empowers security professionals to conduct autonomous…

Read more →