A new variant of the “ClickFix” social engineering campaign specifically targeting macOS users. Codenamed Matryoshka a reference to its multiple nested obfuscation layers this evolution builds on prior ClickFix lures. However, it adds advanced evasion features, including in‑memory decompression and API‑gated communication that make detection…
Tag: EN
A week in security (February 9 – February 15)
A list of topics we covered in the week of February 9 to February 15 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (February 9 – February 15)
Dutch Telecoms Company Odido Discloses Breach Affecting Approximately 6.2 Million Customers
Dutch telecoms business Odido has disclosed a cyberattack on its customer contact system that happened on 7 February. The personal information of approximately 6.2 million customers was disclosed, including names, residential addresses, mobile phone numbers, email addresses, account numbers, and ID information such as passports and driver’s licenses. In a statement, the company…
Google Patches First Actively Exploited Chrome Zero-Day of 2026
A Chrome 145 update fixes CVE-2026-2441, a vulnerability that can likely be exploited for arbitrary code execution. The post Google Patches First Actively Exploited Chrome Zero-Day of 2026 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
AI and RaaS Alter Threat Landscape, New Ransomware Groups Grow by 30%
AI automation, RaaS, a significant bump in vulnerability disclosures, and a rise in new ransomware gangs are reshaping the threat landscape and forcing defenders to change strategies. The post AI and RaaS Alter Threat Landscape, New Ransomware Groups Grow by 30% appeared…
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug…
Are hackers trying to utilize Gemini AI’s capabilities for malicious purposes?
Yes, they are. A recently published quarterly report from Google Threat Intelligence Group (GTIG) discusses that hackers are attempting to use it as a support… The post Are hackers trying to utilize Gemini AI’s capabilities for malicious purposes? appeared first…
LockBit 5.0 Emerges: Cross-Platform Ransomware Now Targeting Windows, Linux, and ESXi Systems
LockBit’s new 5.0 version is actively attacking Windows, Linux, and ESXi systems, using a unified yet highly optimized ransomware framework that significantly increases the risk to enterprise environments. Analysis by the Acronis Threat Research Unit (TRU) shows that while all…
FileZen Flaw Allows Attackers to Execute Commands Remotely
A high-severity vulnerability in FileZen, a file transfer solution developed by Soliton Systems K.K., enables authenticated attackers to remotely execute arbitrary operating system commands on affected systems. The security flaw, tracked as CVE-2026-25108, poses a severe risk to organizations using…
Security at AI speed: The new CISO reality
The CISO role has changed significantly over the past decade, but according to John White, EMEA Field CISO, Torq, the most disruptive shift is accountability driven by agentic AI. In this Help Net Security interview, White explains how security leaders…
CISA Issues Alert on ZLAN ICS Flaws Enabling Full Device Takeover
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding significant security flaws discovered in industrial networking equipment manufactured by ZLAN Information Technology Co. The alert, identified as ICSA-26-041-02, focuses on the ZLAN5143D serial-to-Ethernet device server, a…
In GitHub’s advisory pipeline, some advisories move faster than others
GitHub Security Advisories are used to distribute vulnerability information in open-source projects and security tools. A new study finds that only a portion of those advisories ever pass through GitHub’s formal review process. A large scale view of advisory data…
Apple privacy labels often don’t match what Chinese smart home apps do
Smart home devices in many homes collect audio, video, and location data. The apps that control those devices often focus on the account owner, even when the technology also captures guests, neighbors, and other people who never agreed to be…
ZeroDayRAT Exploit Targets Android & iOS, Enabling Real-Time Surveillance and Massive Data Theft
A newly surfaced mobile spyware platform called ZeroDayRAT is rapidly gaining traction across underground Telegram channels. ZeroDayRAT is designed to give attackers complete remote control over both Android and iOS devices, supporting versions from Android 5 through 16 and iOS up to version 26, including the latest iPhone…
BeyondTrust Zero-Day Exploited,
This episode covers multiple active threats and security changes. It warns of an actively exploited critical BeyondTrust remote access vulnerability (CVE-2026-1731, CVSS 9.9) enabling pre-authentication remote code execution in Remote Support and Privileged Remote Access, noting SaaS was patched while…
Attackers Exploit Critical BeyondTrust Flaw to Seize Full Active Directory Control
A critical vulnerability, CVE-2026-1731, affecting self-hosted BeyondTrust Remote Support and Privileged Remote Access deployments. This security flaw allows unauthenticated attackers to inject operating system commands, effectively granting them remote code execution capabilities. The severity of this campaign has prompted the…
Ring’s Search Party ‘Dystopia’ Debate & Claude Zero-Click RCE Vulnerability
In this episode, we discuss two major tech stories impacting privacy and security. First, we analyze Ring’s new AI-powered ‘Search Party’ feature and its controversial Super Bowl ad that sparked privacy concerns. We then transition to a breaking story about…
Don’t panic over CISA’s KEV list, use it smarter
In this Help Net Security video, Tod Beardsley, VP of Security Research at runZero, explains what CISA’s Known Exploited Vulnerabilities (KEV) Catalog is and how security teams should use it. He shares his perspective as a former section chief for…
Chrome 0-Day Enables Remote Code Execution in Ongoing Campaign
Google has released an urgent security update for the Chrome desktop web browser to address a severe high-severity vulnerability that is currently being exploited in the wild. The search giant rolled out the fix on Friday, updating the Stable channel…
Lotus Blossom Hackers Breach Official Notepad++ Hosting Infrastructure
Between June and December 2025, a state-sponsored threat group known as Lotus Blossom quietly hijacked the official hosting infrastructure used to deliver Notepad++ updates, turning a trusted developer tool into a precision espionage delivery channel. By compromising the shared hosting…