“Chat & Ask AI,” a highly popular mobile application available on both Google Play and the Apple App Store, has suffered a significant data exposure. An independent security researcher discovered a vulnerability that left approximately 300 million private messages accessible…
Tag: EN
RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool
Quantickle is a browser-based tool designed for creating visual representations of threat research. The post RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: RSAC…
Beyond the Battlefield: Threats to the Defense Industrial Base
Introduction In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cyber…
Bloody Wolf Cybercrime Group Uses NetSupport RAT to Breach Organizations
The latest campaign, they have switched to misusing a legitimate remote administration tool called NetSupport RAT. A cybercriminal group known as “Stan Ghouls” (or Bloody Wolf) has launched a fresh wave of attacks targeting organizations across Central Asia and Russia.…
GuLoader Leverages Polymorphic Malware and Trusted Cloud Infrastructure to Evade Detection
GuLoader, also known as CloudEye, is a sophisticated malware downloader that has been active since late 2019. Its primary function is to download and install secondary malware, such as Remote Access Trojans (RATs) and information stealers, onto compromised systems. One…
What happens when cybersecurity knowledge walks out the door
In this Help Net Security interview, Andrew Northern, Principal Security Researcher at Censys, explains why mentorship matters and what organizations risk losing when senior staff disengage. He argues that institutional memory and judgment under pressure are difficult to rebuild once…
Chinese Hackers Target Singapore Telecoms in Edge Device Compromise Campaign
A massive, eleven-month campaign to root out sophisticated attackers from the nation’s critical infrastructure. The Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) revealed details of “Operation CYBER GUARDIAN,” a multi-agency effort to defend the…
Chinese Hackers Attacking Singapore’s Telecommunications Sector to Compromise Edge Devices
Singapore’s telecommunications sector has recently been the target of a highly sophisticated cyber espionage campaign orchestrated by the Advanced Persistent Threat (APT) group known as UNC3886. The details of this extensive intrusion were formally disclosed following Operation CYBER GUARDIAN, a…
Augustus – Open-source LLM Vulnerability Scanner With 210+ Attacks Across 28 LLM Providers
Augustus is a new open-source vulnerability scanner designed to secure Large Language Models (LLMs) against an evolving landscape of adversarial threats. Built by Praetorian, Augustus aims to bridge the gap between academic research tools and production-grade security testing, offering a…
AI-driven scams are eroding trust in calls, messages, and meetings
In this Help Net Security video, Miguel Fornés, Governance and Compliance Manager at Surfshark, discusses how AI is changing social engineering attacks. He describes how tasks that once took weeks, such as research and targeting, are now automated and cheap.…
Microsoft Acknowledges Exchange Online Spam Filter Mistakenly Blocks Valid Email
Microsoft is currently tackling a significant service degradation within Exchange Online that is disrupting business communications by incorrectly flagging legitimate emails as phishing attempts. The incident, tracked under the identifier EX1227432, began on February 5, 2026, and is causing valid messages…
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of…
Threat Actors Using Ivanti EPMM Flaws to Install Stealth Backdoors
A sophisticated new cyber campaign has been detected targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Starting on February 4, 2026, threat actors began exploiting two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Unlike typical attacks that immediately steal…
DPRK IT Workers Impersonating Individuals Using Real LinkedIn Accounts to Apply for Remote Roles
The landscape of remote employment faces a persistent and evolving challenge as North Korean operatives refine their strategies to infiltrate global organizations. For years, these actors have sought remote information technology roles to generate revenue for the regime, often relying…
15,200 OpenClaw Control Panels with Full System Access Exposed to the Internet
A critical security failure in the rapidly adopting “agentic AI” ecosystem has left tens of thousands of personal and corporate AI assistants fully exposed to the public internet. New research released today by the SecurityScorecard STRIKE Threat Intelligence Team reveals…
Cybersecurity jobs available right now: February 10, 2026
Cloud Security Engineer KPMG | Israel | On-site – View job details As a Cloud Security Engineer, you will establish, secure, and support critical Azure cloud infrastructure, with a strong focus on sensitive and regulated environments. You will design and…
0-Click RCE Found in Claude Desktop Extensions, Putting 10,000+ Users at Risk
A critical “zero-click” vulnerability in Claude Desktop Extensions (DXT) that allows attackers to compromise a computer using nothing more than a Google Calendar event. The flaw, which has been assigned a maximum severity score of CVSS 10/10, affects more than 10,000…
DPRK IT Workers Use Stolen LinkedIn Identities to Secure Remote Employment
A new wave of identity fraud has hit the remote job market, with North Korean (DPRK) operatives adopting a sophisticated new tactic to bypass hiring screens. This development marks a significant shift in tradecraft. Previously, these operatives often relied on…
Toy Battles – 1,017 breached accounts
In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.…
India makes Aadhaar more ubiquitous, but critics say security and privacy concerns remain
India’s Aadhaar is moving into wallets, hotels and policing through a new app. Critics say that amid the broader Aadhaar rollout, it’s unclear how data shared through the new app would prevent breaches or leaks. This article has been indexed…