Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
https://thehackernews.com/2026/02/malicious-go-crypto-module-steals.html
Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe.
The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/crypto" codebase, but injects malicious code that's responsible for exfiltrating secrets entered via terminal password
https://thehackernews.com/2026/02/malicious-go-crypto-module-steals.html
Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe.
The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate "golang.org/x/crypto" codebase, but injects malicious code that's responsible for exfiltrating secrets entered via terminal password
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
https://thehackernews.com/2026/02/900-sangoma-freepbx-instances.html
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025.
Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France.
The non-profit entity said the compromises are likely
https://thehackernews.com/2026/02/900-sangoma-freepbx-instances.html
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025.
Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France.
The non-profit entity said the compromises are likely
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
https://thehackernews.com/2026/02/doj-seizes-61-million-in-tether-linked.html
The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering.
The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added.
"Criminal
https://thehackernews.com/2026/02/doj-seizes-61-million-in-tether-linked.html
The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering.
The confiscated funds were traced to cryptocurrency addresses used for the laundering of criminally derived proceeds stolen from victims of cryptocurrency investment scams, the department added.
"Criminal
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute
https://thehackernews.com/2026/02/pentagon-designates-anthropic-supply.html
Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk."
"This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons," the
https://thehackernews.com/2026/02/pentagon-designates-anthropic-supply.html
Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk."
"This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of Americans and fully autonomous weapons," the
Mobile app permissions (still) matter more than you may think
https://www.welivesecurity.com/en/mobile-security/mobile-app-permissions-still-matter-more-think/
Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks.
https://www.welivesecurity.com/en/mobile-security/mobile-app-permissions-still-matter-more-think/
Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks.
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data.
The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix "AIza") embedded in client-side code to provide Google-related services like
https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data.
The findings come from Truffle Security, which discovered nearly 3,000 Google API keys (identified by the prefix "AIza") embedded in client-side code to provide Google-related services like
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control.
"Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented," Oasis
https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control.
"Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented," Oasis
This month in security with Tony Anscombe – February 2026 edition
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-february-2026/
In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-february-2026/
In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
https://thehackernews.com/2026/03/north-korean-hackers-publish-26-npm.html
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.
The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and
https://thehackernews.com/2026/03/north-korean-hackers-publish-26-npm.html
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.
The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai.
The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework.
"Protection mechanism failure in MSHTML Framework allows an unauthorized
https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai.
The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework.
"Protection mechanism failure in MSHTML Framework allows an unauthorized
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
https://thehackernews.com/2026/03/how-to-protect-your-saas-from-bot.html
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them.
On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off:
Sign-ups increase, but users aren’t activating.
Server costs rise faster than revenue.
Logs are filled with repeated requests from strange user agents.
If
https://thehackernews.com/2026/03/how-to-protect-your-saas-from-bot.html
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them.
On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off:
Sign-ups increase, but users aren’t activating.
Server costs rise faster than revenue.
Logs are filled with repeated requests from strange user agents.
If
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
https://thehackernews.com/2026/03/weekly-recap-sd-wan-0-day-critical-cves.html
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points.
The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
https://thehackernews.com/2026/03/weekly-recap-sd-wan-0-day-critical-cves.html
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points.
The pattern becomes clear only when you see everything together. Faster scans, smarter misuse of trusted services, and steady
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
https://thehackernews.com/2026/03/google-develops-merkle-tree.html
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.
"To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said.
"
https://thehackernews.com/2026/03/google-develops-merkle-tree.html
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers.
"To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said.
"
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
https://thehackernews.com/2026/03/sloppylemming-targets-pakistan-and.html
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh.
The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based
https://thehackernews.com/2026/03/sloppylemming-targets-pakistan-and.html
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh.
The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.
The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.
"Memory corruption when adding user-supplied data without checking available buffer space," Qualcomm said in an advisory,
https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.
The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.
"Memory corruption when adding user-supplied data without checking available buffer space," Qualcomm said in an advisory,
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
https://thehackernews.com/2026/03/fake-tech-support-spam-deploys.html
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack.
The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from
https://thehackernews.com/2026/03/fake-tech-support-spam-deploys.html
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack.
The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from
CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
https://thehackernews.com/2026/03/cisa-adds-actively-exploited-vmware.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild.
The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an
https://thehackernews.com/2026/03/cisa-adds-actively-exploited-vmware.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation in the wild.
The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an
APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
https://thehackernews.com/2026/03/apt41-linked-silver-dragon-targets.html
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.
"Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said
https://thehackernews.com/2026/03/apt41-linked-silver-dragon-targets.html
Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024.
"Silver Dragon gains its initial access by exploiting public-facing internet servers and by delivering phishing emails that contain malicious attachments," Check Point said
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
https://thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems.
The names of the packages are listed below -
nhattuanbl/lara-helper (37 Downloads)
nhattuanbl/simple-queue (29 Downloads)
nhattuanbl/lara-swagger (49 Downloads)
https://thehackernews.com/2026/03/fake-laravel-packages-on-packagist.html
Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a conduit for a cross-platform remote access trojan (RAT) that's functional on Windows, macOS, and Linux systems.
The names of the packages are listed below -
nhattuanbl/lara-helper (37 Downloads)
nhattuanbl/simple-queue (29 Downloads)
nhattuanbl/lara-swagger (49 Downloads)
New RFP Template for AI Usage Control and AI Governance
https://thehackernews.com/2026/03/new-rfp-template-for-ai-usage-control.html
As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actually looking for.
The CISO’s Dilemma: You Have the AI Budget, but Do You Have the Requirements?
As AI
https://thehackernews.com/2026/03/new-rfp-template-for-ai-usage-control.html
As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the budget — to secure it. But there’s a quiet crisis unfolding in the boardroom: many organizations know they need "AI Governance," but they have no idea what they are actually looking for.
The CISO’s Dilemma: You Have the AI Budget, but Do You Have the Requirements?
As AI