🤖 Mozilla will add 1-click Firefox setting to fully disable generative AI features.

With Firefox 148, users can block all current and future AI features or manage them individually, keeping AI strictly opt-in as browsers add more automation.

🔗 Read → https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html

🕸️ Exposed C2 server showed a complete BYOB botnet in the open 🧠

Droppers, loaders, and RATs for Windows, Linux, and macOS were publicly accessible, revealing a multi-stage chain for evasion, persistence, and control. Crypto miners were also hosted.

🔗 Read → https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#:~:text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure

🛡️ Russia-linked APT28 exploited a newly disclosed Microsoft Office flaw within days of disclosure.

CVE-2026-21509 was used via malicious RTF files, with geo-fenced delivery targeting Ukraine, Slovakia, and Romania.

🔗 Read → https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html

🔐 Major cloud outages didn’t just break apps—they broke access.

When shared cloud services fail, identity systems fail too, even if the IdP is running. Authentication depends on databases, DNS, and control planes.

🔗 How cloud outages cascade into identity failures → https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html

Want to enhance your cyber resilience with strategies and insights from industry leaders? Sign up for Infosec Compliance Now and earn up to 4 free CPE credits!

This virtual event will explore:
✔️ Structuring AI governance programs
✔️ Establishing continuous control monitoring
✔️ Navigating the current cyber risk landscape

Register Now → https://thn.news/cyber-risk-summit

🚨 Researchers detect active exploitation of a critical React Native CLI flaw.

CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers, with attacks deploying PowerShell and a Rust payload.

🔗 Read → https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html

📢 WEBINAR ALERT → Adding tools hasn’t made SOCs calmer or faster. It’s mostly added noise.

In this session, two SOC operators walk through practical build vs buy decisions, real models, and a customer case study you can reuse.

🔗 Join to Watch: https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html

⚠️ A critical flaw in Docker’s Ask Gordon AI let container metadata execute real commands.

A single malicious Docker LABEL could pass through the MCP gateway and run tools with user privileges. Fixed in version 4.50.0.

🔗 DockerDash details → https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html

🚨 SolarWinds Web Help Desk flaw added to CISA KEV

• CVE-2025-40551 (CVSS 9.8): unauthenticated RCE via deserialization
• Fixed in WHD v2026.1
• Federal agencies must patch by February 6

🔗 Read → https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html

🔒 Eclipse Foundation will add pre-publish security checks to the Open VSX extension registry.

This shifts enforcement from post-report cleanup to blocking risky uploads before release, targeting impersonation, leaked secrets, and known malicious patterns.

🔗 Details → https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html

🛑 Microsoft warns infostealers are expanding from Windows to macOS.

Since late 2025, malvertising (Google Ads) and ClickFix lures have delivered fake DMG installers. Python-based stealers abuse native macOS tools + AppleScript to extract creds, cookies, and iCloud Keychain data.

🔗 Attack chain and theft capabilities → https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html

🛡️ Mid-market firms aren’t under-secured. IBM finds 83 security tools on average, and complexity is the real blocker.

The gaps come from unused EDR, alert overload, and weak prevention—not missing tools.

🔗 Simplifying security across the full threat lifecycle → https://thehackernews.com/expert-insights/2026/02/how-to-secure-your-mid-market-business.html

🛠️📊🔍 Most incident response failures start in the first moments. Early responder decisions on evidence and scope shape the case.

That window repeats as scope expands. Isolating systems too fast can hide real intrusion patterns.

🔗 Inside the first 90 seconds → https://thehackernews.com/2026/02/the-first-90-seconds-how-early.html

Identity risk now sits beyond IAM — inside apps, APIs, and service accounts.

🧩 Identity Dark Matter includes hardcoded credentials, orphaned accounts, and access paths outside identity providers — largely invisible to traditional tools.

🔗 Learn how Orchid uncovers Identity Dark Matter → https://thehackernews.com/2026/02/orchid-security-introduces-continuous.html

🚨 All 24 GenAI models failed our security testing

We put 24 leading GenAI models through comprehensive security testing. The results? Every single one demonstrated exploitable chatbot vulnerabilities, with attack success rates ranging from 1.13% to 64.13%.

Key findings:
- 24 frontier models tested
- Hundreds of vulnerabilities discovered
- Attack success rates up to 64%
- 100% failure rate across all models

What's in the report:
✅ Detailed security profiles of 24 GenAI models
✅ Analysis of the AI prevention gap
✅ Practical strategies for securing AI systems
✅ Compliance and risk management guidance

As GenAI transforms industries, these findings underscore the critical need for continuous, automated security testing.

Download the full report: https://thn.news/gen-ai-tg-report

🇨🇳 China-linked Amaranth-Dragon targeted Southeast Asian government and law enforcement networks in 2025, with links to the APT41 ecosystem.

Campaigns leveraged political lures and the WinRAR CVE-2025-8088 RCE flaw, using cloud delivery and geo-fenced infrastructure for stealth.

🔗 Read → https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html

Threat actors are delivering AsyncRAT via IPFS-hosted VHD files in DEAD#VAX.

Phishing emails mount fake PDF drives that run obfuscated scripts and in-memory shellcode inside trusted Windows processes—minimal disk trace.

🧠 Fileless
🛰️ IPFS
🪟 Process injection

🔗Read → https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html

⚡ Microsoft built a scanner to detect backdoors in open-weight LLMs 🧠 using 3 behavioral signals.

It flags trigger attention spikes, memorized poisoning data leaks, and fuzzy trigger activation—no retraining required. Built to scan open models at scale.

🔗 Signals, detection method, limits, AI SDL shift → https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.html

☁️ Cloud attacks move fast. Evidence disappears faster.

Context-aware cloud forensics host data automatically and uses AI to rebuild real attack timelines in minutes—not days. Practical investigation workflows included.

🎥 Join the live session...

Telemetry model, AI analysis, response use cases → https://thehacker.news/forensics-reimagined

⚠️ Attackers are hijacking live web traffic by weaponizing NGINX configs linked to React2Shell exploitation.

Rogue proxy rules silently reroute user sessions through attacker infrastructure—impacting 🏛️ gov, 🎓edu, and Asian 🌏 TLD sites.

🔗 Details → https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html

⚠️ Critical RCE flaw in n8n (CVE-2026-25049, CVSS 9.4) lets authenticated users execute system commands via crafted workflow expressions.

Public webhooks exposed → remote trigger, credential theft, server takeover.

🔗 Exploit path, affected versions, patch details → https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html