Identity risk now sits beyond IAM — inside apps, APIs, and service accounts.

🧩 Identity Dark Matter includes hardcoded credentials, orphaned accounts, and access paths outside identity providers — largely invisible to traditional tools.

🔗 Learn how Orchid uncovers Identity Dark Matter → https://thehackernews.com/2026/02/orchid-security-introduces-continuous.html

🚨 All 24 GenAI models failed our security testing

We put 24 leading GenAI models through comprehensive security testing. The results? Every single one demonstrated exploitable chatbot vulnerabilities, with attack success rates ranging from 1.13% to 64.13%.

Key findings:
- 24 frontier models tested
- Hundreds of vulnerabilities discovered
- Attack success rates up to 64%
- 100% failure rate across all models

What's in the report:
✅ Detailed security profiles of 24 GenAI models
✅ Analysis of the AI prevention gap
✅ Practical strategies for securing AI systems
✅ Compliance and risk management guidance

As GenAI transforms industries, these findings underscore the critical need for continuous, automated security testing.

Download the full report: https://thn.news/gen-ai-tg-report

🇨🇳 China-linked Amaranth-Dragon targeted Southeast Asian government and law enforcement networks in 2025, with links to the APT41 ecosystem.

Campaigns leveraged political lures and the WinRAR CVE-2025-8088 RCE flaw, using cloud delivery and geo-fenced infrastructure for stealth.

🔗 Read → https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html

Threat actors are delivering AsyncRAT via IPFS-hosted VHD files in DEAD#VAX.

Phishing emails mount fake PDF drives that run obfuscated scripts and in-memory shellcode inside trusted Windows processes—minimal disk trace.

🧠 Fileless
🛰️ IPFS
🪟 Process injection

🔗Read → https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html

⚡ Microsoft built a scanner to detect backdoors in open-weight LLMs 🧠 using 3 behavioral signals.

It flags trigger attention spikes, memorized poisoning data leaks, and fuzzy trigger activation—no retraining required. Built to scan open models at scale.

🔗 Signals, detection method, limits, AI SDL shift → https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.html

☁️ Cloud attacks move fast. Evidence disappears faster.

Context-aware cloud forensics host data automatically and uses AI to rebuild real attack timelines in minutes—not days. Practical investigation workflows included.

🎥 Join the live session...

Telemetry model, AI analysis, response use cases → https://thehacker.news/forensics-reimagined

⚠️ Attackers are hijacking live web traffic by weaponizing NGINX configs linked to React2Shell exploitation.

Rogue proxy rules silently reroute user sessions through attacker infrastructure—impacting 🏛️ gov, 🎓edu, and Asian 🌏 TLD sites.

🔗 Details → https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html

⚠️ Critical RCE flaw in n8n (CVE-2026-25049, CVSS 9.4) lets authenticated users execute system commands via crafted workflow expressions.

Public webhooks exposed → remote trigger, credential theft, server takeover.

🔗 Exploit path, affected versions, patch details → https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html

Passwords are sliding into legacy status.

Passkeys, AI governance, and verifiable credentials are scaling as identity shifts to real-time trust — per Rex Booth, SailPoint.

🔐 9 predictions reshaping identity security → https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html

💻 Iran-linked APT Infy paused C2 ops during Iran’s Jan internet blackout — then rebuilt infrastructure as access returned.

Timing ties activity to state network controls. Latest malware uses Telegram + HTTP for dual-channel C2.

🔗 Timeline, tooling evolution, infra rebuild → https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html

⚠️ AI is everywhere in the enterprise — SaaS, browsers, copilots, shadow tools. Visibility is years behind adoption.

Legacy controls miss real interaction points, leaving prompts, uploads, and agent workflows ungoverned.

🔗 Download guide link → https://thehackernews.com/2026/02/the-buyers-guide-to-ai-usage-control.html

📦⚠️ Is your container adoption outpacing your security maturity? You’re not alone.

ActiveState’s 2026 State of Vulnerability Management & Remediation Report found 82% of DevSecOps leaders experienced a container-related breach last year and 87% expect one in 2026.

Learn how to close the “remediation gap” and the role AI will play in securing your stack by 2026.

📥 Download the report → https://thn.news/container-sec-guide

🚨 ThreatsDay Bulletin is live.

This week’s signals point to a quieter but faster threat landscape:

• Codespaces RCE & dev workflow abuse
• AI-assisted cloud intrusions
• BYOVD driver exploitation
• AsyncRAT C2 exposure
• Sandbox escape flaws
• RMM persistence campaigns
• Crypto drainer ecosystems
• Botnet & DDoS scaling ops
• Supply-chain injection paths
• APT & crimeware infra overlap

Attack paths are blending into trusted environments — cloud, identity, drivers, and developer tooling.

All updates in one place → https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html

AI is foundational for security teams, but operational relief still feels out of reach.

Tines just launched Voice of Security 2026, based on insights from 1,800+ security leaders and practitioners.

The data shows why workloads remain high and what it takes to unlock real AI impact 👇 https://thn.news/security-pro-meta-fb

🌐⚠️ AISURU/Kimwolf launched a record 31.4 Tbps HTTP DDoS attack — mitigated by Cloudflare.

Same botnet drove holiday flood campaigns as Q4 hyper-volumetric attacks surged. Runs on 2M+ infected Android devices via proxy networks.

🔗 Read → https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html

🔥 Anthropic’s Claude Opus 4.6 AI found 500+ previously unknown high-severity flaws in open-source code.

Impacted: Ghostscript, OpenSC, CGIF. Bugs ranged from buffer overflows to memory corruption — all validated and patched.

🔗 Details → https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html

🛑 Malicious updates were published to official dYdX trading packages on npm and PyPI, delivering a wallet stealer and remote access malware.

Published via compromised maintainer accounts, the malware hid inside transaction-signing and wallet code.

🔗Read → https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html

🛡️ Turn intel into action with a 6-stage Threat-Informed Defense pipeline. Map adversary TTPs, simulate attacks, validate controls, and prioritize fixes that reduce real risk.

🔗 Download Guide (Framework steps + tooling) → https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/

State-linked hackers breached 70+ government & critical infrastructure networks across 37 countries, Unit 42 reports.

Targets include law enforcement, finance ministries, and border control. Initial access via phishing loaders, with payloads staged on GitHub.

🔗 Intrusion chain, malware design, targeting scope → https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html

🛑 CISA orders federal agencies to remove unsupported edge devices within 12–18 months.

Unpatched firewalls, routers, IoT, and perimeter gear are now flagged as prime entry points—actively exploited by state-backed actors for network access.

🔗 Directive scope, deadlines, device list → https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html

Cisco Talos exposed DKnife — a China-linked AitM framework active since 2019 on compromised routers and edge devices.

It monitors traffic, steals credentials, and hijacks app/software updates to deploy ShadowPad and DarkNimbus on PCs and phones.

🔗 Modules and infection chain → https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html