🌐⚠️ AISURU/Kimwolf launched a record 31.4 Tbps HTTP DDoS attack — mitigated by Cloudflare.

Same botnet drove holiday flood campaigns as Q4 hyper-volumetric attacks surged. Runs on 2M+ infected Android devices via proxy networks.

🔗 Read → https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html

🔥 Anthropic’s Claude Opus 4.6 AI found 500+ previously unknown high-severity flaws in open-source code.

Impacted: Ghostscript, OpenSC, CGIF. Bugs ranged from buffer overflows to memory corruption — all validated and patched.

🔗 Details → https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html

🛑 Malicious updates were published to official dYdX trading packages on npm and PyPI, delivering a wallet stealer and remote access malware.

Published via compromised maintainer accounts, the malware hid inside transaction-signing and wallet code.

🔗Read → https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html

🛡️ Turn intel into action with a 6-stage Threat-Informed Defense pipeline. Map adversary TTPs, simulate attacks, validate controls, and prioritize fixes that reduce real risk.

🔗 Download Guide (Framework steps + tooling) → https://www.linkedin.com/pulse/turn-intel-action-guide-threatinformed-defense-thehackernews-hru3c/

State-linked hackers breached 70+ government & critical infrastructure networks across 37 countries, Unit 42 reports.

Targets include law enforcement, finance ministries, and border control. Initial access via phishing loaders, with payloads staged on GitHub.

🔗 Intrusion chain, malware design, targeting scope → https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html

🛑 CISA orders federal agencies to remove unsupported edge devices within 12–18 months.

Unpatched firewalls, routers, IoT, and perimeter gear are now flagged as prime entry points—actively exploited by state-backed actors for network access.

🔗 Directive scope, deadlines, device list → https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html

Cisco Talos exposed DKnife — a China-linked AitM framework active since 2019 on compromised routers and edge devices.

It monitors traffic, steals credentials, and hijacks app/software updates to deploy ShadowPad and DarkNimbus on PCs and phones.

🔗 Modules and infection chain → https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework.html

German authorities warn of a state-linked phishing campaign abusing Signal account features to hijack chats.

Actors pose as support, steal PINs or trick targets into device linking—enabling message interception and impersonation across political, military, and media networks.

🔗 Read → https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html

🔥 OpenClaw now scans every ClawHub skill using 🛡️ VirusTotal threat intel.

Uploads are hashed, analyzed via Code Insight, then auto-approved, flagged, or blocked. Daily rescans 🔍 check if clean skills turn malicious later.

⚠️ Hundreds of risky skills had slipped through earlier.

🔗 Read → https://thehackernews.com/2026/02/openclaw-integrates-virustotal-scanning.html

⚡ BeyondTrust patched pre-auth RCE (CVE-2026-1731) in Remote Support and PRA.

Attackers could run OS commands via crafted requests.~11K exposed instances found. Patches released.

🔗 Versions affected, fixes → https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html

🛑 Cloud worm malware campaign is systematically taking over cloud infrastructure.

TeamPCP exploits exposed Docker, Kubernetes, Redis, and React2Shell to mass-deploy proxies, scanners, crypto miners & ransomware across compromised clusters.

🔗 Read → https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html

🛠️ Bloody Wolf tied to a spear-phishing campaign deploying NetSupport RAT across Central Asia and Russia.

~60 victims across government, finance, manufacturing. Malicious PDFs drop loaders that persist via scripts + scheduled tasks.

🔗 Details → https://thehackernews.com/2026/02/bloody-wolf-targets-uzbekistan-russia.html

🧪⚡ SOC teams aren’t failing on tools — they’re overloaded by triage. Constant validation loops are fueling burnout and SLA drift.

CISOs are moving to sandbox-first workflows, exposing live behavior early and reducing escalations, MTTR, and senior drag.

🔗 How evidence replaces guesswork → https://thehackernews.com/2026/02/how-top-cisos-solve-burnout-and-speed.html

⚠️ AI tools, supply chains, and trusted platforms are now attack paths.

Malicious AI skills, Signal phishing, Docker AI RCE, update hijacks — plus a record 31.4 Tbps DDoS. All in one week.

🔎 Read the full recap here: https://thehackernews.com/2026/02/weekly-recap-ai-skill-malware-31tbps.html

🚨 Microsoft traced a multi-stage intrusion to exposed SolarWinds Web Help Desk servers.

Attackers used unauthenticated RCE, moved laterally, and abused legit RMM tools for persistence — plus credential dumping and DCSync.

🔗 Tradecraft, CVEs, and lateral movement chain → https://thehackernews.com/2026/02/solarwinds-web-help-desk-exploited-for.html

⚠️ Singapore’s cyber agency says China-linked UNC3886 targeted all four national telecom operators.

Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found.

🔗 Read → https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html

🚨🛡️ Fortinet Fixes Critical FortiClientEMS RCE (CVE-2026-21643, CVSS 9.1).

SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available).

Separate FortiCloud SSO bug is actively exploited for admin persistence and firewall config theft.

🔗 See affected versions and patch guidance → https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html

🚨 Ivanti EPMM Zero-Day Exploits Breach Dutch Regulators, Linked to Wider 🇪🇺 EU Government Intrusions.

Attackers exploited CVSS 9.8 unauthenticated RCE flaws to access employee work contact data.
Related activity also impacted the European Commission and Finland’s Valtori systems.

🔗 Details → https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html

Three practical questions security teams should answer before selecting an SSE platform:

⚙️ Deployment complexity
👁️ In-session visibility
🛡️ Real session risk coverage

🔗 Framework, tradeoffs, rollout risks → https://thehackernews.com/expert-insights/2026/02/3-questions-to-ask-before-your-next-sse.html

⚠️🛠️ Warlock ransomware breached SmarterTools via unpatched SmarterMail VM.

Attackers entered Jan 29, moved laterally, seized Active Directory, and staged Velociraptor pre-encryption. ~12 servers and a QC data center were hit; core apps and customer data stayed unaffected.

🔗 See exploited CVEs → https://thehackernews.com/2026/02/warlock-ransomware-breaches.html

Earn and learn at Infosec Compliance Now 2026!

Registration for the 6th annual Infosec Compliance Now virtual event is live! Attend and earn up to 4 free CPE credits while learning about AI-powered GRC, cyber resilience, continuous control monitoring using automation, and more.

Register Now ➜ https://thn.news/infosec-risk-summit