🚨 Microsoft traced a multi-stage intrusion to exposed SolarWinds Web Help Desk servers.

Attackers used unauthenticated RCE, moved laterally, and abused legit RMM tools for persistence — plus credential dumping and DCSync.

🔗 Tradecraft, CVEs, and lateral movement chain → https://thehackernews.com/2026/02/solarwinds-web-help-desk-exploited-for.html

⚠️ Singapore’s cyber agency says China-linked UNC3886 targeted all four national telecom operators.

Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found.

🔗 Read → https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html

🚨🛡️ Fortinet Fixes Critical FortiClientEMS RCE (CVE-2026-21643, CVSS 9.1).

SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available).

Separate FortiCloud SSO bug is actively exploited for admin persistence and firewall config theft.

🔗 See affected versions and patch guidance → https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html

🚨 Ivanti EPMM Zero-Day Exploits Breach Dutch Regulators, Linked to Wider 🇪🇺 EU Government Intrusions.

Attackers exploited CVSS 9.8 unauthenticated RCE flaws to access employee work contact data.
Related activity also impacted the European Commission and Finland’s Valtori systems.

🔗 Details → https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html

Three practical questions security teams should answer before selecting an SSE platform:

⚙️ Deployment complexity
👁️ In-session visibility
🛡️ Real session risk coverage

🔗 Framework, tradeoffs, rollout risks → https://thehackernews.com/expert-insights/2026/02/3-questions-to-ask-before-your-next-sse.html

⚠️🛠️ Warlock ransomware breached SmarterTools via unpatched SmarterMail VM.

Attackers entered Jan 29, moved laterally, seized Active Directory, and staged Velociraptor pre-encryption. ~12 servers and a QC data center were hit; core apps and customer data stayed unaffected.

🔗 See exploited CVEs → https://thehackernews.com/2026/02/warlock-ransomware-breaches.html

Earn and learn at Infosec Compliance Now 2026!

Registration for the 6th annual Infosec Compliance Now virtual event is live! Attend and earn up to 4 free CPE credits while learning about AI-powered GRC, cyber resilience, continuous control monitoring using automation, and more.

Register Now ➜ https://thn.news/infosec-risk-summit

🕵️‍♂️⚠️ Ransomware Persists — But Encryption Is No Longer the Main Signal of Attack!

Picus reviewed 1.1M malware samples and found a shift toward stealth access over disruption. Encryption attacks fell 38% YoY as extortion moves to data theft and credential abuse.

🔗 Explore the full stealth-attack dataset → https://thehackernews.com/2026/02/from-ransomware-to-residency-inside.html

⚠️🛠️ Reynolds ransomware embeds its own BYOVD evasion, bundling a vulnerable driver to disable EDR before encryption.

It drops the NSecKrnl driver (CVE-2025-68947) to kill security tools, reducing detection and affiliate effort.

🔗 Read full attack chain and defense insights → https://thehackernews.com/2026/02/reynolds-ransomware-embeds-byovd-driver.html

🧑‍💻💻 North Korean operatives are using real LinkedIn accounts to land remote IT jobs in Western firms.

With impersonated profiles and verified emails, DPRK actors secure roles to fund weapons programs and conduct espionage—some gain admin access, steal data, and maintain persistence.

🔍 Read the full investigation → https://thehackernews.com/2026/02/dprk-operatives-impersonate.html

🕵️‍♂️💰 North Korea-linked UNC1069 used deepfake Zoom calls to hack crypto firms.

Posing via Telegram, attackers lured victims into fake meetings, triggering ClickFix commands that deployed multi-stage malware on macOS & Windows to steal wallets and credentials.

🔗 Read → https://thehackernews.com/2026/02/north-korea-linked-unc1069-uses-ai.html

Security startup @zast_ai secured new backing to scale AI-driven vulnerability validation.

Its research led to 119 CVE assignments after uncovering hundreds of zero-days. Affected targets included Azure SDK, Apache Struts, and Alibaba Nacos.

🔗 Funding, research scope, enterprise impact → https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html

🐧 Researchers uncovered SSHStalker, a Linux botnet using IRC for control and mass SSH compromise.

It exploits 16 legacy kernel flaws to infect unpatched systems, wipes logs, and maintains silent persistence.

🔗 Details → https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html

🚨 Microsoft Patches 59 Flaws — 6 Actively Exploited in the Wild!

Fixes hit Windows Shell, MSHTML, Office, and Remote Desktop, with privilege escalation leading the risk landscape.

🔗 Read Full CVEs, exploitation details & patch scope → https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html

On February 25 at 9:00 AM PT, Semgrep is hosting its first-ever virtual keynote - Semgrep Secure 2026: Code Security Rebuilt for the AI Era

AI is now writing more code than humans, and most of it is never reviewed line by line. That reality breaks the assumptions behind traditional AppSec tools, which were built for a world where every line of code was human-authored and inspected.

This isn’t “AI added to security.” It’s security rebuilt for how code is actually created today.

Register now and join us live: https://thn.news/semgrep-secure-2026

🛠️ Patch Tuesday extended across enterprise tech stacks, with "60+ vendors" releasing coordinated security fixes.

Widely used platforms — from SAP and Windows to Chrome, Linux, Cisco, and Fortinet — patched zero-days, SQL injection, privilege escalation, and auth bypass vulnerabilities.

🔗 Full vendor list and CVEs → https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html

Five attacks. Five lessons. One goal: resilience.

From Boeing to Ascension, cybersecurity experts from Halcyon examined #ransomware incidents that reshaped cyber strategy - and the takeaways defenders can apply today.

Curious which decisions changed the outcome? Swipe → to see the high-level hits.

Don’t wait for an incident to learn from one.

Download the full guide: https://thn.news/attacks-changed-everything

⚠️ Indian defense and government networks are under coordinated espionage campaigns using cross-platform RAT malware.

Linked to SideCopy and APT36, the attacks use phishing lures, decoy files, and stealth persistence across Windows and Linux for long-term access.

🔗 Inside the malware toolkit and intrusion chain → https://thehackernews.com/2026/02/apt36-and-sidecopy-launch-cross.html

🤖🔐 Identity security is shifting from static controls to AI-run decisions.

As outlined by SailPoint CISO Rex Booth, AI-driven identity governance will automate access in real time, replacing manual reviews and standing privileges. Passkeys and decentralized IDs will further reshape authentication.

🔗 9 forecasts shaping access, trust, and risk → https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html

🚨 Apple shipped emergency updates after confirming exploitation of a zero-day in dyld.

The bug (CVE-2026-20700) could allow attackers to execute arbitrary code on vulnerable Apple devices.

🔗 Read: https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html

Fixes extend across iOS, macOS, visionOS, and legacy platforms.

🤖 One bulletproof-hosted IP drove 346 of 417 Ivanti EPMM exploit attempts.

Activity targeted CVSS 9.8 RCE flaws, rotating 300+ user agents while scanning other enterprise platforms in parallel. Signals automated initial-access reconnaissance.

🔗 Read → https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html