Security startup @zast_ai secured new backing to scale AI-driven vulnerability validation.

Its research led to 119 CVE assignments after uncovering hundreds of zero-days. Affected targets included Azure SDK, Apache Struts, and Alibaba Nacos.

🔗 Funding, research scope, enterprise impact → https://thehackernews.com/2026/02/zastai-raises-6m-pre-to-scale-zero.html

🐧 Researchers uncovered SSHStalker, a Linux botnet using IRC for control and mass SSH compromise.

It exploits 16 legacy kernel flaws to infect unpatched systems, wipes logs, and maintains silent persistence.

🔗 Details → https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html

🚨 Microsoft Patches 59 Flaws — 6 Actively Exploited in the Wild!

Fixes hit Windows Shell, MSHTML, Office, and Remote Desktop, with privilege escalation leading the risk landscape.

🔗 Read Full CVEs, exploitation details & patch scope → https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html

On February 25 at 9:00 AM PT, Semgrep is hosting its first-ever virtual keynote - Semgrep Secure 2026: Code Security Rebuilt for the AI Era

AI is now writing more code than humans, and most of it is never reviewed line by line. That reality breaks the assumptions behind traditional AppSec tools, which were built for a world where every line of code was human-authored and inspected.

This isn’t “AI added to security.” It’s security rebuilt for how code is actually created today.

Register now and join us live: https://thn.news/semgrep-secure-2026

🛠️ Patch Tuesday extended across enterprise tech stacks, with "60+ vendors" releasing coordinated security fixes.

Widely used platforms — from SAP and Windows to Chrome, Linux, Cisco, and Fortinet — patched zero-days, SQL injection, privilege escalation, and auth bypass vulnerabilities.

🔗 Full vendor list and CVEs → https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html

Five attacks. Five lessons. One goal: resilience.

From Boeing to Ascension, cybersecurity experts from Halcyon examined #ransomware incidents that reshaped cyber strategy - and the takeaways defenders can apply today.

Curious which decisions changed the outcome? Swipe → to see the high-level hits.

Don’t wait for an incident to learn from one.

Download the full guide: https://thn.news/attacks-changed-everything

⚠️ Indian defense and government networks are under coordinated espionage campaigns using cross-platform RAT malware.

Linked to SideCopy and APT36, the attacks use phishing lures, decoy files, and stealth persistence across Windows and Linux for long-term access.

🔗 Inside the malware toolkit and intrusion chain → https://thehackernews.com/2026/02/apt36-and-sidecopy-launch-cross.html

🤖🔐 Identity security is shifting from static controls to AI-run decisions.

As outlined by SailPoint CISO Rex Booth, AI-driven identity governance will automate access in real time, replacing manual reviews and standing privileges. Passkeys and decentralized IDs will further reshape authentication.

🔗 9 forecasts shaping access, trust, and risk → https://thehackernews.com/expert-insights/2026/02/9-identity-security-predictions-for-2026.html

🚨 Apple shipped emergency updates after confirming exploitation of a zero-day in dyld.

The bug (CVE-2026-20700) could allow attackers to execute arbitrary code on vulnerable Apple devices.

🔗 Read: https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html

Fixes extend across iOS, macOS, visionOS, and legacy platforms.

🤖 One bulletproof-hosted IP drove 346 of 417 Ivanti EPMM exploit attempts.

Activity targeted CVSS 9.8 RCE flaws, rotating 300+ user agents while scanning other enterprise platforms in parallel. Signals automated initial-access reconnaissance.

🔗 Read → https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html

Attack surfaces are growing. Threats are accelerating.

Learn how leading teams are adopting Threat‑Informed Defense to align operations with real adversary behavior, not hypotheticals.

This guide breaks down Filigran’s six‑stage TID pipeline and shows how to:

• Prioritize defenses based on real threats
• Simulate adversary behavior to validate your posture
• Operationalize CTI with OpenCTI + OpenAEV
• Build a continuous feedback loop that sharpens detection & response

🔗 Download the guide today → https://thn.news/practical-threat-defense

🔥 This week’s ThreatsDay Bulletin tracks intrusion tactics spreading across AI tools, enterprise apps, cloud, and vehicles.

Pattern: quiet access → expanded through trusted systems.

• 🤖 Prompt abuse → code exec
• 🧩 Loaders → staged malware
• ☁️ OAuth/cloud misuse
• 🛠️ Enterprise RCEs
• 🚗 Auto zero-days

🔗 Full threat roundup → https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html

A new enterprise study shows only 16% of orgs run Continuous Threat Exposure Management (CTEM).

Those that do see 50% better attack surface visibility and stronger tooling adoption, creating a widening security gap as environments scale.

🔗 Peer benchmarks and risk data breakdown → https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html

👨🏻‍💻 Picus Security analyzed 1.1M malware samples to reveal a new era of Silent Residency.

Encryption payloads down 38%. 80% of top techniques now focus on evasion. Malware uses trigonometry to bypass sandboxes.

The Digital Parasite has arrived.

Read the full Red Report 2026: https://thn.news/red-report-2026

⚠️ Fake recruiter coding tests pushed poisoned npm & PyPI dependencies to developers.

Hidden packages deployed RAT access, while separate implants stole browser & crypto wallet data. One library exceeded 10,000 downloads before weaponization.

🔗 Read → https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html

Researchers found the first malicious Microsoft Outlook add-in used in real attacks.

Hackers hijacked an abandoned calendar plug-in, claimed its expired domain, and served a fake Microsoft login—stealing 4,000+ credentials. The add-in still had mailbox read/write permissions.

🔗 Learn how... → https://thehackernews.com/2026/02/first-malicious-outlook-add-in-found.html

⚡ Google tracked multiple state groups using Gemini for vuln research, exploit debugging, and persona building across cyber operations.

One malware strain even generated second-stage code via the API, executed filelessly in memory.

🔗 Threat actor tactics, malware, and AI abuse cases → https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html

Threat actors are actively exploiting CVE-2026-1731 (9.9) in BeyondTrust Remote Support & PRA.

Attackers extract portal data, then open WebSocket channels to trigger unauthenticated RCE.

🔗 Read → https://thehackernews.com/2026/02/researchers-observe-in-wild.html

Patches are out, but exploitation started fast.

npm killed long-lived tokens after the Sha1-Hulud attack, shifting to short-lived sessions and MFA by default.

Security improved — but MFA phishing and optional publish protections still leave gaps. Console access can still mean package compromise.

🔗 Where the new model still fails → https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html

⚠️ Security firms uncovered coordinated abuse of Chrome extensions across business, social, and AI tools.

From Meta ad accounts to Gmail inboxes, attackers used add-ons to scrape data, inject payloads, and persist inside sessions.

🔗 Read → https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html

🛑 Researchers track UAT-9921 using the VoidLink modular malware framework against tech and finance targets.

The Linux-focused toolkit enables stealth persistence, scanning, and lateral movement via post-compromise C2 implants.

🔗 Look inside the framework’s stealth and RBAC design → https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html