ππ‘οΈ Google says defense contractors face sustained cyber targeting from China, Iran, North Korea, and Russia.
Campaigns span battlefield tech theft, hiring infiltration, and supply-chain breaches. Actors now focus on individuals and edge devices to bypass EDR visibility.
π Threat clusters, malware families, intrusion paths β https://thehackernews.com/2026/02/google-links-china-iran-russia-north.html
Campaigns span battlefield tech theft, hiring infiltration, and supply-chain breaches. Actors now focus on individuals and edge devices to bypass EDR visibility.
π Threat clusters, malware families, intrusion paths β https://thehackernews.com/2026/02/google-links-china-iran-russia-north.html
π₯23π9π6β‘4π€4
A newly tracked actor tied to Russian intelligence is deploying CANFAIL against Ukraine.
Targets span defense, energy, and government, with spillover into drone and nuclear research. GTIG says LLM use now supports recon, phishing, and C2 setup despite limited resources.
π Read β https://thehackernews.com/2026/02/google-ties-suspected-russian-actor-to.html
Targets span defense, energy, and government, with spillover into drone and nuclear research. GTIG says LLM use now supports recon, phishing, and C2 setup despite limited resources.
π Read β https://thehackernews.com/2026/02/google-ties-suspected-russian-actor-to.html
π16π€―9π7β‘1
β οΈ Microsoft detailed a new ClickFix variant abusing DNS lookups via nslookup to stage malware.
Victims run commands that fetch payloads from attacker-controlled resolvers, bypassing web defenses and blending into normal traffic.
Leads to RAT deployment and persistence.
π Read here β https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html
Victims run commands that fetch payloads from attacker-controlled resolvers, bypassing web defenses and blending into normal traffic.
Leads to RAT deployment and persistence.
π Read here β https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html
π₯14π€―8π€4π2
π¨ Google patched Chrome zero-day CVE-2026-2441, a CVSS 8.8 bug already exploited in attacks.
The CSS use-after-free flaw allows sandboxed remote code execution via malicious pages.
π Read β https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html
First active Chrome zero-day fixed this year. Update now.
The CSS use-after-free flaw allows sandboxed remote code execution via malicious pages.
π Read β https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html
First active Chrome zero-day fixed this year. Update now.
π±16π7π₯3π€3β‘2π1
Security teams have more telemetry than ever. Theyβre also falling further behind.
In a new exposure management analysis, Yochai Corem argues the gap isnβt visibility β itβs action. Attackers now scale faster than human response cycles, exploiting known exposures while remediation lags.
π From dashboards to validated fixes β https://thehackernews.com/expert-insights/2026/02/the-uncomfortable-truth-about-more.html
In a new exposure management analysis, Yochai Corem argues the gap isnβt visibility β itβs action. Attackers now scale faster than human response cycles, exploiting known exposures while remediation lags.
π From dashboards to validated fixes β https://thehackernews.com/expert-insights/2026/02/the-uncomfortable-truth-about-more.html
π11π2
β οΈ Researchers uncovered ZeroDayRAT, a commercial mobile spyware sold on Telegram targeting Android and iOS.
It enables live camera/mic feeds, GPS tracking, SMS and OTP theft, and wallet hijacking via a self-hosted panel β turning phones into full surveillance nodes.
π Read β https://thehackernews.com/2026/02/new-zerodayrat-mobile-spyware-enables.html
It enables live camera/mic feeds, GPS tracking, SMS and OTP theft, and wallet hijacking via a self-hosted panel β turning phones into full surveillance nodes.
π Read β https://thehackernews.com/2026/02/new-zerodayrat-mobile-spyware-enables.html
π7π4
β‘ Lithuania is investing β¬24.1M to harden its digital society against AI-era cybercrime.
The national mission links universities, industry, and government to build fraud detection, disinformation tracking, and critical infrastructure defenses as GenAI reshapes attack tactics.
π Inside the program and threat shift β https://thehackernews.com/2026/02/safe-and-inclusive-esociety-how.html
The national mission links universities, industry, and government to build fraud detection, disinformation tracking, and critical infrastructure defenses as GenAI reshapes attack tactics.
π Inside the program and threat shift β https://thehackernews.com/2026/02/safe-and-inclusive-esociety-how.html
π€4π1
The week in cyber:
π Add-in supply chain abuse
π§ AI in attack workflows
π Active zero-days patched
π Privileged access exploits
βοΈ Cloud infra hijacks
π€ Crypto mining botnets
π‘ IRC-based C2 returns
π οΈ PoC exploits weaponized
π Defense sector targeting
π Full Weekly Cybersecurity Recap β https://thehackernews.com/2026/02/weekly-recap-outlook-add-ins-hijack-0.html
π Add-in supply chain abuse
π§ AI in attack workflows
π Active zero-days patched
π Privileged access exploits
βοΈ Cloud infra hijacks
π€ Crypto mining botnets
π‘ IRC-based C2 returns
π οΈ PoC exploits weaponized
π Defense sector targeting
π Full Weekly Cybersecurity Recap β https://thehackernews.com/2026/02/weekly-recap-outlook-add-ins-hijack-0.html
β‘5
π A new academic study mapped password recovery attack paths across Bitwarden, LastPass, and Dashlaneβtesting zero-knowledge designs against a malicious server model.
Researchers identified 25 attack scenarios impacting vault integrity and recovery flows. No active exploitation reported.
π Research scope, attack methods and vendor fixes β https://thehackernews.com/2026/02/study-uncovers-25-password-recovery.html
Researchers identified 25 attack scenarios impacting vault integrity and recovery flows. No active exploitation reported.
π Research scope, attack methods and vendor fixes β https://thehackernews.com/2026/02/study-uncovers-25-password-recovery.html
π27
π Appleβs latest beta brings end-to-end encryption to RCS β but only for Apple-to-Apple chats so far.
Itβs part of iOS 26.4 testing alongside new memory protections designed to block spyware at the kernel level.
π Inside Appleβs new security stack β https://thehackernews.com/2026/02/apple-tests-end-to-end-encrypted-rcs.html
Itβs part of iOS 26.4 testing alongside new memory protections designed to block spyware at the kernel level.
π Inside Appleβs new security stack β https://thehackernews.com/2026/02/apple-tests-end-to-end-encrypted-rcs.html
π14π€2π1
β‘ Microsoft warns some firms are embedding manipulative prompts in βSummarize with AIβ buttons.
Researchers identified 50+ hidden instructions that push assistants to remember and recommend specific brands β with effects persisting across future chats, often without user awareness.
π Read β https://thehackernews.com/2026/02/microsoft-finds-summarize-with-ai.html
Researchers identified 50+ hidden instructions that push assistants to remember and recommend specific brands β with effects persisting across future chats, often without user awareness.
π Read β https://thehackernews.com/2026/02/microsoft-finds-summarize-with-ai.html
π₯10
Most βAI for GRCβ still stops at task automation β drafting policies or extracting clauses.
As Yair Kuznitsov, CEO of Anecdotes, explains, agentic GRC replaces the workflow itself. Agents collect evidence, evaluate controls, trigger remediation, and maintain audit trails autonomously.
Decision-making is embedded.
π CCM agent execution model β https://thehackernews.com/expert-insights/2026/02/ai-shouldnt-improve-workflows-it-should.html
As Yair Kuznitsov, CEO of Anecdotes, explains, agentic GRC replaces the workflow itself. Agents collect evidence, evaluate controls, trigger remediation, and maintain audit trails autonomously.
Decision-making is embedded.
π CCM agent execution model β https://thehackernews.com/expert-insights/2026/02/ai-shouldnt-improve-workflows-it-should.html
π6
β οΈ β οΈ π€ A trojanized Oura AI connector is being used to spread SmartLoader malware.
Attackers cloned the MCP server, staged fake GitHub contributors, and planted it in trusted registries. The payload drops StealC to steal credentials, wallets, and cloud access.
π Read β https://thehackernews.com/2026/02/smartloader-attack-uses-trojanized-oura.html
Attackers cloned the MCP server, staged fake GitHub contributors, and planted it in trusted registries. The payload drops StealC to steal credentials, wallets, and cloud access.
π Read β https://thehackernews.com/2026/02/smartloader-attack-uses-trojanized-oura.html
π6
Network Detection & Response is now central to SOC workflowsβnot an add-on.
Testing Corelightβs Investigator showed analysts tracing exploits, reverse shells, and lateral movement in one dashboard, mapped to MITRE and guided by embedded AI.
NDR serves as a force multiplier for mid-tier teams.
π Inside: hunt workflows β https://thehackernews.com/2026/02/my-day-getting-my-hands-dirty-with-ndr.html
Testing Corelightβs Investigator showed analysts tracing exploits, reverse shells, and lateral movement in one dashboard, mapped to MITRE and guided by embedded AI.
NDR serves as a force multiplier for mid-tier teams.
π Inside: hunt workflows β https://thehackernews.com/2026/02/my-day-getting-my-hands-dirty-with-ndr.html
π7
Infosec Compliance Now 2026 | Earn 4 CPEs
Registration for the 6th annual Infosec Compliance Now virtual event is live! Attend and earn up to 4 free CPE credits while learning about AI-powered GRC, cyber resilience, continuous control monitoring using automation, and more!
Register β https://thn.news/cyber-risk-event
Registration for the 6th annual Infosec Compliance Now virtual event is live! Attend and earn up to 4 free CPE credits while learning about AI-powered GRC, cyber resilience, continuous control monitoring using automation, and more!
Register β https://thn.news/cyber-risk-event
π₯3π1
β οΈ Cloud attacks move faster than investigations.
Wiz experts show how workloads vanish, identities rotate, and logs expire before response even starts.
Minutes β not days β decide outcomes. See how context-aware forensics rebuilds full attack timelines fast.
π See cloud breaches reconstructed step-by-step β https://thehackernews.com/2026/02/cloud-forensics-webinar-learn-how-ai.html
Wiz experts show how workloads vanish, identities rotate, and logs expire before response even starts.
Minutes β not days β decide outcomes. See how context-aware forensics rebuilds full attack timelines fast.
π See cloud breaches reconstructed step-by-step β https://thehackernews.com/2026/02/cloud-forensics-webinar-learn-how-ai.html
π₯7π1
π A firmware-level Android backdoor called Keenadu is being shipped inside signed tablet builds.
Telemetry shows 13,715 users globally encountered its modules. It injects into every app via core system libraries, enabling remote control, data theft, and ad fraud.
π Read β https://thehackernews.com/2026/02/keenadu-firmware-backdoor-infects.html
Telemetry shows 13,715 users globally encountered its modules. It injects into every app via core system libraries, enabling remote control, data theft, and ad fraud.
π Read β https://thehackernews.com/2026/02/keenadu-firmware-backdoor-infects.html
π€―8π±4π€2
π€ AI assistants with web browsing can be weaponized as stealth command relays.
Check Point showed Copilot and Grok fetching attacker URLs and returning commands through normal responses β blending C2 traffic into enterprise use.
π Read details β https://thehackernews.com/2026/02/researchers-show-copilot-and-grok-can.html
Check Point showed Copilot and Grok fetching attacker URLs and returning commands through normal responses β blending C2 traffic into enterprise use.
π Read details β https://thehackernews.com/2026/02/researchers-show-copilot-and-grok-can.html
π6π3π€―2