🛑 A firmware-level Android backdoor called Keenadu is being shipped inside signed tablet builds.

Telemetry shows 13,715 users globally encountered its modules. It injects into every app via core system libraries, enabling remote control, data theft, and ad fraud.

🔗 Read → https://thehackernews.com/2026/02/keenadu-firmware-backdoor-infects.html

🤖 AI assistants with web browsing can be weaponized as stealth command relays.

Check Point showed Copilot and Grok fetching attacker URLs and returning commands through normal responses — blending C2 traffic into enterprise use.

🔗 Read details → https://thehackernews.com/2026/02/researchers-show-copilot-and-grok-can.html

⚠️ CISA added 4 actively exploited flaws to its KEV list, including a Chrome zero-day and critical Zimbra SSRF bug.

Attacks range from browser heap corruption to server command execution and worm delivery.

🔗 Exploited CVEs, affected tech, patch timelines → https://thehackernews.com/2026/02/cisa-flags-four-security-flaws-under.html

⚡ Notepad++ pushed a security update after attackers hijacked its updater to deliver malware to select users.

Version 8.9.2 adds a “double lock” verification system & hardens the auto-updater after a hosting breach enabled poisoned updates.

🔗 Read → https://thehackernews.com/2026/02/notepad-fixes-hijacked-update-mechanism.html

🚨 China-linked UNC6201 exploited a CVSS 10.0 (CVE-2026-22769) Dell RecoverPoint zero-day since 2024 using hard-coded credentials.

Access led to Tomcat web shells, BRICKSTORM installs, and newer GRIMBOLT backdoors built to evade detection.

🔗 Read → https://thehackernews.com/2026/02/dell-recoverpoint-for-vms-zero-day-cve.html

88% of AI pilots never reach production.

Security and IT teams stall not on tools—but execution. Intelligent workflows blend automation, AI decisions, and human review to move phishing response, service requests, and vuln tracking from manual to real time.

🔗 Pre-built workflow breakdowns → https://thehackernews.com/2026/02/3-ways-to-start-your-intelligent.html

⚠️ Four popular VS Code extensions expose developers to file theft and remote code execution.

Researchers say 125M+ installs are affected. Flaws in Live Server, Code Runner, and others enable localhost abuse, malicious configs, and code injection—some still unpatched.

🔗 Read → https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html

Cybersecurity isn’t preparing for storms anymore. Instability is permanent.

AI threats, regulatory pressure, and geopolitical risk now shape how systems are built and run—not just defended.

🔗 What security looks like when volatility is baseline → https://thehackernews.com/2026/02/cybersecurity-tech-predictions-for-2026.html

🚨 There’s an extreme scarcity of skilled GenAI red teamers—experts estimate fewer than 10,000 globally, while one security industry analyst believes there are fewer than 10 capable of tackling frontier AI risks.

📽️ From TELUS Digital's Fuel iX team: Watch Uncharted: The AI Safety & Security Summit on demand to hear from top security leaders and industry experts as they uncover:

• Hidden vulnerabilities in GenAI models
• How automated red teaming is transforming risk detection
• Actionable strategies to safeguard your AI systems

👉 Watch now: https://thn.news/ai-security-summit-tg

Researchers found a stack overflow in Grandstream GXP1600 phones (CVE-2026-2329, 9.3 CVSS).

A crafted API request can overwrite memory and run code remotely—no login required. Post-exploitation includes credential theft and VoIP call interception via rogue SIP proxy.

🔗 Read → https://thehackernews.com/2026/02/grandstream-gxp1600-voip-phones-exposed.html

🛑 Citizen Lab found Cellebrite tools used on a Kenyan activist’s phone while it was in police custody.

Boniface Mwangi’s Samsung device was accessed in July 2025 and later returned without password protection. Full extraction could include messages, files, and passwords.

The findings follow similar cases in Jordan.

🔗 Read → https://thehackernews.com/2026/02/citizen-lab-finds-cellebrite-tool-used.html