88% of AI pilots never reach production.
Security and IT teams stall not on toolsβbut execution. Intelligent workflows blend automation, AI decisions, and human review to move phishing response, service requests, and vuln tracking from manual to real time.
π Pre-built workflow breakdowns β https://thehackernews.com/2026/02/3-ways-to-start-your-intelligent.html
Security and IT teams stall not on toolsβbut execution. Intelligent workflows blend automation, AI decisions, and human review to move phishing response, service requests, and vuln tracking from manual to real time.
π Pre-built workflow breakdowns β https://thehackernews.com/2026/02/3-ways-to-start-your-intelligent.html
π16
β οΈ Four popular VS Code extensions expose developers to file theft and remote code execution.
Researchers say 125M+ installs are affected. Flaws in Live Server, Code Runner, and others enable localhost abuse, malicious configs, and code injectionβsome still unpatched.
π Read β https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html
Researchers say 125M+ installs are affected. Flaws in Live Server, Code Runner, and others enable localhost abuse, malicious configs, and code injectionβsome still unpatched.
π Read β https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html
π12π€―7
Cybersecurity isnβt preparing for storms anymore. Instability is permanent.
AI threats, regulatory pressure, and geopolitical risk now shape how systems are built and runβnot just defended.
π What security looks like when volatility is baseline β https://thehackernews.com/2026/02/cybersecurity-tech-predictions-for-2026.html
AI threats, regulatory pressure, and geopolitical risk now shape how systems are built and runβnot just defended.
π What security looks like when volatility is baseline β https://thehackernews.com/2026/02/cybersecurity-tech-predictions-for-2026.html
π4π1
Media is too big
VIEW IN TELEGRAM
π¨ Thereβs an extreme scarcity of skilled GenAI red teamersβexperts estimate fewer than 10,000 globally, while one security industry analyst believes there are fewer than 10 capable of tackling frontier AI risks.
π½οΈ From TELUS Digital's Fuel iX team: Watch Uncharted: The AI Safety & Security Summit on demand to hear from top security leaders and industry experts as they uncover:
β’ Hidden vulnerabilities in GenAI models
β’ How automated red teaming is transforming risk detection
β’ Actionable strategies to safeguard your AI systems
π Watch now: https://thn.news/ai-security-summit-tg
π½οΈ From TELUS Digital's Fuel iX team: Watch Uncharted: The AI Safety & Security Summit on demand to hear from top security leaders and industry experts as they uncover:
β’ Hidden vulnerabilities in GenAI models
β’ How automated red teaming is transforming risk detection
β’ Actionable strategies to safeguard your AI systems
π Watch now: https://thn.news/ai-security-summit-tg
π7
Researchers found a stack overflow in Grandstream GXP1600 phones (CVE-2026-2329, 9.3 CVSS).
A crafted API request can overwrite memory and run code remotelyβno login required. Post-exploitation includes credential theft and VoIP call interception via rogue SIP proxy.
π Read β https://thehackernews.com/2026/02/grandstream-gxp1600-voip-phones-exposed.html
A crafted API request can overwrite memory and run code remotelyβno login required. Post-exploitation includes credential theft and VoIP call interception via rogue SIP proxy.
π Read β https://thehackernews.com/2026/02/grandstream-gxp1600-voip-phones-exposed.html
π8π₯3π€―2
π Citizen Lab found Cellebrite tools used on a Kenyan activistβs phone while it was in police custody.
Boniface Mwangiβs Samsung device was accessed in July 2025 and later returned without password protection. Full extraction could include messages, files, and passwords.
The findings follow similar cases in Jordan.
π Read β https://thehackernews.com/2026/02/citizen-lab-finds-cellebrite-tool-used.html
Boniface Mwangiβs Samsung device was accessed in July 2025 and later returned without password protection. Full extraction could include messages, files, and passwords.
The findings follow similar cases in Jordan.
π Read β https://thehackernews.com/2026/02/citizen-lab-finds-cellebrite-tool-used.html
π€―13π7π₯6
π¨ Researchers tracked a new espionage campaign, CRESCENTHARVEST, targeting supporters of Iranβs protests.
Lures use protest media & reports to deliver RAT malware via disguised .LNK files, stealing credentials, Telegram data & keystrokes.
πRead β https://thehackernews.com/2026/02/crescentharvest-campaign-targets-iran.html
Lures use protest media & reports to deliver RAT malware via disguised .LNK files, stealing credentials, Telegram data & keystrokes.
πRead β https://thehackernews.com/2026/02/crescentharvest-campaign-targets-iran.html
π€―15π4
β‘ Android trojan "Massiv" is using fake IPTV apps to hijack devices and drain bank accounts.
It enables full remote control, screen streaming, SMS theft & banking overlays to capture credentials and run fraudulent transactions unnoticed.
π Details β https://thehackernews.com/2026/02/fake-iptv-apps-spread-massiv-android.html
It enables full remote control, screen streaming, SMS theft & banking overlays to capture credentials and run fraudulent transactions unnoticed.
π Details β https://thehackernews.com/2026/02/fake-iptv-apps-spread-massiv-android.html
π±12π4π3π3
π Today's encryption = Tomorrow's plaintext.
Quantum is closer than you think. Master hybrid PQC, zero-trust inspection & first-to-market solutions from Zscaler.
π’ Webinar: Post-Quantum Cryptography in Action for Security Leaders
π Register now β https://thehacker.news/post-quantum-cryptography
Quantum is closer than you think. Master hybrid PQC, zero-trust inspection & first-to-market solutions from Zscaler.
π’ Webinar: Post-Quantum Cryptography in Action for Security Leaders
π Register now β https://thehacker.news/post-quantum-cryptography
β‘8π4π₯3π3
Machine identities now outnumber humans 82 to 1.
AI attackers use that sprawl to hop from dev containers to production systems in seconds, chaining minor gaps into real attack paths. Critical flaws arenβt required.
Patch cycles canβt match machine speed.
π AI-driven breach paths + CTEM response β https://thehackernews.com/2026/02/from-exposure-to-exploitation-how-ai.html
AI attackers use that sprawl to hop from dev containers to production systems in seconds, chaining minor gaps into real attack paths. Critical flaws arenβt required.
Patch cycles canβt match machine speed.
π AI-driven breach paths + CTEM response β https://thehackernews.com/2026/02/from-exposure-to-exploitation-how-ai.html
π₯11
The SANS State of ICS/OT Security 2025 Report reveals an industry advancing at two speeds.
Detection is faster, but recovery still lagsβwith one in five incidents taking over a month to restore operations.
Get the intel π https://thn.news/ics-security-25-x
Detection is faster, but recovery still lagsβwith one in five incidents taking over a month to restore operations.
Get the intel π https://thn.news/ics-security-25-x
π4π1
β οΈ Android malware now uses Gemini AI.
Researchers say PromptSpy sends screen XML to Gemini, gets JSON tap steps, and pins itself in Recent Apps to stay alive.
It then enables VNC remote access.
π Learn how the AI loop keeps it alive β https://thehackernews.com/2026/02/promptspy-android-malware-abuses-google.html
Researchers say PromptSpy sends screen XML to Gemini, gets JSON tap steps, and pins itself in Recent Apps to stay alive.
It then enables VNC remote access.
π Learn how the AI loop keeps it alive β https://thehackernews.com/2026/02/promptspy-android-malware-abuses-google.html
π5π3π€―1
π Microsoft patched a Windows Admin Center flaw enabling privilege escalation across managed systems.
CVE-2026-26119 (CVSS 8.8) stems from improper authentication and could grant rights equal to the running user.
π Read β https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
CVE-2026-26119 (CVSS 8.8) stems from improper authentication and could grant rights equal to the running user.
π Read β https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
π₯8π2
651 arrests across 16 African nations after an INTERPOL crackdown on online scams.
Operation Red Card 2.0 hit investment fraud, mobile loan apps, and telecom breaches. Investigators linked cases to $45M in victim losses and seized thousands of devices.
π Read β https://thehackernews.com/2026/02/interpol-operation-red-card-20-arrests.html
Operation Red Card 2.0 hit investment fraud, mobile loan apps, and telecom breaches. Investigators linked cases to $45M in victim losses and seized thousands of devices.
π Read β https://thehackernews.com/2026/02/interpol-operation-red-card-20-arrests.html
π₯13π3π€2
This weekβs ThreatsDay recap starts with core platform risk.
π OpenSSL RCE flaws
π Foxit PDF exploits
π€ Copilot DLP bypass
π¬ Enterprise email exposure
π Patches issued
π§ͺ ClickFix macOS hits
π¦ Loaders β RATs/ransomware
π Typosquat delivery chains
π 119 groups hit OT/ICS
π Supply-chain entry tactics
π LLM-made passwords
π Weak randomness patterns
π― Predictable outputs
π‘ Security workflow risk
π Complete recap β https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html
π OpenSSL RCE flaws
π Foxit PDF exploits
π€ Copilot DLP bypass
π¬ Enterprise email exposure
π Patches issued
π§ͺ ClickFix macOS hits
π¦ Loaders β RATs/ransomware
π Typosquat delivery chains
π 119 groups hit OT/ICS
π Supply-chain entry tactics
π LLM-made passwords
π Weak randomness patterns
π― Predictable outputs
π‘ Security workflow risk
π Complete recap β https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html
π8π₯3π€―3
Three former tech employees were indicted for allegedly stealing Google trade secrets and transferring them to Iran.
Prosecutors say the data involved Pixel Tensor processor security and cryptography. Files were copied, photographed, and concealed.
π Details β https://thehackernews.com/2026/02/three-former-google-engineers-indicted.html
Prosecutors say the data involved Pixel Tensor processor security and cryptography. Files were copied, photographed, and concealed.
π Details β https://thehackernews.com/2026/02/three-former-google-engineers-indicted.html
π€20π10π€―8β‘2π₯2
The FBI warns ATM βjackpottingβ caused over $20M in losses in 2025.
Since 2020, 1,900 incidents have been reported, including 700 last year. Attackers use #malware like Ploutus to bypass bank authorization via the XFS layer & trigger rapid cash-outs.
π Read β https://thehackernews.com/2026/02/fbi-reports-1900-atm-jackpotting.html
Since 2020, 1,900 incidents have been reported, including 700 last year. Attackers use #malware like Ploutus to bypass bank authorization via the XFS layer & trigger rapid cash-outs.
π Read β https://thehackernews.com/2026/02/fbi-reports-1900-atm-jackpotting.html
π23π8π±5
A 29-year-old Ukrainian was sentenced to prison for aiding North Koreaβs IT job fraud scheme.
He admitted selling stolen U.S. identities through a site seized in 2024, helping overseas workers secure jobs.
π Details β https://thehackernews.com/2026/02/ukrainian-national-sentenced-to-5-years.html
He admitted selling stolen U.S. identities through a site seized in 2024, helping overseas workers secure jobs.
π Details β https://thehackernews.com/2026/02/ukrainian-national-sentenced-to-5-years.html
π15π€―6
π‘οΈ One in three cyber-attacks starts with a compromised employee account, pushing insurers to π audit passwords, admin access, and full MFA enforcement.
Coverage now depends on proving identity risk is tightly controlled.
π Why MFA gaps can cost millions β https://thehackernews.com/2026/02/identity-cyber-scores-new-metric.html
Coverage now depends on proving identity risk is tightly controlled.
π Why MFA gaps can cost millions β https://thehackernews.com/2026/02/identity-cyber-scores-new-metric.html
π12
MIMICRAT, a new RAT, is spreading via compromised legitimate sites.
Hijacked services displayed fake Cloudflare checks, pushing a PowerShell command that disables logging and AV, then connects over HTTPS masked as analytics traffic.
π Loader stages and 22-command toolkit β https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html
Hijacked services displayed fake Cloudflare checks, pushing a PowerShell command that disables logging and AV, then connects over HTTPS masked as analytics traffic.
π Loader stages and 22-command toolkit β https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html
π12β‘1
β οΈ WARNING: Cline CLI was silently altered for 8 hours after a stolen npm token was used to publish v2.3.0 with a hidden postinstall script that installed OpenClaw.
Roughly 4,000 downloads occurred before the release was pulled & the token revoked.
π Read β https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html
Roughly 4,000 downloads occurred before the release was pulled & the token revoked.
π Read β https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html
π±12π9π€4