🔥 TOMORROW: Infosec Compliance Now 2026!

Will you be joining us tomorrow? Register for Infosec Compliance Now to learn about AI governance, global regulations, and audit readiness from industry experts.

Bonus: Earn up to 4 CPE credits.

🔗 Register Now → https://thn.news/cyber-risk-2026

🚨 Kremlin-linked cyber hit on Ukraine aid.

Spoofed court email tricked European reconstruction bank into installing malware via nested archives, then RMS remote control. Classic Ukraine playbook, new Western targets.

🔗 Read → https://thehackernews.com/2026/02/uac-0050-targets-european-financial.html

⚠️ A flaw in #GitHub Codespaces let attackers hide malicious Copilot instructions inside a GitHub issue.

When a developer opened a Codespace from that issue, Copilot could silently run the injected prompt and leak a privileged GITHUB_TOKEN.

The research also warns of “promptware” attacks built entirely through prompts.

🔗 Exploit Details → https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html

🚨 CISA added CVE-2026-25108 to its KEV list after active exploitation. The FileZen bug allows an authenticated user to execute OS commands via crafted HTTP requests.

Impacts versions 4.2.1–4.2.8 and 5.0.0–5.0.10 when Antivirus Check is enabled. At least one incident confirmed.

🔗 Read → https://thehackernews.com/2026/02/cisa-confirms-active-exploitation-of.html

⚠️ ALERT: SolarWinds patched four critical 9.1 CVSS flaws in Serv-U that can lead to remote code execution as root.

SolarWinds says there’s no sign of active attacks, but earlier Serv-U flaws were used by Storm-0322.

🔗 Details → https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html

Most breaches start with low-severity alerts no one owns.

SolarWinds had DNS quirks, odd Azure AD auth, strange SAML tokens. Each looked minor. Together, they meant compromise.

SOCs are built for volume and speed. Rare, cross-domain signals fall outside playbooks and KPIs.

🔗 Why long-tail alerts slip through SOCs → https://thehackernews.com/expert-insights/2026/02/the-riskiest-alert-types-and-why.html

🔥 Microsoft just open-sourced LiteBox, a Rust-based sandboxing library OS.

Developed via the LVBS project, it shrinks attack surfaces by stripping the interface between apps and the host. It enables unmodified Linux programs to run securely on Windows or within isolated Linux environments.

🔗 Read: https://thehackernews.com/2026/02/weekly-recap-double-tap-skimmers.html#:~:text=Microsoft%20Unveils%20LiteBox

🚨 A former L3Harris employee was sentenced to just over 7 years for selling 8 zero-day exploits to Russian broker Operation Zero.

Prosecutors say he received up to $4M in crypto, and the theft is estimated to have cost L3Harris $35M.

Washington has sanctioned the broker and related entities.

🔗 Full story here: https://thehackernews.com/2026/02/defense-contractor-employee-jailed-for.html

⚡ 53% of national security orgs still rely on manual data transfers, inviting human error as attacks surge 25%.

The Everfox CYBER360 report calls for a "Cybersecurity Trinity": Zero Trust + Data-Centric Security + Cross-Domain Solutions.

🔗 The framework for mission-speed security: https://thehackernews.com/2026/02/manual-processes-are-putting-national.html

🚨 Over 50,000 npm and 4,500 NuGet users were hit by malicious packages before they were pulled.

The NuGet attack rewrote ASP_NET authorization for instant admin access, while the npm variant used preinstall hooks to deploy OS-specific malware and exfiltrate data.

🔗 Read → https://thehackernews.com/2026/02/malicious-nuget-packages-stole-aspnet.html

AI agents aren't taking over humanity… yet. But they are accessing your corporate data in ways you probably can't see.

The Model Context Protocol (MCP) is unlocking agentic AI, and your employees are already using it to connect AI tools to SaaS apps—working smarter and faster with tools they already know. But each MCP connection creates a new data highway with expansive permissions and scopes.

Which is why Nudge Security built automatic discovery for risky MCP connections. Now you can see:

• Which MCP server connections exist in your environment
• Which apps and data they're accessing
Their full permissions and scopes
• With clear visibility into every connection, you can stay ahead of emerging risks and start governing your agent workforce.

Learn more about AI governance with Nudge: https://thn.news/nudge-ai-risk

🎙️💰 Cybercriminals linked to Scattered LAPSUS$ Hunters are paying women $500–$1,000 per call to do vishing attacks.

They supply scripts, target IT help desks to reset passwords, bypass MFA & drop remote tools.

🔗 Help desk attack chain → https://thehackernews.com/2026/02/slh-offers-5001000-per-call-to-recruit.html

👨🏻‍💻 SOC triage usually relies on guesswork, driving up risk.

@anyrun_app changes that: its interactive sandbox reveals the full attack chain in ~60 seconds for 90% of cases. The result? 21 minutes shaved off MTTR and 30% fewer escalations to Tier 2.

🔗 See execution-based triage in action: https://thehackernews.com/2026/02/top-5-ways-broken-triage-increases.html

🛑 Researchers found 3 vulnerabilities in Anthropic’s #ClaudeCode allowing remote code execution and API key theft.

Simply opening a malicious repo could trigger commands or leak credentials before trust prompts appeared.

🔗 Read details here: https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html

🛡️ Google exposes China-linked UNC2814 for breaching 53 orgs across 42 countries.

They used GRIDTIDE to hide C2 in Google Sheets, moved with stolen service accounts, and persisted via systemd.

Google has nuked 🔥 the attacker’s infrastructure.

🔗 Read: https://thehackernews.com/2026/02/google-disrupts-unc2814-gridtide.html

🚨 Cisco is warning of active exploitation of a CVSS 10.0 flaw in Catalyst SD-WAN controllers.

CVE-2026-20127 lets unauthenticated attackers bypass auth and gain admin access. Exploitation tied to UAT-8616 dates back to 2023, including rogue peers in the control plane and root escalation.

🔗 Read → https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html

⚠️ Microsoft says fake Next.js job repos are being used to gain persistent access to developer machines.

Opening a VS Code project or running npm run dev can trigger hidden loaders that pull JavaScript into memory, profile the host, and connect to C2.

GitLab banned 131 linked accounts and tracked heavy abuse of Vercel.

🔗 Read → https://thehackernews.com/2026/02/fake-nextjs-repos-target-developers.html