β‘ 53% of national security orgs still rely on manual data transfers, inviting human error as attacks surge 25%.
The Everfox CYBER360 report calls for a "Cybersecurity Trinity": Zero Trust + Data-Centric Security + Cross-Domain Solutions.
π The framework for mission-speed security: https://thehackernews.com/2026/02/manual-processes-are-putting-national.html
The Everfox CYBER360 report calls for a "Cybersecurity Trinity": Zero Trust + Data-Centric Security + Cross-Domain Solutions.
π The framework for mission-speed security: https://thehackernews.com/2026/02/manual-processes-are-putting-national.html
π€5π₯2π2
π¨ Over 50,000 npm and 4,500 NuGet users were hit by malicious packages before they were pulled.
The NuGet attack rewrote ASP_NET authorization for instant admin access, while the npm variant used preinstall hooks to deploy OS-specific malware and exfiltrate data.
π Read β https://thehackernews.com/2026/02/malicious-nuget-packages-stole-aspnet.html
The NuGet attack rewrote ASP_NET authorization for instant admin access, while the npm variant used preinstall hooks to deploy OS-specific malware and exfiltrate data.
π Read β https://thehackernews.com/2026/02/malicious-nuget-packages-stole-aspnet.html
π3π₯1
Media is too big
VIEW IN TELEGRAM
AI agents aren't taking over humanity⦠yet. But they are accessing your corporate data in ways you probably can't see.
The Model Context Protocol (MCP) is unlocking agentic AI, and your employees are already using it to connect AI tools to SaaS appsβworking smarter and faster with tools they already know. But each MCP connection creates a new data highway with expansive permissions and scopes.
Which is why Nudge Security built automatic discovery for risky MCP connections. Now you can see:
β’ Which MCP server connections exist in your environment
β’ Which apps and data they're accessing
Their full permissions and scopes
β’ With clear visibility into every connection, you can stay ahead of emerging risks and start governing your agent workforce.
Learn more about AI governance with Nudge: https://thn.news/nudge-ai-risk
The Model Context Protocol (MCP) is unlocking agentic AI, and your employees are already using it to connect AI tools to SaaS appsβworking smarter and faster with tools they already know. But each MCP connection creates a new data highway with expansive permissions and scopes.
Which is why Nudge Security built automatic discovery for risky MCP connections. Now you can see:
β’ Which MCP server connections exist in your environment
β’ Which apps and data they're accessing
Their full permissions and scopes
β’ With clear visibility into every connection, you can stay ahead of emerging risks and start governing your agent workforce.
Learn more about AI governance with Nudge: https://thn.news/nudge-ai-risk
π4π2π₯2π2π€―2π±1
ποΈπ° Cybercriminals linked to Scattered LAPSUS$ Hunters are paying women $500β$1,000 per call to do vishing attacks.
They supply scripts, target IT help desks to reset passwords, bypass MFA & drop remote tools.
π Help desk attack chain β https://thehackernews.com/2026/02/slh-offers-5001000-per-call-to-recruit.html
They supply scripts, target IT help desks to reset passwords, bypass MFA & drop remote tools.
π Help desk attack chain β https://thehackernews.com/2026/02/slh-offers-5001000-per-call-to-recruit.html
π16π4π₯1
π¨π»βπ» SOC triage usually relies on guesswork, driving up risk.
@anyrun_app changes that: its interactive sandbox reveals the full attack chain in ~60 seconds for 90% of cases. The result? 21 minutes shaved off MTTR and 30% fewer escalations to Tier 2.
π See execution-based triage in action: https://thehackernews.com/2026/02/top-5-ways-broken-triage-increases.html
@anyrun_app changes that: its interactive sandbox reveals the full attack chain in ~60 seconds for 90% of cases. The result? 21 minutes shaved off MTTR and 30% fewer escalations to Tier 2.
π See execution-based triage in action: https://thehackernews.com/2026/02/top-5-ways-broken-triage-increases.html
π₯2π1
π Researchers found 3 vulnerabilities in Anthropicβs #ClaudeCode allowing remote code execution and API key theft.
Simply opening a malicious repo could trigger commands or leak credentials before trust prompts appeared.
π Read details here: https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
Simply opening a malicious repo could trigger commands or leak credentials before trust prompts appeared.
π Read details here: https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
π13π₯7π€4
π‘οΈ Google exposes China-linked UNC2814 for breaching 53 orgs across 42 countries.
They used GRIDTIDE to hide C2 in Google Sheets, moved with stolen service accounts, and persisted via systemd.
Google has nuked π₯ the attackerβs infrastructure.
π Read: https://thehackernews.com/2026/02/google-disrupts-unc2814-gridtide.html
They used GRIDTIDE to hide C2 in Google Sheets, moved with stolen service accounts, and persisted via systemd.
Google has nuked π₯ the attackerβs infrastructure.
π Read: https://thehackernews.com/2026/02/google-disrupts-unc2814-gridtide.html
π₯22π±7π6π2π2π€1
π¨ Cisco is warning of active exploitation of a CVSS 10.0 flaw in Catalyst SD-WAN controllers.
CVE-2026-20127 lets unauthenticated attackers bypass auth and gain admin access. Exploitation tied to UAT-8616 dates back to 2023, including rogue peers in the control plane and root escalation.
π Read β https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html
CVE-2026-20127 lets unauthenticated attackers bypass auth and gain admin access. Exploitation tied to UAT-8616 dates back to 2023, including rogue peers in the control plane and root escalation.
π Read β https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html
π₯8π4π€―2
β οΈ Microsoft says fake Next.js job repos are being used to gain persistent access to developer machines.
Opening a VS Code project or running npm run dev can trigger hidden loaders that pull JavaScript into memory, profile the host, and connect to C2.
GitLab banned 131 linked accounts and tracked heavy abuse of Vercel.
π Read β https://thehackernews.com/2026/02/fake-nextjs-repos-target-developers.html
Opening a VS Code project or running npm run dev can trigger hidden loaders that pull JavaScript into memory, profile the host, and connect to C2.
GitLab banned 131 linked accounts and tracked heavy abuse of Vercel.
π Read β https://thehackernews.com/2026/02/fake-nextjs-repos-target-developers.html
π8
Attackers are stealing encrypted data under a βHarvest Now, Decrypt Laterβ strategy.
Store it now. Decrypt it when quantum machines mature, possibly between 2030 and 2035. Security Navigator 2026 outlines a five-step PQC migration plan and breach data.
π Read β https://thehackernews.com/2026/02/expert-recommends-prepare-for-pqc-right.html
Store it now. Decrypt it when quantum machines mature, possibly between 2030 and 2035. Security Navigator 2026 outlines a five-step PQC migration plan and breach data.
π Read β https://thehackernews.com/2026/02/expert-recommends-prepare-for-pqc-right.html
π13
Attackers are breaking in faster and hiding better than before.
β‘ 4-min breakout
π₯οΈ ActiveMQ β LockBit
𧩠Crash-to-command Chrome
π¦ WinRAR wide exposure
π 723K weak crypto defaults
π’ Google Ads cloaking
π¬ Teams β macOS malware
π§ͺ AI smart contract benchmark
π Judicial Rust RAT
π Full ThreatsDay Bulletin live: https://thehackernews.com/2026/02/threatsday-bulletin-kali-linux-claude.html
β‘ 4-min breakout
π₯οΈ ActiveMQ β LockBit
𧩠Crash-to-command Chrome
π¦ WinRAR wide exposure
π 723K weak crypto defaults
π’ Google Ads cloaking
π¬ Teams β macOS malware
π§ͺ AI smart contract benchmark
π Judicial Rust RAT
π Full ThreatsDay Bulletin live: https://thehackernews.com/2026/02/threatsday-bulletin-kali-linux-claude.html
π2
Visibility empowers teams to see everything. Actionability empowers teams to do anything.
That's the foundation of The 2026 Actionability Report, new research from Axonius and the Ponemon Institute. They're shifting the conversation from the "Visibility Gap" to the "Actionability Opportunity." Because here's what the data shows:
π 45% of organizations consolidate assetsβbut only 1/3 keep inventories current
π 51% lose critical context during remediation when it matters most
π 37% remain stuck in manual workflows despite the AI revolution
The most effective security programs aren't just collecting more data. They're building systems that turn exposure intel into decisive execution.
Download the full report: https://thn.news/axonius-actionability
That's the foundation of The 2026 Actionability Report, new research from Axonius and the Ponemon Institute. They're shifting the conversation from the "Visibility Gap" to the "Actionability Opportunity." Because here's what the data shows:
π 45% of organizations consolidate assetsβbut only 1/3 keep inventories current
π 51% lose critical context during remediation when it matters most
π 37% remain stuck in manual workflows despite the AI revolution
The most effective security programs aren't just collecting more data. They're building systems that turn exposure intel into decisive execution.
Download the full report: https://thn.news/axonius-actionability
π€2
β οΈ A previously unseen backdoor called Dohdoor is being deployed against U.S. schools and healthcare orgs.
Tracked as UAT-10027, the campaign chains phishing β PowerShell loaders β DLL side-loading β DoH C2 (via Cloudflare) β final Cobalt Strike payload.
π Details β https://thehackernews.com/2026/02/uat-10027-targets-us-education-and.html
Tracked as UAT-10027, the campaign chains phishing β PowerShell loaders β DLL side-loading β DoH C2 (via Cloudflare) β final Cobalt Strike payload.
π Details β https://thehackernews.com/2026/02/uat-10027-targets-us-education-and.html
π7π₯2π1
π New botnet loader Aeternum uses Polygon smart contracts as its C2 channel.
Commands go straight to the public blockchainβinfected devices pull & execute them. No servers. No domains. No easy takedown.
(Also: US investigators linked a 300-device proxy net to a Belarus seller.)
π Details β https://thehackernews.com/2026/02/aeternum-c2-botnet-stores-encrypted.html
Commands go straight to the public blockchainβinfected devices pull & execute them. No servers. No domains. No easy takedown.
(Also: US investigators linked a 300-device proxy net to a Belarus seller.)
π Details β https://thehackernews.com/2026/02/aeternum-c2-botnet-stores-encrypted.html
π€―8π3π₯2
β‘ Meta is suing scam advertisers in Brazil, China, and Vietnam after uncovering celeb-bait and cloaking schemes on its platforms.
It says it now protects 500,000+ celebrity images from repeated abuse and has suspended payments, disabled accounts, and blocked domains.
π Read β https://thehackernews.com/2026/02/meta-files-lawsuits-against-brazil.html
It says it now protects 500,000+ celebrity images from repeated abuse and has suspended payments, disabled accounts, and blocked domains.
π Read β https://thehackernews.com/2026/02/meta-files-lawsuits-against-brazil.html
π3π3π1