Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a...
Year: 2026
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
Ravie LakshmananFeb 23, 2026Cybersecurity / Hacking Security news rarely moves in a straight line. This week, it feels more like...
Over 200K Australian Driver’s Licences Exposed in youX Cyber Breach
image: envato by Image-Source Sydney-based fintech platform youX has confirmed that unauthorized access to its systems led to the exposure...
Confronting Vault Sprawl And The Risks It Brings
Modern enterprises do not set out to create a maze of credentials, keys, and secrets stores. However, this is...
How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC
Originally published at How SmugMug Strengthened Email Authentication and Deliverability with EasyDMARC by Sona Mirzoyan. About the Customer Company:...
Using CardSpace as a Secure Password Manager
It’s 2026. The "Digital Wallet" isn't a feature anymore; it’s invisible plumbing. You glance at your phone, a biometric...
Enterprise SSO for WordPress Portals
Modern WordPress portals in enterprise environments serve employees, partners, vendors, and customers across multiple systems. These portals often connect...
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products Pierluigi Paganini February 23, 2026 Attackers are exploiting CVE-2026-1731 in BeyondTrust...
AI-powered campaign compromises 600 FortiGate systems worldwide
AI-powered campaign compromises 600 FortiGate systems worldwide Pierluigi Paganini February 23, 2026 A Russian-speaking cybercriminal used commercial generative AI tools...
Fake Huorong security site infects users with ValleyRAT
A convincing lookalike of the popular Huorong Security antivirus has been used to deliver ValleyRAT, a sophisticated Remote Access...
When AI Knows Something is Wrong, But No One is Accountable
In the absence of government regulation, we are leaving it to individual tech companies to determine when their own...
How Exposed Endpoints Increase Risk Across LLM Infrastructure
The Hacker NewsFeb 23, 2026Artificial Intelligence / Zero Trust As more organizations run their own Large Language Models (LLMs), they...
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster...
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Ravie LakshmananFeb 23, 2026Threat Intelligence / Artificial Intelligence The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm,...
Ransomware Readiness is the Difference Between A Bad Day at Work and No More Workplace
Ransomware is no longer an exotic cybercrime that happens to someone else. It is now a routine feature of...
