Weekly Scan: Cloud, Cybersecurity, AI News — Feb 22, 2026

This week's critical security updates and vulnerability disclosures:

• CVE-2023-28432 (10 mentions)
• CVE-2026-2979 | FastApiAdmin up to 2.2.0 Scheduled Task API controller.py user_avatar_upload_controller unrestricted upload (3 mentions)
• “Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities (3 mentions)

Read Full Article →

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. [...]

Read Full Article →

In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the ...

Read Full Article →

A user-friendly PhaaS tool beats standard methods for detecting phishing attacks by live-proxying legitimate login sites.

Read Full Article →

ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow

Read Full Article →

AI is accelerating the telecommunications industry’s transformation, becoming the backbone of autonomous networks and AI-native wireless infrastructure. At the same time, the technology is unlocking new business and revenue opportunities, as telecom operators accelerate AI adoption across consume...

Read Full Article →

The Clinejection vulnerability chain illustrates a dangerous new era of supply chain attacks where AI agents are turned into exploit vectors. By combining indirect prompt injection with GitHub Actions cache poisoning, attackers successfully pushed unauthorized code to thousands of developers. Thi...

Read Full Article →

Snyk Studio is redefining AI development security with new integrations for Gemini CLI and Claude Code, enabling developers to build fast without sacrificing safety. Bridge the gap between developer velocity and governance to ensure your code is secure at inception.

Read Full Article →

AWS Backup now supports AWS PrivateLink for SAP HANA systems running on Amazon EC2. This enables customers to route all backup traffic through private network connections without traversing the public internet, helping organizations meet security and compliance requirements for regulated workload...

Read Full Article →

AI assistants are tied into ticketing systems, source code repositories, chat platforms, and cloud dashboards across many enterprises. In some environments, these systems can open pull requests, query internal databases, book services, and trigger automated workflows with limited human involvemen...

Read Full Article →

An single threat actor used AI tools to create and run a campaign that compromised more then 600 Fortinet FortiGate appliances around the world over five weeks, according to Amazon threat researchers, the latest example of how cybercriminals are using the technology in their attacks. The post Att...

Read Full Article →

LLM-driven vuln finding has reached an inflection

Read Full Article →

GPS attacks trigger revisiting threat models

Read Full Article →

What if we think about LLM coding as if it’s a compiler stage?

Read Full Article →

The CRA is coming and it's going to be a dramatic change for technology producers

Read Full Article →

Thinking of threat modeling with a knob helps you get more out of it.

Read Full Article →

Thoughts on the CVE funding crisis

Read Full Article →

Grateful to introduce the Hackers' Almanack!

Read Full Article →

A group of us have urged HHS to require better handling of security reports

Read Full Article →

Some thoughts on the Voyager Episode ‘Inside Man’

Read Full Article →

The most important stories around threat modeling, appsec and secure by design for June, 2024.

Read Full Article →

Why is it hard to count lockbit infections?

Read Full Article →

Making an LLM forget is harder than it seems

Read Full Article →

The CSRB has released its report into an intrusion at Microsoft, and...it’s a doozy.

Read Full Article →

Read Full Article →

The NVD is in crisis, and so is patch management. It’s time to modernize.

Read Full Article →

Solving hallucinations in legal briefs is playing on easy mode —— and still too hard

Read Full Article →

My latest at Dark Reading draws attention to how Microsoft can fix ransomware tomorrow.

Read Full Article →

Phishing behaviors, as observed in the wild.

Read Full Article →

Pointer to Adam’s latest Darkreading article

Read Full Article →

Text captured from GPT-3

Read Full Article →

What happened when Microsoft tried to buy climate abatements

Read Full Article →

Arbitrarily powerful software -- applications, operating systems -- is a problem, as is preventing it from running on enterprise systems.

Read Full Article →

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can't delve into all of it.I did want to talk about one small aspect, which is the way responders talk about Darkside.

Read Full Article →

The timing of updates is not coincidental.

Read Full Article →

Thoughts on the issues with the Ever Given blocking the Suez Canal.

Read Full Article →

For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now.

Read Full Article →

You may have noticed that my end of the year posts are all science focused. Today, a set of resources on the COVID vaccines.

Read Full Article →

Sharing for you, bookmarking for me.

Read Full Article →

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end.

Read Full Article →

Over-inflated numbers won't scare me into buying your ‘solution’.

Read Full Article →

Discussing the value of Security Advisory Boards

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

[no description provided]

Read Full Article →

There are a number of reports out recently, breathlessly presenting their analysis of one threatening group of baddies or another. Most readers should, at most, skim their analysis of the perpetrators. Read on for why.

Read Full Article →

An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. [...]

Read Full Article →

Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs.

Read Full Article →

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said i...

Read Full Article →

Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. [...]

Read Full Article →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below ...

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 ...

Read Full Article →

Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. [...]

Read Full Article →

After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities.

Read Full Article →

The French Ministry of Finance has published an announcement informing of a cybersecurity incident that has impacted 1.2 million accounts. [...]

Read Full Article →

Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (C...

Read Full Article →

Understanding the risks now emerging at every layer of the AI stack.

Read Full Article →

The slower pace of upgrades has the unintended impact of creating a haven for attackers, especially for initial access brokers and ransomware gangs.

Read Full Article →

AI chatbots may deliver unequal answers depending on who is asking the question. A new study from the MIT Center for Constructive Communication finds that LLMs provide less accurate information, increase refusal rates, and sometimes adopt a different tone when users appear less educated, less flu...

Read Full Article →

A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The fake RMM tool, called TrustConnect, was being marketed via an LLM-created website parked on trustconnectsoftware[.]com, su...

Read Full Article →

Cyberangriffe werden immer schneller, wodurch sich die Zeitspanne zwischen der ersten Kompromittierung und den negativen Folgen verkürzt. andrey_l – shutterstock.com Der Einzug von KI hat den benötigten Zeitaufwand für Cyberattacken massiv verkürzt, so dass menschliche Verteidiger nicht mehr mith...

Read Full Article →

CISA has updated its KEV entry for CVE-2026-1731 to alert organizations of exploitation in ransomware attacks. The post BeyondTrust Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek .

Read Full Article →

The University of Mississippi Medical Center (UMMC) closed all its clinic locations statewide on Thursday following a ransomware attack. [...]

Read Full Article →

The company is investigating whether any customer or employee data was stolen by hackers. The post Chip Testing Giant Advantest Hit by Ransomware appeared first on SecurityWeek .

Read Full Article →

PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen d...

Read Full Article →

RPKI relies on vulnerable servers, the French Ministry of Economy discloses a data breach, the UK gives tech platforms 48 hours to remove revenge porn, and ClickFix-attacks are responsible for 50% of malware infections.

Read Full Article →

CarGurus reportedly hit by ShinyHunters - with devastating effect.

Read Full Article →

As scaled-down circuits with limited functions redefine computing for AI systems and autonomous vehicles, their flexibility demands new approaches to safeguard critical infrastructure.

Read Full Article →

Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google's Gemini model to adapt its persistence across different devices. [...]

Read Full Article →

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Read Full Article →

A top FBI cyber official said Salt Typhoon, the Chinese cyber espionage group behind the widespread compromise of U.S. telecommunications infrastructure in 2024, continues to pose a broad threat to both America’s private and public sectors. Michael Machtinger, deputy assistant director for cyber ...

Read Full Article →

Alexandra Seymour also talked about cyber workforce goals, including emulating Israel’s Unit 8200. The post ONCD official says Trump administration aims to bolster AI use for defense without increasing risk appeared first on CyberScoop .

Read Full Article →

An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January ...

Read Full Article →

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need...

Read Full Article →

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. [...]

Read Full Article →

Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we’re focused on ensuring that apps do not cause real-world harm, such...

Read Full Article →

With AI-powered tools readily available, sophisticated attacks no longer require sophisticated attackers.

Read Full Article →

Make sure to secure your firewalls - or face the risk of ransomware attack.

Read Full Article →

The blockchain-based lender has confirmed a data breach after ShinyHunters leaked over 2GB of data allegedly stolen from the company. The post Nearly 1 Million User Records Compromised in Figure Data Breach appeared first on SecurityWeek .

Read Full Article →

Security researchers have uncovered six high-to-critical flaws affecting the open-source AI agent framework OpenClaw , popularly known as a “social media for AI agents.” The flaws were discovered by Endor Labs as its researchers ran the platform through an AI-driven static application security te...

Read Full Article →

A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal

Read Full Article →

Wenn CISOs stärkere Programme, bessere Widerstandsfähigkeit und eine sicherere Zukunft wollen, müssen sie ihren Ansatz weiterentwickeln. Overearth – shutterstock.com Cybersicherheit wird oft wie ein Spiel behandelt. Unternehmen jagen schnellen Erfolgen hinterher, haken Compliance-Listen ab oder k...

Read Full Article →

Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B...

Read Full Article →

Matthew Akande was living in Mexico when he and at least three co-conspirators broke into the networks of tax preparation firms and filed more than 1,000 fraudulent tax returns seeking tax refunds. The post Nigerian man sentenced to 8 years in prison for running phony tax refund scheme appeared f...

Read Full Article →

Social engineering is still the number one attack vector, but ransomware operators are stepping away from encryptors.

Read Full Article →

CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users.

Read Full Article →

The Figure data breach allowed hackers to steal customer names, dates of birth, physical addresses, phone numbers, and email addresses.

Read Full Article →

Ransomware groups reached a record high in 2025, and claimed a record number of victims in the process.

Read Full Article →

The title of the post is” What AI Security Research Looks Like When It Works ,” and I agree: In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for...

Read Full Article →

Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025

Read Full Article →

Der Angriff konnte zurückgeschlagen werden. Trotzdem mussten Reisende mit Einschränkungen leben. Deutsche Bahn AG/Volker Emersleben Die Störungen der Auskunfts- und Buchungssysteme der Deutschen Bahn sind nach Unternehmensangaben auf einen Cyberangriff zurückzuführen. Inzwischen stehen die System...

Read Full Article →

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity in...

Read Full Article →

Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines

Read Full Article →

Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design th...

Read Full Article →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after...

Read Full Article →

On this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: Palo Alto threat researchers want to attribute to China, but management says shush An increasing proportion of ransomware is data extortion. Is this good? Cambodia says it’s going t...

Read Full Article →

A supply chain attack plants backdoors on Android tablets, the EU blocks AI from lawmakers’ devices, Cellebrite was used against a Kenyan politician, and a Chinese APT is exploiting a Dell zero-day.

Read Full Article →

Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt. The post Chinese hackers exploited a Dell zero-day for 18 months before anyone noticed appeared first on CyberScoop .

Read Full Article →

Read Full Article →

Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.

Read Full Article →

Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics

Read Full Article →

An investigation is underway into Washington hotel attackers, but no group has claimed responsibility yet.

Read Full Article →

Dragos annual report warns of a surge in ransomware attacks causing increased operational disruption in industrial environments

Read Full Article →

My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Secu...

Read Full Article →

The January 2026 Eurail breach just got worse, as hackers have started selling the stolen data.

Read Full Article →

All worker types, including CEOs, are showing a lack of readiness when it comes to using AI in cybersecurity.

Read Full Article →

A Tenga employee fell for a phishing email, and gave away access to a company email account.

Read Full Article →

An 8.3/10 use after free in CSS Google Chrome bug was patched after being abused by unnamed threat actors.

Read Full Article →

New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo

Read Full Article →

ShinyHunters claims responsibility, says Figure is part of the Okta single sign-on attacks.

Read Full Article →

Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as Lithuania, as well. From e-signatures to digital health records, the country depends on secure sys...

Read Full Article →

A high severity vulnerability in Google Chrome and allows remote attackers to execute code

Read Full Article →

Dutch telco Odido has revealed a major data breach impacting over six million customers

Read Full Article →

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Faz...

Read Full Article →

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Read Full Article →

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident res...

Read Full Article →

CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials. The post VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) appeared first on Unit 42 .

Read Full Article →

Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners.

Read Full Article →

The Clinejection vulnerability chain illustrates a dangerous new era of supply chain attacks where AI agents are turned into exploit vectors. By combining indirect prompt injection with GitHub Actions cache poisoning, attackers successfully pushed unauthorized code to thousands of developers. Thi...

Read Full Article →

Overview Rapid7 Labs conducted a zero-day research project against the Grandstream GXP1600 series of Voice over Internet Protocol (VoIP) phones. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-2329. A remote attacker can le...

Read Full Article →

Read Full Article →

We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors. The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42 .

Read Full Article →

Snyk Studio is redefining AI development security with new integrations for Gemini CLI and Claude Code, enabling developers to build fast without sacrificing safety. Bridge the gap between developer velocity and governance to ensure your code is secure at inception.

Read Full Article →

자바 개발자의 코틀린 도입을 확대하기 위해, 젯브레인이 마이크로소프트(MS)의 비주얼 스튜디오 코드(Visual Studio Code)용 ‘자바→코틀린’ 변환기 확장 프로그램을 공개했다. 코틀린은 오랫동안 자바의 대안 언어로 자리매김해 왔으며, 안드로이드 모바일 애플리케이션 개발 등 자바 기반 생태계 전반에서 폭넓게 활용되고 있다. 2월 19일 공개된 이 확장 프로그램은 비주얼 스튜디오 마켓플레이스에서 내려받을 수 있다. 개발자는 컨텍스트 메뉴를 통해 개별 자바 파일을 코틀린 코드로 변환할 수 있다. 이를 통해 레거시 코드베이...

Read Full Article →

AI가 비즈니스 전반에 깊숙이 스며들면서 IT 인력 시장도 빠른 속도로 재편되고 있다. 지난 1년 동안 IT 업계는 AI로 인한 업무 환경의 변화를 겪었다. AI는 필요한 기술 역량의 수요를 바꾸고, 일부 IT 경력 개발 과정을 재정의했으며, 거의 모든 기업에서 일상 운영 방식까지 흔들어 놓았다. IT 리더와 구성원들이 워크플로우와 프로세스에 AI를 끼워 넣는 과정에서 업무 방식 자체가 달라지고 있다는 의미다. 최근 다시 감원 소식이 헤드라인을 장식하는 가운데, 기업은 AI를 구현·도입·보호·최적화하는 데 필요한 ‘특정 역량’...

Read Full Article →

‘에이전틱 AI’는 최근 기업 기술 분야에서 가장 주목받는 용어가 됐다. 벤더는 스스로 판단하고 행동하는 시스템을 내세우며, AI를 단순한 보조 도구에서 실행 주체로 끌어올리겠다고 약속하고 있다. AI 투자에서 가시적인 성과를 내야 한다는 압박을 받는 CIO에게 이런 제안은 매력적으로 들릴 수밖에 없다. 그러나 이런 기대와 달리, 현장에서는 프로젝트를 잠시 멈추는 기업도 늘고 있다. 가트너(Gartner) 는 2027년 말까지 에이전틱 AI 프로젝트의 40% 이상이 중단될 것으로 내다봤다. 가트너의 시니어 디렉터 애널리스트 아...

Read Full Article →

You might not have noticed, but we here at Hackaday are pretty big fans of Open Source — software, hardware, you name it. We’ve also spilled our fair share of …read more

Read Full Article →

Confidential complainant details passed to local politician following debate A UK councillor has dubbed her local authority's data breach "crazy" after the personal details of individuals behind a series of complaints were revealed to her.…

Read Full Article →

4K unintended installs in very odd supply chain attack Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their knowledge. …

Read Full Article →

What happens in Vegas… Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…

Read Full Article →

Bitwarden, LastPass, and Dashlane are less secure than you might expect, at least if you go by the findings of security researchers at ETH Zurich and the Università della Svizzera italiana (USI) in Lugano. They’ve allegedly discovered serious security vulnerabilities in these popular password man...

Read Full Article →

'Just trust us' – Big Tech's hackneyed catchphrase makes an unwelcome return The Electronic Frontier Foundation says it will accept LLM generated code from contributors to its open source projects but will draw the line at non-human generated comments and documentation.…

Read Full Article →

We’re living through the single biggest tech disruption in history (and, if not the biggest, definitely the fastest). The AI revolution promises huge productivity gains by automating complex tasks, accelerating scientific breakthroughs in medicine, biotech, materials science, and democratizing ac...

Read Full Article →

For now, it might not function outside of a lab Cybersecurity researchers say they've spotted the first Android malware strain that uses generative AI to improve performance once installed. But it may be only a proof of concept.…

Read Full Article →

Dell, however, is welcome to help build a local-language LLM Poland’s Ministry of Defence has banned Chinese cars – and any others include tech to record position, images, or sound – from entering protected military facilities.…

Read Full Article →

OpenAI is launching two new security features in ChatGPT to address growing threats to its AI systems, according to a recent blog post . As AI services increasingly connect to wider parts of the web and more external apps, the risk of so-called “prompt injection attacks” also increases. A prompt ...

Read Full Article →

Agentic AI came on like a storm over the past year or so, but blazed a trail littered with failed projects and cutting-edge high-tech junk that companies are still trying to sort out. So it’s perhaps no surprise that tech industry execs are urging enterprises to move cautiously with physical AI ,...

Read Full Article →

Security experts have uncovered a number of dangerous extensions for the Chrome browser. A total of 30 extensions belonging to the AiFrame campaign have been identified as dangerous, appearing to offer AI services but actually designed to intercept sensitive information. To date, the extensions h...

Read Full Article →

A zero-day vulnerability is a flaw in software that goes undiscovered by the developers, which can then be found and exploited by hackers before anyone gets wind of it. You might’ve heard about zero-day flaws in Chrome because it happens a lot—oh boy, does it happen a lot . Well, the first one th...

Read Full Article →

Malware analysis Linux distro gets Ubuntu 24.04 base, a new installer, and many new tools.

Read Full Article →

Windows Security is not the same across Windows 10 and Windows 11. Microsoft’s built-in security suite protects against online and offline threats in both operating systems, but Windows 11 gets extra features. Not that most people know about it—few users keep up with the latest additions to backg...

Read Full Article →

Currently trending CVE - Hype Score: 11 - In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timer...

Read Full Article →

Currently trending CVE - Hype Score: 8 - Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Read Full Article →

Currently trending CVE - Hype Score: 5 - Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Read Full Article →

Currently trending CVE - Hype Score: 4 - Missing Authorization vulnerability in Seraphinite Solutions Seraphinite Accelerator seraphinite-accelerator allows Retrieve Embedded Sensitive Data.This issue affects Seraphinite Accelerator: from n/a through <= 2.22.15.

Read Full Article →

Currently trending CVE - Hype Score: 3 - Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through <= 1.1.9.

Read Full Article →

Currently trending CVE - Hype Score: 2 - Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.

Read Full Article →

A vulnerability was found in Zoho ManageEngine ADSelfService Plus up to 6522 and classified as critical . This vulnerability affects unknown code of the component Search Report . Such manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-1367 . The attack can ...

Read Full Article →

A vulnerability has been found in eAI ERP F2 and classified as problematic . This affects an unknown part. This manipulation causes untrusted search path. This vulnerability is handled as CVE-2026-2998 . It is possible to launch the attack on the local host. There is not any exploit available.

Read Full Article →

A vulnerability, which was classified as critical , was found in TIMLEGGE Crypt::NaCl::Sodium up to 2.001 on Perl. Affected by this issue is the function STRLEN of the file Sodium.xs . The manipulation results in integer overflow. This vulnerability is known as CVE-2026-2588 . It is possible to l...

Read Full Article →

A vulnerability, which was classified as critical , has been found in Order Up Online Ordering System 1.0 . Affected by this vulnerability is an unknown functionality of the file /api/integrations/getintegrations of the component POST Request Handler . The manipulation of the argument store_id le...

Read Full Article →

A vulnerability classified as critical was found in WisdomGarden Tronclass up to 1.74 . Affected is an unknown function. Executing a manipulation can lead to authorization bypass. This vulnerability appears as CVE-2026-2997 . The attack may be performed from remote. There is no available exploit.

Read Full Article →

Read Full Article →

A vulnerability classified as critical has been found in Tiandy Video Surveillance System 视频监控平台 7.17.0 . This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java . Performing a manipulation of the argument urlPath results in server-side request forgery. Th...

Read Full Article →

A vulnerability described as problematic has been identified in SourceCodester Student Result Management System 1.0 . This affects an unknown function of the file /admin/core/drop_user.php . Such manipulation of the argument ID leads to denial of service. This vulnerability is documented as CVE-2...

Read Full Article →

A vulnerability marked as critical has been reported in SourceCodester Student Result Management System 1.0 . The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import . This manipulation of the argument File causes improper access controls....

Read Full Article →

A vulnerability identified as critical has been detected in UTT HiPER 810G up to 1.7.7-1711 . Impacted is the function strcpy of the file /goform/setSysAdm . The manipulation of the argument passwd1 leads to buffer overflow. This vulnerability is listed as CVE-2026-2980 . The attack may be initia...

Read Full Article →

A vulnerability was found in FastApiAdmin up to 2.2.0 . It has been rated as critical . This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API . Performing a manipulation results in unre...

Read Full Article →

A vulnerability was found in FastApiAdmin up to 2.2.0 . It has been classified as problematic . Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint . This manipulation of the argument file_p...

Read Full Article →

A vulnerability was found in FastApiAdmin up to 2.2.0 and classified as problematic . Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint . The manipulation results in information disclosure. This...

Read Full Article →

A vulnerability has been found in microASP Portal+ CMS and classified as critical . Affected is an unknown function of the component Requests Handler . The manipulation of the argument explode_tree leads to sql injection. This vulnerability is uniquely identified as CVE-2019-25366 . The attack is...

Read Full Article →

A vulnerability, which was classified as critical , was found in NoviSmart CMS . This impacts an unknown function of the component Header Handler . Executing a manipulation of the argument Referer can lead to sql injection. This vulnerability is handled as CVE-2019-25439 . The attack can be execu...

Read Full Article →

A vulnerability, which was classified as critical , has been found in Web Ofisi Rent a Car 3 . This affects an unknown function. Performing a manipulation of the argument klima results in sql injection. This vulnerability is known as CVE-2019-25462 . Remote exploitation of the attack is possible....

Read Full Article →

A vulnerability classified as critical was found in Web Ofisi Platinum E-Ticaret 5 . The impacted element is an unknown function of the file ajax/productsFilterSearch . Such manipulation of the argument q leads to sql injection. This vulnerability is traded as CVE-2019-25461 . The attack may be l...

Read Full Article →

A vulnerability described as critical has been identified in Ashopsoftware Ashop Shopping Cart Software . Impacted is an unknown function of the file admin/bannedcustomers.php . The manipulation of the argument blacklistitemid results in sql injection. This vulnerability is reported as CVE-2019-2...

Read Full Article →

A vulnerability marked as critical has been reported in Web Ofisi Emlak V2 . This issue affects some unknown processing. The manipulation of the argument emlak_durumu/emlak_tipi/il/ilce/kelime/semt leads to sql injection. This vulnerability is documented as CVE-2019-25459 . The attack can be init...

Read Full Article →

A vulnerability labeled as critical has been found in Xoops CMS 2.5.9 . This vulnerability affects unknown code of the file gerar_pdf.php . Executing a manipulation of the argument cid can lead to sql injection. This vulnerability is registered as CVE-2019-25433 . It is possible to launch the att...

Read Full Article →

A vulnerability identified as critical has been detected in Webincorp WebIncorp ERP . This affects an unknown part of the file product_detail.php . Performing a manipulation of the argument prod_id results in sql injection. This vulnerability is cataloged as CVE-2019-25440 . It is possible to ini...

Read Full Article →

A vulnerability categorized as critical has been discovered in Web-ofisi Firma Rehberi 1 . Affected by this issue is some unknown functionality of the component GET Parameter Handler . Such manipulation of the argument il/kat/kelime leads to sql injection. This vulnerability is listed as CVE-2019...

Read Full Article →

A vulnerability was found in Webwiz Web Wiz Forums 12.01 and classified as critical . This affects an unknown function of the file member_profile.asp . Executing a manipulation of the argument PF can lead to sql injection. The identification of this vulnerability is CVE-2019-25442 . The attack ma...

Read Full Article →

A vulnerability has been found in Dolibarr ERP CRM 10.0.1 and classified as critical . The impacted element is an unknown function of the file card.php of the component HTTP POST Request Handler . Performing a manipulation of the argument actioncode/demand_reason_id/availability_id results in sql...

Read Full Article →

A vulnerability, which was classified as critical , was found in Digit-Rs Digit Centris ERP . The affected element is an unknown function of the file /korisnikinfo.php of the component HTTP POST Request Handler . Such manipulation of the argument datum1/datum2/KID/PID leads to sql injection. This...

Read Full Article →

A vulnerability, which was classified as critical , has been found in edlangley inventory-webapp . Impacted is an unknown function of the file add-item.php of the component GET Parameter Handler . This manipulation of the argument name/description/quantity/cat_id causes sql injection. This vulner...

Read Full Article →

A vulnerability classified as critical was found in Dolibarr ERP CRM 10.0.1 . This issue affects some unknown processing of the component HTTP POST Request Handler . The manipulation of the argument elemid results in sql injection. This vulnerability is known as CVE-2019-25452 . It is possible to...

Read Full Article →

A vulnerability described as problematic has been identified in a466350665 Smart-SSO up to 2.1.1 . This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page . Executing a manipulation can...

Read Full Article →

A vulnerability marked as problematic has been reported in a466350665 Smart-SSO up to 2.1.1 . Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login . Performing a manipulation of the argument redirectUri re...

Read Full Article →

A vulnerability labeled as critical has been found in datapizza-labs datapizza-ai 0.0.2 . Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py . Such manipulation leads to deserialization. This vulnerability is documented as...

Read Full Article →

A vulnerability identified as critical has been detected in datapizza-labs datapizza-ai 0.0.2 . Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler . This manipulation of the argument Prompt causes i...

Read Full Article →

A vulnerability categorized as critical has been discovered in Cesanta Mongoose up to 7.20 . This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler . The manipulation results in improper verification of cryptogra...

Read Full Article →

A vulnerability was found in Cesanta Mongoose up to 7.20 . It has been rated as problematic . This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler . The manipulation leads to improper verification of source of a communication channel. This ...

Read Full Article →

A vulnerability was found in Cesanta Mongoose up to 7.20 . It has been declared as problematic . The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler . Executing a manipulation of the argument random can lead to insufficiently random...

Read Full Article →

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9 . It has been classified as problematic . The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module . Performing a manipulation of the argument Title results...

Read Full Article →

A vulnerability was found in higuma web-audio-recorder-js 0.1/0.1.1 and classified as problematic . Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling . Such manipulation leads to improperly controlled modification of object prototype a...

Read Full Article →

A vulnerability has been found in Jinher OA C6 up to 20260210 and classified as critical . This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx . This manipulation of the argument id/offsnum causes sql injection. The identification of this ...

Read Full Article →

A vulnerability, which was classified as critical , was found in D-Link DWR-M960 1.01.07 . This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint . The manipulation of the argument submit-url results in stack-...

Read Full Article →

A vulnerability, which was classified as critical , has been found in D-Link DWR-M960 1.01.07 . This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint . The manipulation of the argument submit-url leads to stack-based buffer overflo...

Read Full Article →

A vulnerability classified as critical was found in D-Link DWR-M960 1.01.07 . Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s . Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2026-...

Read Full Article →

A vulnerability marked as problematic has been reported in qinming99 dst-admin up to 1.5.0 . This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler . This manipulation causes denial of service. This vulne...

Read Full Article →

A vulnerability labeled as critical has been found in qinming99 dst-admin up to 1.5.0 . This affects the function revertBackup of the file /home/restore . The manipulation of the argument Name results in command injection. This vulnerability is reported as CVE-2026-2956 . The attack can be launch...

Read Full Article →

A vulnerability identified as problematic has been detected in Conditional CAPTCHA Plugin up to 4.0.0 on WordPress. The impacted element is an unknown function. The manipulation leads to open redirect. This vulnerability is documented as CVE-2026-1369 . The attack can be initiated remotely. There...

Read Full Article →

In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters . Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mapping...

Read Full Article →

A vulnerability categorized as critical has been discovered in The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress. The affected element is an unknown function of the component AJAX Handler . Executing a manipulation of the argument email_data can lead to insufficient verification of da...

Read Full Article →

A vulnerability was found in Dromara UJCMS 10.0.2 . It has been rated as critical . Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController . Performing a manipulation of the argument driverClassName/url results in inject...

Read Full Article →

A vulnerability was found in Dromara UJCMS 101.2 . It has been declared as critical . This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler . Such manipulation leads to path traversal. This vulnerability is listed as CVE-202...

Read Full Article →

A vulnerability was found in Vaelsys 4.1.0 . It has been classified as critical . This vulnerability affects unknown code of the file /tree/tree_server.php of the component HTTP POST Request Handler . This manipulation of the argument xajaxargs causes os command injection. This vulnerability is t...

Read Full Article →

A vulnerability was found in rymcu forest up to 0.0.5 and classified as problematic . This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler . The manipulation results in cross site scripting...

Read Full Article →

A vulnerability has been found in rymcu forest up to 0.0.5 and classified as problematic . Affected by this issue is the function XssUtils.replaceHtmlCode of the file src/main/java/com/rymcu/forest/util/XssUtils.java of the component Article Content/Comments/Portfolio . The manipulation leads to ...

Read Full Article →

A vulnerability, which was classified as critical , was found in JeecgBoot 3.9.0 . Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp . Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The identification of t...

Read Full Article →

A vulnerability, which was classified as critical , has been found in Tosei Online Store Management System ネット店舗管理システム 1.01 . Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler . Performing a manipulation of the argument DevId results in os...

Read Full Article →

A vulnerability classified as problematic was found in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318 . This impacts an unknown function of the file index.php . Such manipulation of the argument Error leads to cross site scripting. This vulnerability is uniqu...

Read Full Article →

A vulnerability classified as critical has been found in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b . This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the component URL Handler . This manipulation causes out-of-bounds write. This...

Read Full Article →

A vulnerability described as problematic has been identified in itsourcecode Student Management System 1.0 . The impacted element is an unknown function of the file /add_student/ of the component Add Student Module . The manipulation results in cross site scripting. This vulnerability is known as...

Read Full Article →

A vulnerability labeled as problematic has been found in OpenClaw up to 2026.2.18 . Impacted is an unknown function of the component ACP Bridge . Executing a manipulation can lead to resource consumption. This vulnerability appears as CVE-2026-27576 . The attack requires local access. There is no...

Read Full Article →

A vulnerability identified as critical has been detected in ellite Wallos up to 4.6.0 . This issue affects the function getLogoFromUrl . Performing a manipulation results in server-side request forgery. This vulnerability is reported as CVE-2026-27479 . The attack is possible to be carried out re...

Read Full Article →

A vulnerability categorized as critical has been discovered in oneuptime up to 10.0.4 . This vulnerability affects unknown code. Such manipulation leads to code injection. This vulnerability is documented as CVE-2026-27574 . The attack can be executed remotely. There is not any exploit available....

Read Full Article →

A vulnerability was found in OpenClaw up to 2026.2.13 on macOS. It has been declared as critical . Affected by this issue is some unknown functionality of the component Claude CLI Keychain Credential Refresh Path Handler . The manipulation results in os command injection. This vulnerability is ca...

Read Full Article →

A vulnerability was found in OpenClaw up to 2026.2.13 . It has been classified as problematic . Affected by this vulnerability is an unknown functionality of the component CLI . The manipulation leads to unverified ownership. This vulnerability is listed as CVE-2026-27486 . The attack must be car...

Read Full Article →

A vulnerability was found in OpenClaw up to 2026.2.18 and classified as critical . Affected is the function fetch of the file src/gateway/server-cron.ts . Executing a manipulation can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-27488 . The attack can be launched...

Read Full Article →

A vulnerability has been found in ray-project ray up to 2.53.x and classified as problematic . This impacts an unknown function of the component DELETE Endpoint . Performing a manipulation results in declaration of catch for generic exception. This vulnerability is identified as CVE-2026-27482 . ...

Read Full Article →

A vulnerability, which was classified as critical , was found in OpenClaw up to 2026.2.18 . This affects an unknown function of the file skills/skill-creator/scripts/package_skill.py . Such manipulation leads to symlink following. This vulnerability is referenced as CVE-2026-27485 . The attack ca...

Read Full Article →

A vulnerability, which was classified as problematic , has been found in OpenClaw up to 2026.2.17 . The impacted element is an unknown function of the component Request Parameter Handler . This manipulation causes missing authorization. The identification of this vulnerability is CVE-2026-27484 ....

Read Full Article →

A vulnerability classified as problematic was found in karnop realtime-collaboration-platform up to master . The affected element is an unknown function of the component Appwrite Project . The manipulation results in origin validation error. This vulnerability was named CVE-2026-27579 . The attac...

Read Full Article →

A vulnerability classified as problematic has been found in static-web-server Static Web Server up to 2.40.x . Impacted is an unknown function. The manipulation leads to observable response discrepancy. This vulnerability is uniquely identified as CVE-2026-27480 . The attack is possible to be car...

Read Full Article →

Introduction

Read Full Article →

Marianne Kolbasuk McGee reports: U.S. federal authorities and industry officials are urging hospitals and clinics to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a corporate network. The U...

Read Full Article →

Regular readers of my companion privacy-oriented site, PogoWasRight.org, may recall that the site recently noted The Data Broker Directory: Who has your data, where they got it, and who they sell it to by Codamail’s Stephen K. Gielda of Packetderm. Instead of taking a well-deserved break after al...

Read Full Article →

Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download.

Read Full Article →

In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt . The data included 431k unique email addresses along with names, phone numbers and physical addresses.

Read Full Article →

The UK government has launched a new cybersecurity campaign aimed at small and medium-sized businesses urging them to “lock the door” on cyber criminals as digital threats escalate. The initiative — backed by the National Cyber Security Centre (NCSC) and the Department for Science, Innovation & T...

Read Full Article →

Hopefully Meta really will file this in the "just because we can do it doesn't mean we should" drawer.

Read Full Article →

Could America turn off Europe's internet? That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B...

Read Full Article →

Overview Rapid7 Labs conducted a zero-day research project against the Grandstream GXP1600 series of Voice over Internet Protocol (VoIP) phones. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-2329. A remote attacker can le...

Read Full Article →

Phishers are using fake Google Forms pages hosted on lookalike domains to trick job seekers into handing over their Google credentials.

Read Full Article →

GrayCharlie turns compromised WordPress sites into malware delivery machines. Discover how this threat actor chains fake browser updates and ClickFix lures to deploy NetSupport RAT, Stealc, and SectopRAT.

Read Full Article →

Malwarebytes Scam Guard is now on Windows and Mac, bringing AI-powered scam detection to your desktop.

Read Full Article →

Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.

Read Full Article →

This morning, I received an interesting phishing email. I&#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x99;ve a &#;x26;#;xe2;&#;x26;#;x80;&#;x26;#;x9c;love &#;x26; hate&#;x26;#;xe2;&#;x26;#;x80;&#;x9d; relation with such emails because I always have the impression to lose time when reviewing them but someti...

Read Full Article →

In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly . The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically car...

Read Full Article →

Patch your Chrome browser! Google has issued a security update to address a serious security flaw that hackers are already exploiting. “The Stable channel has been updated to 145.0.7632.75/76 for Windows/Mac and 144.0.7559.75 for Linux, which will roll out over the coming days/weeks,” the Chrome ...

Read Full Article →