Interesting research: “CHAI: Command Hijacking Against Embodied AI.” Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce...

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware. [...]

Smug faces across all those who opposed the WordPad-ification of Microsoft's humble text editor Just months after Microsoft added Markdown support to Notepad, researchers have found the feature...

The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.

UK government grilled over progress made to prevent a second life-threatening leak Legacy IT issues are hampering key technical measures designed to prevent highly sensitive data leaks, UK...

EPIC writes: A strong comprehensive privacy bill passed the Maine House of Representatives today. The bill, LD 1822, closely mirrors the privacy law Maryland passed in 2024 and would extend...

Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.

Discover how Autonomous Threat Operations reduces 27 manual steps to as few as 5 largely automated ones, delivering the speed, scale, and effectiveness that the modern threat landscape demands.

Microsoft has released its monthly security update for February 2026, which includes 55 vulnerabilities affecting a range of products, including one (CVE-2025-59498) that Microsoft marked as “Critical”.

The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're...

Explore the tools Unit 42 found on a Muddled Libra rogue host. Learn how they target domain controllers and use search engines to aid their attacks. The post A Peek Into Muddled Libra’s...

Roses are red, violets are blue ... now get patching What better way to say I love you than with an update? Attackers exploited a whopping six Microsoft bugs as zero-days prior to Redmond...

Intel security advisory (AV26-112)

Ivanti security advisory (AV26-113)

HPE security advisory (AV26-110)

Microsoft security advisory – February 2026 monthly rollup (AV26-111)

Microsoft has announced Windows 11 26H1, but it's not for existing PCs. Instead, it will ship on devices with Snapdragon X2 processors and possibly other rumored ARM chips.w [...]

Kwon Soon-wan reports: The Democratic Party of Korea and the government are pushing for a bill that would hold companies liable for damages in personal information leaks even in the absence of...

Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release. The post Microsoft Patch Tuesday...

Fortinet security advisory (AV26-109)

Rapid7 security advisory (AV26-108)

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense...

Cybersecurity policies require that cyber incidents be identified as such. Cyber incident response plans are then initiated after incidents are identified as being cyber-related. To meet those...

LevelBlue SpiderLabs’ Cyber Threat Intelligence Team investigated the ongoing supply-chain compromise affecting Notepad++, a widely used open-source text editor.

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around...

A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations. [...]

Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn AI agents can shop for you, program for you, and, if you're feeling bold, chat for you in a messaging...

SAP security advisory – February 2026 monthly rollup (AV26-107)

WhiteHatMage was in the top 3 on both Immunefi and HackenProof for web3 bug bounties last year. This post explains how they identify projects and the realities of finding vulnerabilities in live...

North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector. [...]