Cybersecurity Center

Cybersecurity News

  • AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries (Saturday February 21, 2026)
    A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate (HackerNews)
  • Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning (Saturday February 21, 2026)
    Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted (HackerNews)
  • CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog (Saturday February 21, 2026)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code (HackerNews)
  • EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security (Saturday February 21, 2026)
    With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI Credential Suite, (HackerNews)
  • ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA (Friday February 20, 2026)
    Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses. (KrebsOnSecurity)
  • BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration (Friday February 20, 2026)
    Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the (HackerNews)
  • Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems (Friday February 20, 2026)
    In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI (HackerNews)
  • ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware (Friday February 20, 2026)
    Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage (HackerNews)
  • Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026 (Friday February 20, 2026)
    With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.  For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are (HackerNews)
  • Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case (Friday February 20, 2026)
    A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land (HackerNews)
  • FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 (Friday February 20, 2026)
    The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025. The agency said 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 took place last year. In December 2025, the U.S. Department of Justice (DoJ) said about $40.73 million has been collectively (HackerNews)
  • Former Google Engineers Indicted Over Trade Secret Transfers to Iran (Friday February 20, 2026)
    Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor Ghandali, 32, have been accused (HackerNews)
  • PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence (Thursday February 19, 2026)
    Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots, (HackerNews)
  • INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown (Thursday February 19, 2026)
    An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January 30, 2026, according to INTERPOL. It targeted infrastructure and actors behind high-yield investment (HackerNews)
  • Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center (Thursday February 19, 2026)
    Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a (HackerNews)
  • ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories (Thursday February 19, 2026)
    The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about exposure, response, and preparedness right now (HackerNews)
  • From Exposure to Exploitation: How AI Collapses Your Response Window (Thursday February 19, 2026)
    We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a "temporary" API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle. In 2026, “Eventually” is Now But today, within minutes, AI-powered (HackerNews)
  • Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users (Thursday February 19, 2026)
    Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications. "This new threat, while (HackerNews)
  • CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware (Thursday February 19, 2026)
    Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran's ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan (RAT) and (HackerNews)
  • Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody (Wednesday February 18, 2026)
    New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at the University of Toronto's Munk School of Global Affairs & Public (HackerNews)
  • Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution (Wednesday February 18, 2026)
    Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow that could result in remote code (HackerNews)
  • Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs (Wednesday February 18, 2026)
    Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and (HackerNews)
  • Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability (Wednesday February 18, 2026)
    In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state of continuous atmospheric instability: AI-driven threats that adapt in real time, expanding (HackerNews)
  • Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024 (Wednesday February 18, 2026)
    A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials (HackerNews)
  • 3 Ways to Start Your Intelligent Workflow Program (Wednesday February 18, 2026)
    Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers cite freeing time for high-value work as the primary AI automation motivation. Real impact comes (HackerNews)
  • Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware (Wednesday February 18, 2026)
    Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design that aims to make the update process "robust and effectively unexploitable." This includes verification (HackerNews)
  • CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update (Wednesday February 18, 2026)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap (HackerNews)
  • Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster (Tuesday February 17, 2026)
    Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally (HackerNews)
  • Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies (Tuesday February 17, 2026)
    Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok (HackerNews)
  • Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates (Tuesday February 17, 2026)
    A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase. (HackerNews)
  • SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer (Tuesday February 17, 2026)
    Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health data – and built a deceptive (HackerNews)
  • My Day Getting My Hands Dirty with an NDR System (Tuesday February 17, 2026)
    My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). Corelight’s Investigator software, part of its Open NDR Platform, is (HackerNews)
  • Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations (Tuesday February 17, 2026)
    New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning (SEO). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant (HackerNews)
  • Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta (Tuesday February 17, 2026)
    Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "End-to-end encryption is in beta and is not available for all (HackerNews)
  • Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens (Monday February 16, 2026)
    Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [ (HackerNews)
  • Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers (Monday February 16, 2026)
    A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said. (HackerNews)
  • Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware (Monday February 16, 2026)
    This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path (HackerNews)
  • Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud (Monday February 16, 2026)
    Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as Lithuania, as well. From e-signatures to digital health records, the country depends on secure systems.  Cybersecurity has become not only a technical challenge but a societal one – demanding (HackerNews)
  • New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft (Monday February 16, 2026)
    Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware (HackerNews)
  • New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released (Monday February 16, 2026)
    Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after (HackerNews)
  • Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging (Sunday February 15, 2026)
    Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslookup" (short for nameserver lookup) command to execute a custom DNS lookup triggered via the Windows (HackerNews)
  • Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs (Friday February 13, 2026)
    A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and (HackerNews)
  • Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations (Friday February 13, 2026)
    Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant's threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense (HackerNews)
  • UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors (Friday February 13, 2026)
    A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick (HackerNews)
  • Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History (Friday February 13, 2026)
    Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes. (HackerNews)
  • npm’s Update to Harden Their Supply Chain, and Points to Consider (Friday February 13, 2026)
    In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community. Let’s start with the original (HackerNews)
  • Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability (Friday February 13, 2026)
    Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing (HackerNews)
  • Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support (Thursday February 12, 2026)
    Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. "The (HackerNews)
  • Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems (Thursday February 12, 2026)
    Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active since May 2025. " (HackerNews)
  • ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories (Thursday February 12, 2026)
    Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise (HackerNews)
  • The CTEM Divide: Why 84% of Security Programs Are Falling Behind (Thursday February 12, 2026)
    A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point (HackerNews)
  • Kimwolf Botnet Swamps Anonymity Network I2P (Wednesday February 11, 2026)
    For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers. (KrebsOnSecurity)
  • Patch Tuesday, February 2026 Edition (Tuesday February 10, 2026)
    Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild. (KrebsOnSecurity)
  • Please Don’t Feed the Scattered Lapsus ShinyHunters (Monday February 02, 2026)
    A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More » (KrebsOnSecurity)
  • Who Operates the Badbox 2.0 Botnet? (Monday January 26, 2026)
    The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that. (KrebsOnSecurity)
  • Kimwolf Botnet Lurking in Corporate, Govt. Networks (Tuesday January 20, 2026)
    A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks. (KrebsOnSecurity)
  • Patch Tuesday, January 2026 Edition (Wednesday January 14, 2026)
    Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today. (KrebsOnSecurity)
  • Who Benefited from the Aisuru and Kimwolf Botnets? (Thursday January 08, 2026)
    Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf's spread. (KrebsOnSecurity)
  • The Kimwolf Botnet is Stalking Your Local Network (Friday January 02, 2026)
    The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date. (KrebsOnSecurity)
  • Happy 16th Birthday, KrebsOnSecurity.com! (Monday December 29, 2025)
    KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.