TECHZONE™

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills https://thehackernews.com/2026/02/openclaw-integrates-virustotal-scanning.html OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now scanned using VirusTotal's threat intelligence, including their new Code Insight capability,"

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. "The focus is on high-ranking targets in

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday, comes with improved coding skills, including code review and debugging capabilities, along with

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it's part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less visible while impact

The Buyer’s Guide to AI Usage Control https://thehackernews.com/2026/02/the-buyers-guide-to-ai-usage-control.html Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a widening

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we

OfferUp scammers are out in force: Here’s what you should know https://www.welivesecurity.com/en/scams/offerup-scammers-out-force-heres-what-you-should-know/ The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams.

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that

Malicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX

Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.html Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while maintaining a low false positive

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. "The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory

China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications https://thehackernews.com/2026/02/orchid-security-introduces-continuous.html An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations https://thehackernews.com/2026/02/the-first-90-seconds-how-early.html Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry.

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that could be exploited to execute code and exfiltrate sensitive data. The critical vulnerability has been codenamed DockerDash by cybersecurity company Noma Labs. It was addressed by

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html Most security teams today are buried under tools. Too many dashboards. Too much noise. Not enough real progress. Every vendor promises “complete coverage” or “AI-powered automation,” but inside most SOCs, teams are still overwhelmed, stretched thin, and unsure which tools are truly pulling their weight. The result? Bloated stacks, missed signals, and mounting pressure to do more with less. This