TECHZONE™

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware https://thehackernews.com/2026/02/crescentharvest-campaign-targets-iran.html Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran's ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan (RAT) and

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody https://thehackernews.com/2026/02/citizen-lab-finds-cellebrite-tool-used.html New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at the University of Toronto's Munk School of Global Affairs & Public

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution https://thehackernews.com/2026/02/grandstream-gxp1600-voip-phones-exposed.html Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow that could result in remote code

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and

Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability https://thehackernews.com/2026/02/cybersecurity-tech-predictions-for-2026.html In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state of continuous atmospheric instability: AI-driven threats that adapt in real time, expanding

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024 https://thehackernews.com/2026/02/dell-recoverpoint-for-vms-zero-day-cve.html A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials

3 Ways to Start Your Intelligent Workflow Program https://thehackernews.com/2026/02/3-ways-to-start-your-intelligent.html Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers cite freeing time for high-value work as the primary AI automation motivation. Real impact comes

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware https://thehackernews.com/2026/02/notepad-fixes-hijacked-update-mechanism.html Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design that aims to make the update process "robust and effectively unexploitable." This includes verification

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update https://thehackernews.com/2026/02/cisa-flags-four-security-flaws-under.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap

Is it OK to let your children post selfies online? https://www.welivesecurity.com/en/kids-online/children-selfies-online/ When it comes to our children’s digital lives, prohibition rarely works. It’s our responsibility to help them build a healthy relationship with tech.

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies https://thehackernews.com/2026/02/researchers-show-copilot-and-grok-can.html Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok

Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates https://thehackernews.com/2026/02/keenadu-firmware-backdoor-infects.html A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware build phase.

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer https://thehackernews.com/2026/02/smartloader-attack-uses-trojanized-oura.html Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health data – and built a deceptive

Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster https://thehackernews.com/2026/02/cloud-forensics-webinar-learn-how-ai.html Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally

My Day Getting My Hands Dirty with an NDR System https://thehackernews.com/2026/02/my-day-getting-my-hands-dirty-with-ndr.html My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldn’t otherwise?Am I ready to be a network security analyst now? My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (

Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations https://thehackernews.com/2026/02/microsoft-finds-summarize-with-ai.html New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning (AI). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta https://thehackernews.com/2026/02/apple-tests-end-to-end-encrypted-rcs.html Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "End-to-end encryption is in beta and is not available for all

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers https://thehackernews.com/2026/02/study-uncovers-25-password-recovery.html A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said.

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware https://thehackernews.com/2026/02/weekly-recap-outlook-add-ins-hijack-0.html This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path