TECHZONE™

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP https://thehackernews.com/2026/02/muddywater-targets-mena-organizations.html The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. "No exploitation of FortiGate

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning https://thehackernews.com/2026/02/anthropic-launches-claude-code-security.html Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration https://thehackernews.com/2026/02/beyondtrust-flaw-used-for-web-shells.html Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026 https://thehackernews.com/2026/02/identity-cyber-scores-new-metric.html With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.  For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are

PromptSpy ushers in the era of Android threats using GenAI https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/ ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow

Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case https://thehackernews.com/2026/02/ukrainian-national-sentenced-to-5-years.html A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land

Is Poshmark safe? How to buy and sell without getting scammed https://www.welivesecurity.com/en/scams/poshmark-safe-buy-sell-scammed/ Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches.

FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 https://thehackernews.com/2026/02/fbi-reports-1900-atm-jackpotting.html The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025. The agency said 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 took place last year. In December 2025, the U.S. Department of Justice (DoJ) said about $40.73 million has been collectively

Former Google Engineers Indicted Over Trade Secret Transfers to Iran https://thehackernews.com/2026/02/three-former-google-engineers-indicted.html Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor Ghandali, 32, have been accused

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence https://thehackernews.com/2026/02/promptspy-android-malware-abuses-google.html Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots,

INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown https://thehackernews.com/2026/02/interpol-operation-red-card-20-arrests.html An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January 30, 2026, according to INTERPOL. It targeted infrastructure and actors behind high-yield investment

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to think about exposure, response, and preparedness right now

From Exposure to Exploitation: How AI Collapses Your Response Window https://thehackernews.com/2026/02/from-exposure-to-exploitation-how-ai.html We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a "temporary" API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle. In 2026, “Eventually” is Now But today, within minutes, AI-powered

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users https://thehackernews.com/2026/02/fake-iptv-apps-spread-massiv-android.html Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications. "This new threat, while