TECHZONE™

Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster https://thehackernews.com/2026/02/cloud-forensics-webinar-learn-how-ai.html Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics is fundamentally

My Day Getting My Hands Dirty with an NDR System https://thehackernews.com/2026/02/my-day-getting-my-hands-dirty-with-ndr.html My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldn’t otherwise?Am I ready to be a network security analyst now? My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (

Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations https://thehackernews.com/2026/02/microsoft-finds-summarize-with-ai.html New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning (AI). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant

Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta https://thehackernews.com/2026/02/apple-tests-end-to-end-encrypted-rcs.html Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. "End-to-end encryption is in beta and is not available for all

Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers https://thehackernews.com/2026/02/study-uncovers-25-password-recovery.html A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said.

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware https://thehackernews.com/2026/02/weekly-recap-outlook-add-ins-hijack-0.html This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used side by side, whichever path

Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud https://thehackernews.com/2026/02/safe-and-inclusive-esociety-how.html Presentation of the KTU Consortium Mission ‘A Safe and Inclusive Digital Society’ at the Innovation Agency event ‘Innovation Breakfast: How Mission-Oriented Science and Innovation Programmes Will Address Societal Challenges’. Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft https://thehackernews.com/2026/02/new-zerodayrat-mobile-spyware-enables.html Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released https://thehackernews.com/2026/02/new-chrome-zero-day-cve-2026-2441-under.html Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 (CVSS score: 8.8), has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim has been credited with discovering and reporting the shortcoming on February 11, 2026. "Use after

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslookup" (short for nameserver lookup) command to execute a custom DNS lookup triggered via the Windows

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs https://thehackernews.com/2026/02/google-ties-suspected-russian-actor-to.html A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations https://thehackernews.com/2026/02/google-links-china-iran-russia-north.html Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant's threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes.

npm’s Update to Harden Their Supply Chain, and Points to Consider https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community. Let’s start with the original

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability https://thehackernews.com/2026/02/researchers-observe-in-wild.html Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing

Naming and shaming: How ransomware groups tighten the screws on victims https://www.welivesecurity.com/en/ransomware/naming-shaming-ransomware-groups-tighten-screws-victims/ When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. "The

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active since May 2025. "