TECHZONE™

Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries https://thehackernews.com/2026/02/google-disrupts-unc2814-gridtide.html Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration https://thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks https://thehackernews.com/2026/02/slh-offers-5001000-per-call-to-recruit.html The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It https://thehackernews.com/2026/02/top-5-ways-broken-triage-increases.html Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room for real threats to slip through. So where does triage go wrong? Here are five triage

Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware https://thehackernews.com/2026/02/malicious-nuget-packages-stole-aspnet.html Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.

Manual Processes Are Putting National Security at Risk https://thehackernews.com/2026/02/manual-processes-are-putting-national.html Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is a systemic

Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker https://thehackernews.com/2026/02/defense-contractor-employee-jailed-for.html A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars. Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams

SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution https://thehackernews.com/2026/02/solarwinds-patches-4-critical-serv-u.html SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below - CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability https://thehackernews.com/2026/02/cisa-confirms-active-exploitation-of.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure. "Attackers can craft hidden instructions inside a

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware https://thehackernews.com/2026/02/uac-0050-targets-european-financial.html A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities supporting the war-torn nation. The activity, which targeted an unnamed entity involved in regional

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem https://thehackernews.com/2026/02/identity-prioritization-isnt-backlog.html Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of these can perhaps be

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks https://thehackernews.com/2026/02/lazarus-group-uses-medusa-ransomware-in.html The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom's threat intelligence division said it also identified the same threat actors mounting an unsuccessful attack against a healthcare

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors https://thehackernews.com/2026/02/unsolicitedbooker-targets-central-asian.html The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. "The group used several

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model https://thehackernews.com/2026/02/anthropic-says-chinese-ai-firms-used-16.html Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent accounts in violation of its terms

Faking it on the phone: How to tell if a voice call is AI or not https://www.welivesecurity.com/en/business-security/faking-it-phone-how-tell-voice-call-ai/ Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers.

APT28 Targeted European Entities Using Webhook-Based Macro Malware https://thehackernews.com/2026/02/apt28-targeted-european-entities-using.html The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. "The campaign relies on basic tooling and the exploitation of legitimate services

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb https://thehackernews.com/2026/02/wormable-xmrig-campaign-uses-byovd.html Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More https://thehackernews.com/2026/02/weekly-recap-double-tap-skimmers.html Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools

How Exposed Endpoints Increase Risk Across LLM Infrastructure https://thehackernews.com/2026/02/how-exposed-endpoints-increase-risk.html As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the attack surface, often in