Author: Andy Stern
-
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
-
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
-
Check Point Buys 3 Startups to Bolster AI Security
Early-Stage Startup Acquisitions Add Agent Visibility, Asset Management, MSP Tools. Check Point is accelerating its AI security and exposure management strategy with three acquisitions targeting agentic AI, internal asset attack surface management and MSP-focused unified management. The company says the deals strengthen platform consolidation and automated remediation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/check-point-buys-3-startups-to-bolster-ai-security-a-30752
-
New threat actor UAT-9921 deploys VoidLink against enterprise sectors
A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial organizations, Cisco Talos reports. Cisco Talos spotted a previously unknown threat actor, tracked as UAT-9921, using a new modular attack framework called VoidLink. The group targets organizations in the technology and financial services sectors. The flexible design of VoidLink suggests…
-
Texas AG Investigating Conduent, BCBS Texas in Hack
Will the Back-Office Services’ Firm Incident Shatter US Data Breach Records?. The Texas attorney general office has launched an investigation into the Conduent Business Services hacking incident, which affected about 15.5 million Texans, including about 4 million Blue Cross Blue Shield of Texas members. Will the nationwide victim tally shatter data breach records in the…
-
NDSS 2025 Automated Mass Malware Factory
Session 12B: Malware Authors, Creators & Presenters: Heng Li (Huazhong University of Science and Technology), Zhiyuan Yao (Huazhong University of Science and Technology), Bang Wu (Huazhong University of Science and Technology), Cuiying Gao (Huazhong University of Science and Technology), Teng Xu (Huazhong University of Science and Technology), Wei Yuan (Huazhong University of Science and Technology),…
-
Survey: Most Security Incidents Involve Identity Attacks
A survey of 512 cybersecurity professionals finds 76% report that over half (54%) of the security incidents that occurred in the past 12 months involved some issue relating to identity management. Conducted by Permiso Security, a provider of an identity security platform, the survey also finds 95% are either very confident (52%) or somewhat confident..…
-
Can AI Ads Pay the Bills?
OpenAI Tests Promos, Anthropic Rejects Them Amid Rising Compute Costs. OpenAI has a problem: Most users don’t pay for access to ChatGPT. The company is now doing what almost every Silicon Valley company before it has done and turning to digital advertising. Whether ads can bridge OpenAI’s well-documented revenue gap without users fleeing is another…
-
News brief: Ransomware trends show new twists to old game
Tags: ransomwareCheck out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366638743/News-brief-Ransomware-trends-show-new-twists-to-old-game
-
260K Users Exposed in AI Extension Scam
Fake AI Chrome extensions exposed 260,000 users by using remote iframes to extract data and maintain persistent access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/260k-users-exposed-in-ai-extension-scam/
-
Can AI Ads Pay the Bills?
OpenAI Tests Promos, Anthropic Rejects Them Amid Rising Compute Costs. OpenAI has a problem: Most users don’t pay for access to ChatGPT. The company is now doing what almost every Silicon Valley company before it has done and turning to digital advertising. Whether ads can bridge OpenAI’s well-documented revenue gap without users fleeing is another…
-
Fintech lending giant Figure confirms data breach
The company said hackers downloaded “a limited number of files” after breaking into an employee’s account. The hacking group ShinyHunters took responsibility for the breach. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/13/fintech-lending-giant-figure-confirms-data-breach/
-
Zero-Days, Shadow AI, and Stealth Tactics Define This Week in Cybersecurity
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/zero-days-shadow-ai-and-stealth-tactics-define-this-week-in-cybersecurity/
-
AI agent seemingly tries to shame open source developer for rejected pull request
Belligerent bot bullies maintainer in blog post to get its way First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/ai_bot_developer_rejected_pull_request/
-
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
-
Malicious Chrome Extensions Hijack 500,000 VK Accounts in Stealth Campaign
Malicious Chrome extensions hijacked over 500K VK accounts using multi-stage payloads and stealthy persistence techniques. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-chrome-extensions-hijack-500000-vk-accounts-in-stealth-campaign/
-
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
-
Sex toys maker Tenga says hacker stole customer information
The Japanese sex toy maker said a hacker broke into an employee’s inbox and stole customer names, email addresses, and correspondence, including order details and customer service inquiries. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/13/sex-toys-maker-tenga-says-hacker-stole-customer-information/
-
Alert: ‘Severe Cyberthreat’ to Critical Infrastructure
Develop ‘Strong Resilience and Recovery Plans,’ Urges UK Cybersecurity Agency. Following Poland’s energy grid being targeted by Russian nation-state attackers, Britain has issued a severe cyberthreat alert to its domestic critical national infrastructure operators, urging them to refine their defensive and resilience posture ahead of any unexpected escalation in targeting. First seen on govinfosecurity.com Jump…
-
New NCSC-Led OT Security Guidance for Nuclear Reactors
Four Principles Positioning the Nuclear Ecosystem for Long-Term Cyber Resilience OT weaknesses are compounding across utilities, with 22% of critical infrastructure firms reporting OT incidents and external access driving half of breaches. U.K. NCSC’s new guidance outlines connectivity principles that utilities can embed to avoid costly retrofits and compliance issues. First seen on govinfosecurity.com Jump…
-
1,800+ Windows Servers Hit by BADIIS SEO Malware
Over 1,800 Windows IIS servers were compromised by BADIIS malware in a stealthy global SEO poisoning campaign. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/1800-windows-servers-hit-by-badiis-seo-malware/
-
Münchner Sicherheitskonferenz: Schwarz Digits und BSI bauen geheime Cloud
Schwarz Digits baut mit dem BSI Clouds für die öffentliche Verwaltung, um das bestehende Vendor Lock-in zu beenden. Es soll bis zur Stufe Geheim gehen. First seen on golem.de Jump to article: www.golem.de/news/muenchner-sicherheitskonferenz-schwarz-digits-und-bsi-bauen-geheime-cloud-2602-205408.html
-
Why PAM Implementations Struggle
Privileged Access Management (PAM) is widely recognized as a foundational security control for Zero Trust, ransomware prevention, and compliance with frameworks such as NIST, ISO 27001, and SOC 2. Yet despite heavy investment, many organizations struggle to realize the promised value of PAM. Projects stall, adoption remains low, and security teams are left managing complex systems that deliver limited risk reduction. ……
-
Attackers finally get around to exploiting critical Microsoft bug from 2024
As if admins haven’t had enough to do this week First seen on theregister.com Jump to article: www.theregister.com/2026/02/13/critical_microsoft_bug_from_2024/
-
Valentine’s Day: Cyber Experts Heed Caution When Looking For Love (and Gifts) Online
Ahead of Valentine’s Day, cybersecurity experts are warning consumers to be cautious online, whether they’re looking for love or trying to grab a last minute gift. Why do scams increase around Valentine’s Day? Anne Cutler, Cybersecurity Expert at Keeper Security, notes: >>Valentine’s Day is one of the easiest moments of the year for romance scams…
-
Ransomware Groups Claimed 2,000 Attacks in Just Three Months
Ransomware attacks surged 52% in 2025, with supply chain breaches nearly doubling as groups like Qilin drive record monthly incidents worldwide. The post Ransomware Groups Claimed 2,000 Attacks in Just Three Months appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ransomware-attacks-surge-2025/
-
Space emerges as new front in great power competition, officials warn
Tags: vulnerabilitySpace looks increasingly like the next arena of great power competition, crowded with satellites, vulnerable to disruption, and governed by rules written for a far simpler age. First seen on therecord.media Jump to article: therecord.media/space-cybersecurity-new-front-war
-
Researchers unearth 30-year-old vulnerability in libpng library
Tags: advisory, ai, cvss, exploit, flaw, network, open-source, ransomware, software, threat, tool, update, vulnerability, zero-daypng_set_quantize, which is used for reducing the number of colors in PNG images, and present in all versions of libpng prior to version 1.6.55.”When the function is called with no histogram and the number of colours in the palette is more than twice the maximum supported by the user’s display, certain palettes will cause the…