Author: Andy Stern
-
Russia Hacked the Polish Electricity Grid. Now What?
Stymied Attack Leaves Poland No Good Options in Responding to Provocation. Poland’s online defenses stopped a Russian cyberattack against the energy grid, but now the Warsaw government is in a bind about how to respond to a digital assault that was a lot more than a crime, but a sliver less than an act of…
-
‘Encrypt It Already’ Campaign Pushes Big Tech to Prioritize E2E Encryption
The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption (E2E) by default across their services, as privacy concerns mount amid increased AI use. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/encrypt-it-already-pushes-big-tech-e2e-encryption
-
Senator, who has repeatedly warned about secret US government surveillance, sounds new alarm over ‘CIA activities’
The two-line letter to the CIA’s director is the latest warning in recent years from a long-serving Democratic senator with knowledge of secret government programs and intelligence operations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/06/senator-who-has-repeatedly-warned-about-secret-u-s-government-surveillance-sounds-new-alarm-over-cia-activities/
-
Microsoft Starts Testing Built-In Sysmon Monitoring in Windows 11
Microsoft is rolling out native Sysmon support in Windows 11 Insider builds, giving security teams built-in system monitoring with optional activation. The post Microsoft Starts Testing Built-In Sysmon Monitoring in Windows 11 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-11-native-sysmon-support/
-
Bug Hunting With LLMs: Expert Tool Seeks More ‘True’ Flaws
Open Source ‘Vulnhalla’ Promises ‘Up to 96% Reduction in False Positives’. Using large language models to automatically identify only real code vulnerabilities – not false positives – remains a holy grail. Eschewing a moonshot approach, a tool called Vulnhalla helps senior researchers use guided questioning with LLMs to more rapidly triage actual vulnerabilities. First seen…
-
Senator, who has repeatedly warned about secret U.S. government surveillance, sounds new alarm over ‘CIA activities’
The two-line letter to the CIA’s director is the latest warning in recent years from a long-serving Democratic senator with knowledge of secret government programs and intelligence operations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/06/senator-who-has-repeatedly-warned-about-secret-u-s-government-surveillance-sounds-new-alarm-over-cia-activities/
-
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dknife-linux-toolkit-hijacks-router-traffic-to-spy-deliver-malware/
-
Encrypt It Already Campaign Pushes Big Tech to Prioritize E2E Encryption
The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption by default across their services, as privacy concerns mount amid increased AI use. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/encrypt-it-already-pushes-big-tech-e2e-encryption
-
Chinese-Made Malware Kit Targets Chinese-Based Routers and Edge Devices
DKnife is a Chinese made malware framework that targets Chinese-based users First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-malware-kit-targets-routers/
-
Who’s Liable When Embedded AI Goes Wrong?
Privacy Expert Chiara Rustici on Laws Governing Autonomous Robots, Embedded AI. As embedded AI moves from labs into real environments, organizations face growing liability risks. From border patrol robots to healthcare automation, leaders must understand how AI governance, product liability, data protection and security laws apply, said Chief Privacy Officer Chiara Rustici. First seen on…
-
Attackers Used AI to Breach an AWS Environment in 8 Minutes
Threat actors using LLMs needed only eight minutes to move from initial access to full admin privileges in an attack on a company’s AWS cloud environment in the latest example of cybercriminals expanding their use of AI in their operations, Sysdig researchers said. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/attackers-used-ai-to-breach-an-aws-environment-in-8-minutes/
-
CISA warns of SmarterMail RCE flaw used in ransomware attacks
Tags: attack, cisa, cve, cybersecurity, flaw, infrastructure, ransomware, rce, remote-code-executionThe Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks/
-
Flickr emails users about data breach, pins it on 3rd party
Attackers may have snapped user locations and activity information, message warns First seen on theregister.com Jump to article: www.theregister.com/2026/02/06/flickr_emails_users_about_data_breach/
-
OpenClaw’s Gregarious Insecurities Make Safe Usage Difficult
Malicious skills and persnickety configuration settings are just some of the issues that security researchers have found when installing, and removing, the OpenClaw AI assistant. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/openclaw-insecurities-safe-usage-difficult
-
DDoS deluge: Brit biz battered as botnet blitzes break records
UK leaps to sixth in global flood charts as mega-swarm unleashes 31.4 Tbps Yuletide pummeling First seen on theregister.com Jump to article: www.theregister.com/2026/02/06/uk_climbs_up_ddos_hit/
-
EU threatens TikTok with massive fine over addictive design features
Tags: unclassifiedThe preliminary findings follow an investigation that began in February 2024 probing features such as “infinite scroll, autoplay, push notifications, and its highly personalised recommender system,” the European Commission said in a press release. First seen on therecord.media Jump to article: therecord.media/eu-threatens-tiktok-with-fine-over-addictive-features
-
Shai-hulud: The Hidden Cost of Supply Chain Attacks
Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/shai-hulud-hidden-cost-supply-chain-attacks
-
Warnung vor Angriffen: BSI erläutert Phishing-Attacken auf Signal
Das BSI warnt vor Phishing-Kampagnen über den Messenger Signal und erklärt die Methoden der Angreifer. First seen on golem.de Jump to article: www.golem.de/news/warnung-vor-angriffen-bsi-erlaeutert-phishing-attacken-auf-signal-2602-205122.html
-
Illinois man pleads guilty to hacking hundreds of Snapchat accounts to steal nude photos
Kyle Svara of Oswego, Illinois is facing decades in prison after pleading guilty to aggravated identity theft, wire fraud, computer fraud, conspiracy to commit computer fraud and false statements related to child pornography. First seen on therecord.media Jump to article: therecord.media/illinois-man-pleads-guilty-snapchat-nude-photo-hacks
-
Clawdbot / Moltbot: The Autonomous AI Butler That Could Expose Your Entire Digital Life
Tags: aiFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/clawdbot-moltbot-the-autonomous-ai-butler-that-could-expose-your-entire-digital-life
-
ISMG Editors: Notepad++ Supply Chain Attack Raises Alarm
Also: Healthcare Cyber Risks Collide, Varonis Deal Signals AI Security Shift. In this week’s panel, four ISMG editors unpacked the Notepad++ supply-chain compromise, the growing web of cyber risks facing healthcare, and what Varonis’s acquisition of AllTrue.ai tells us about where artificial intelligence security is headed. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-editors-notepad-supply-chain-attack-raises-alarm-a-30695
-
Substack Confirms Data Breach, Limited User Data Compromised
Substack did not specify the number of users affected by the data breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/substack-confirms-data-breach/
-
Microsoft Unveils LiteBox, a Rust-Based Approach to Secure Sandboxing
Microsoft has released LiteBox, an experimental open-source library OS designed to sandbox applications while reducing their exposure to host systems. Written in Rust and published under the MIT license, LiteBox reflects the company’s efforts to upgrade software security as confidential computing gains adoption. LiteBox takes a different path from traditional virtualization or container technologies. Rather..…
-
Fraud Prevention Is a Latency Game
Tags: fraudThere is a time window for every act of online fraud. When a transaction occurs, a fraud system must review it and decide if it’s legitimate before the payment clears or if the account could be compromised. That window happens in a blink, often one-tenth of a second or less. During that time, models must..…
-
Goßangelegter Missbrauch namhafter SaaS-Plattformen für Telefon-Betrug
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies, hat eine groß angelegte Phishing-Kampagne identifiziert, die bekannte SaaS-Dienste von Microsoft, Amazon, Zoom oder Youtube ausnutzt, um ihre Opfer zu betrügerischen Telefonaten zu verleiten. Anstatt Domänen zu fälschen oder bösartige Links zu versenden, missbrauchen Angreifer gezielt legitime Software-as-a-Service-Plattformen, um telefonbasierte Betrugsversuche durchzuführen, die für…
-
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that’s operated by China-nexus threat actors since at least 2019.The framework comprises seven Linux-based implants that are designed to perform deep packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Its primary targets seem to First seen…
-
Flickr Notifies Users of Data Breach After External Partner Security Flaw
Flickr says a third-party email vendor flaw may have exposed user names, emails, IP data, and activity logs,… First seen on hackread.com Jump to article: hackread.com/flickr-data-breach-external-partner-security-flaw/
-
‘Strenge Kontoeinstellungen” – Neue WhatsApp-Einstellungen sollen vor Cybernagriffen schützen
Tags: unclassifiedFirst seen on security-insider.de Jump to article: www.security-insider.de/whatsapp-sicherheitsupdate-strenge-kontoeinstellungen-aktivieren-a-bbc790e6bdaecf34e4298766588d9ea7/
-
Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare
AISURU/Kimwolf botnet hit a record 31.4 Tbps DDoS attack lasting 35 seconds in Nov 2025, which Cloudflare automatically detected and blocked. The AISURU/Kimwolf botnet was linked to a record-breaking DDoS attack that peaked at 31.4 Tbps and lasted just 35 seconds. Cloudflare said the November 2025 incident was part of a surge in hyper-volumetric HTTP…
-
AI Threats, Botnets, and Cloud Exploits Define This Week’s Cyber Risks
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-threats-botnets-and-cloud-exploits-define-this-weeks-cyber-risks/