Aggregator

Naar de Nederlandse wapeninzet tegen een ISIS bommenfabriek in 2015 in het Iraakse Hawija zijn aanvullende onderzoeken gedaan. Minister Ruben Brekelmans heeft de uitkomsten vandaag gedeeld met de Tweede Kamer.

A new phishing campaign has been observed delivering an updated variant of XWorm, a Remote Access Trojan (RAT) that can give attackers full remote control of infected Microsoft Windows systems. First tracked in 2022, XWorm is still actively distributed and is often traded through Telegram-based marketplaces, keeping it within easy reach of many threat actors. […]

The post New XWorm RAT Campaign Uses Themed Phishing Lures and CVE‑2018‑0802 Excel Exploit to Evade Detection appeared first on Cyber Security News.

Авиационные регуляторы начали проверку ИТ-подрядчиков после инцидента.

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes.

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX

AI-driven crypto scams surge as cybercrime hits $17B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses.

Израильские спецслужбы задержали военных трейдеров-инсайдеров.

AI enables material handling systems to adapt to demand volatility through predictive design, dynamic control, and smarter maintenance without replacing core engineering.

关键词数据安全当欧盟以《数字市场法案》（DMA）强制要求苹果开放侧载、支持第三方支付之际，英国却走出了一条截然

关键词数据泄露总部位于荷兰的电信运营商 Odido 披露，其客户联络系统遭到未授权访问，约 620 万名用户的

关键词违法犯罪近日，浙江温州苍南县警方在“净网2025”专项行动中侦破一起破坏计算机信息系统案，打掉一条“收机

关键词网络攻击2026 年 2 月，运行飞牛私有云系统 fnOS 的 NAS 设备被大规模卷入 Netdrag

McKinsey Reveals How Top Performing Firms Are Redefining Tech Leadership
Before artificial intelligence dominated every technology conversation, the successful CIO focused on keeping business systems up and running while keeping costs in line. But in 2026, the picture is changing, according to McKinsey's Global Tech Agenda 2026.

Review Finds Access Control, Incident Response Gaps for 2 DHHS Data Repositories
A lack of access controls, poor record request handling, weak incident response plans and other security deficiencies related to two critical data repositories are potentially putting millions of Utahans sensitive personal and health information at risk, said a state audit report.

AI Agents Target Anti-Money Laundering at Major Global Banks, Cut Manual Probes
Bretton AI has raised $75 million in Series B funding led by Sapphire Ventures to scale AI agents for anti-money laundering sanctions and KYC compliance. CEO Will Lawrence says the company is targeting large banks with automation designed to reduce manual investigations and improve auditability.

Also: Spanish Hacker Granted Russian Asylum, Microsoft Patches Zero-Days
This week, a CISA warning, Nest footage in Nancy Guthrie case, Signal phishing. Spanish hacker, Russian asylum. Spanish ministry services offline. BYOVD ransomware. The Conduent breach hit Volvo. Microsoft patched zero-days. ZeroDayRAT targeted devices. The SmarterMail breach. Another Fortinet flaw.

Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to […]

Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel,” Ryan Dewhurst, Head of Threat Intelligence at watchTowr, confirmed on Thursday. Rapid7 researchers published a technical analysis and proof-of-concept (PoC) exploit for CVE-2026-1731 on Tuesday, Feb. 10. Defused Cyber and GreyNoise have also detected widespread reconnaissance and limited exploitation activity. “So far … More →

The post Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731) appeared first on Help Net Security.

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community. Let’s start with the original