Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations
Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise‑wide compromise, as seen in a recent incident affecting…
Month: February 2026
Notepad++ secures update channel in wake of supply chain compromise
Notepad++, the popular text and source code editor for Windows whose update mechanism was hijacked last year, has been updated to prevent similar attacks in…
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 18, 2026…
CISA Adds Windows Video ActiveX Control RCE Flaw to KEV Catalog Following Active Exploitation
CISA Adds Windows Video ActiveX Control RCE Flaw A long-dormant Microsoft Windows vulnerability, CVE-2008-0015, has been added to the Known Exploited Vulnerabilities (KEV) catalog following…
ClawHavoc Infects OpenClaw’s ClawHub with 1,184 Malicious Skills, Exposing Data Theft Risks
A large-scale supply chain poisoning campaign dubbed ClawHavoc has hit OpenClaw’s official skill marketplace, ClawHub, with at least 1,184 malicious “Skills” historically published on the platform. The…
One stolen credential is all it takes to compromise everything
Attackers often gain access through routine workflows like email logins, browser sessions, and SaaS integrations. A single stolen credential can give them a quick path…
Glendale man gets 5 years in prison for role in darknet drug ring
A Glendale man was sentenced to nearly five years in federal prison for his role in a darknet drug trafficking operation that sold cocaine, methamphetamine,…
Single-Character Typo of “&” Instead of “|” Leads to 0-Day RCE in Firefox
Firefox 0-Day RCE A critical Remote Code Execution (RCE) vulnerability in Mozilla Firefox was caused by a single-character typo in the SpiderMonkey JavaScript engine’s WebAssembly…
ClickFix Exploits Homebrew Workflow to Deploy Cuckoo Stealer for macOS Credential Theft
ClickFix is being weaponized against macOS developers by turning a trusted Homebrew workflow into a stealthy delivery channel for a new infostealer dubbed Cuckoo Stealer.…
Scammers use fake “Gemini” AI chatbot to sell fake “Google Coin”
Scammers have found a new use for AI: creating custom chatbots posing as real AI assistants to pressure victims into buying worthless cryptocurrencies. We recently…
HP bets on edge AI and regional investment to power Middle East enterprise transformation
As artificial intelligence (AI) dominates boardroom conversations across the Middle East, suppliers are racing to articulate how they differentiate beyond the hype. For Ertug Ayik,…
OpenAI’s New Lockdown Mode Aims To Negate Prompt Injection
OpenAI deployed two security features targeting prompt injection attacks that exploit AI systems’ growing connectivity to external networks and applications. Lockdown Mode and Elevated Risk…