Adidas Investigates Alleged Data Breach
Adidas has confirmed it is actively investigating a potential data breach involving one of its independent third-party partners after a threat actor operating under the…
Category: CyberSecurityNews
OpenClaw’s #1 Skill is a Malware that Stole SSH Keys, and Opened Reverse Shells in 1,184 Packages
OpenClaw’s Top Skill Malware The most downloaded AI agent skill on OpenClaw’s ClawHub marketplace was functional malware, not a productivity tool. OpenClaw, an open-source AI…
Beyond CVE China’s Dual Vulnerability Databases Reveal a Different Disclosure Timeline
The emergence of a distinct vulnerability disclosure ecosystem within China has introduced a complex layer to the global threat landscape. Unlike the centralized CVE system…
Selective Thread Emulation and Fuzzing Expose DoS Flaws in Socomec DIRIS M-70 IIoT Device
Security researchers have uncovered six critical denial-of-service vulnerabilities in the Socomec DIRIS M-70 industrial gateway used for power monitoring and energy management in critical infrastructure.…
First Known Android AI Malware Uses Google’s Gemini for Decision-making
The first known Android malware family to weaponize a generative AI model, specifically Google’s Gemini, as part of its active execution flow. Discovered in February…
CISA Warns of Honeywell CCTV Products Vulnerability Leads to Account Takeovers
A critical advisory warning regarding a severe vulnerability affecting Honeywell CCTV products, published on February 17, 2026, under advisory ICSA-26-048-04. The alert details a high-severity…
Microsoft Defender Unveils Centralized Script Library with Copilot Analysis for Enhanced Live Response
Microsoft Defender Centralized Script Library Microsoft has introduced a new Library Management experience in Microsoft Defender for Endpoint, designed to fundamentally transform how security analysts…
XWorm Delivered via Fake Financial Receipts Targeting Windows Systems
XWorm Malware Steals Logins via Receipts A sophisticated multi-stage malware campaign is actively targeting Brazilian and Latin American (LATAM) businesses using fake bank receipts to…
Hackers Leveraging Emoji Code to Hide Malicious Code and Evade Security Detections
Threat actors have begun using an obfuscation technique called emoji smuggling to hide malicious code from security systems. This attack method exploits Unicode encoding and…
Critical Authentication Bypass in better-auth API Keys Plugin Allows Unauthenticated Account Takeover
Authentication Bypass better-auth API Keys A critical authentication bypass vulnerability in the better-auth API keys plugin allows unauthenticated attackers to mint privileged API keys for…
AI Dev Tool Cline’s npm Token Hijacked by Hackers for 8 Hours
A compromised publish token gave attackers brief but concerning access to the Cline CLI npm package, exposing developers who installed it during an 8-hour window…
Advanced Crypto Mining Malware Spreads Through External Drives and Air-Gapped Systems
A sophisticated cryptocurrency mining campaign has emerged, targeting systems through external storage devices with the ability to compromise even air-gapped environments. The malware operates as…