Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on…
Category: TheHackerNews
How Exposed Endpoints Increase Risk Across LLM Infrastructure
The Hacker NewsFeb 23, 2026Artificial Intelligence / Zero Trust As more organizations run their own Large Language Models (LLMs), they are also deploying more internal…
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious…
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
Ravie LakshmananFeb 23, 2026Threat Intelligence / Artificial Intelligence The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several…
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located…
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the…
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
Ravie LakshmananFeb 21, 2026Vulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software…
Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
Ravie LakshmananFeb 21, 2026Artificial Intelligence / DevSecOps Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that…
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Ravie LakshmananFeb 20, 2026Vulnerability / Cyber Attack Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and…
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous…
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT
Ravie LakshmananFeb 20, 2026Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a…
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
Ravie LakshmananFeb 20, 2026Cybercrime / Law Enforcement A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role…