New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
Ravie LakshmananFeb 16, 2026Zero-Day / Browser Security Google on Friday released security updates for its Chrome browser to address a security flaw that it said…
Category: TheHackerNews
Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging
Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that…
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Ravie LakshmananFeb 13, 2026Malware / Critical Infrastructure Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their…
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
Ravie LakshmananFeb 13, 2026Threat Intelligence / Malware A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL.…
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
Ravie LakshmananFeb 13, 2026Cloud Security / Cyber Espionage A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called…
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension,…
npm’s Update to Harden Their Supply Chain, and Points to Consider
The Hacker NewsFeb 13, 2026Supply Chain Security / DevSecOps In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended…
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to…
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign…
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
Ravie LakshmananFeb 12, 2026Cyber Espionage / Artificial Intelligence Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative…
Why 84% of Security Programs Are Falling Behind
The Hacker NewsFeb 12, 2026Enterprise Security / Breach Prevention A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark…
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
Ravie LakshmananFeb 12, 2026Vulnerability / Network Security A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile…