February, 2026
February 26, 2026 – General
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks Full Text
Abstract
The data was collected by Darktrace from incidents across its global customer base and points to a year defined by automation, convergence and accelerating attacker speed.Infosecurity Magazine
February 26, 2026 – APT
APT37 Adds New Tools For Air-Gapped Networks Full Text
Abstract
ThreatLabz details the Ruby Jumper campaign in the following sections, focusing on the specific malware employed, the deployment methods, and how the final payload is delivered to achieve the ultimate objective.ZScalar
February 24, 2026 – Attack
Japanese chip-testing toolmaker Advantest suffers ransomware attack Full Text
Abstract
Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026.Help Net Security
February 24, 2026 – APT
APT28 Targeted European Entities Using Webhook-Based Macro Malware Full Text
Abstract
APT28, a Russia-linked state-sponsored threat actor, has been attributed to a campaign targeting selected entities across Western and Central Europe, active from September 2025 through January 2026, according to S2 Grupo’s LAB52 team.The Hacker News
February 24, 2026 – Malware
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer Full Text
Abstract
Atomic (AMOS) Stealer has evolved from being distributed via cracked software to a more sophisticated supply chain attack that manipulates AI agentic workflows on platforms like OpenClaw.Trend Micro
February 23, 2026 – Hacker
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP Full Text
Abstract
The Iranian hacking group known as MuddyWater has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.The Hacker News
February 20, 2026 – Vulnerabilities
Critical Vulnerability in Welker OdorEyes EcoSystem Pulse Bypass System Full Text
Abstract
A critical vulnerability has been identified in the Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller. This vulnerability, which lacks authentication for a critical function, could lead to over- or under-odorization events.CISA
February 20, 2026 – Attack
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia Full Text
Abstract
A fraud campaign exploiting Indonesia's Coretax tax platform has resulted in financial losses of $1.5m to $2m. The operation identified 228 new malware samples and 996 phishing URLs, targeting a potential pool of 67 million Indonesian taxpayers.Infosecurity Magazine
February 20, 2026 – Malware
Remcos RAT Expands Real-Time Surveillance Capabilities Full Text
Abstract
The Remcos RAT has evolved with new real-time surveillance capabilities and stronger evasion techniques. Originally a legitimate remote management tool, Remcos has been repurposed as a Remote Access Trojan.Infosecurity Magiazine
February 20, 2026 – Vulnerabilities
Critical Vulnerabilities in Jinan USR IOT Technology Limited (PUSR) USR-W610 Full Text
Abstract
Multiple critical vulnerabilities have been identified in the Jinan USR IOT Technology Limited (PUSR) USR-W610 device, potentially allowing unauthorized access and denial-of-service attacks.CISA
February 20, 2026 – Vulnerabilities
better-auth Flaw Allows Unauthenticated API Key Creation Full Text
Abstract
A critical vulnerability in the better-auth library allows unauthenticated attackers to create API keys for arbitrary users, posing a significant risk of account takeover and MFA bypass.ESecurity Planet
February 20, 2026 – Malware
Crims hit a $20M jackpot via malware-stuffed ATMs Full Text
Abstract
ATM jackpotting is a significant threat, with over $20 million stolen using malware-assisted techniques. The Ploutus malware exploits the XFS API, allowing attackers to dispense cash without bank authorization.The Register
February 20, 2026 – General
Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found Full Text
Abstract
Volt Typhoon continues to target strategically important sites, maintaining long-term access to operational technology networks. This access could enable destructive cyberattacks aimed at slowing U.S. military mobilization.The Record
February 19, 2026 – Government
Known Exploited Vulnerabilities Catalog Full Text
Abstract
The vulnerability in TeamT5 ThreatSonar Anti-Ransomware allows remote attackers with administrator privileges to upload malicious files, potentially leading to arbitrary command execution on the server.CISA
February 19, 2026 – General
China-linked crew embedded in US energy networks Full Text
Abstract
The cybersecurity landscape is increasingly threatened by state-sponsored groups, particularly from China and Russia, targeting critical infrastructure in the US. Notably, the Volt Typhoon group has been embedding malware in US energy networks.The Register
February 18, 2026 – Phishing
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails Full Text
Abstract
Hackers are exploiting fake Social Security Administration (SSA) emails to hijack PCs by abusing the ScreenConnect tool. This attack does not rely on new viruses but rather on hijacking existing tools and weakening system defenses.Hack Read
February 18, 2026 – Botnet
Keenadu the tablet conqueror and the links between major Android botnets Full Text
Abstract
Keenadu is a sophisticated backdoor targeting Android devices by embedding itself into the firmware. It mirrors the behavior of the Triada backdoor, allowing attackers to control devices remotely and exfiltrate data.February 18, 2026 – Attack
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer Full Text
Abstract
The SmartLoader campaign involves a sophisticated attack using a trojanized Oura MCP server to deploy the StealC infostealer. Threat actors have invested months in building credibility by creating fake GitHub accounts and repositories.The Hacker News
February 18, 2026 – Hacker
Hackers target supporters of Iran protests in new espionage campaign Full Text
Abstract
A cyberespionage campaign targets supporters of Iran's anti-government protests, focusing on Farsi-speaking Iranians, activists, and journalists. The campaign exploits the ongoing internet blackout in Iran and is linked to Iranian-aligned hackers.The Record
February 12, 2026 – Government
CISA Releases Two Industrial Control Systems Advisories Full Text
Abstract
CISA has released two new ICS advisories on December 30, 2025. These advisories address vulnerabilities in WHILL C2 Wheelchairs and AzeoTech DAQFactory, providing critical information on current security issues and exploits.CISA
February 12, 2026 – Vulnerabilities
Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks Full Text
Abstract
Apple has addressed a zero-day vulnerability, CVE-2026-20700, in its Dynamic Link Editor (dyld), which was exploited in highly sophisticated attacks targeting specific individuals. This marks the first zero-day fix in 2026.Bleeping Computer
February 12, 2026 – Breach
Georgia healthcare company data breach impacts more than 620,000 Full Text
Abstract
A significant data breach at ApolloMD, a Georgia-based healthcare provider, occurred between May 22 and May 23, 2025, compromising the sensitive information of 626,540 individuals. The breach was executed by the Qilin ransomware gang.The Record
February 12, 2026 – Breach
Volvo Group hit in massive Conduent data breach Full Text
Abstract
A significant data breach at Conduent has impacted over 25 million individuals, including 17,000 employees of Volvo Group North America. The breach exposed sensitive personal data, making it one of the largest breaches in recent history.Security Affairs
February 12, 2026 – Attack
Crazy ransomware gang abuses employee monitoring tool in attacks Full Text
Abstract
The Crazy ransomware gang is exploiting legitimate employee monitoring software and the SimpleHelp remote support tool to maintain persistence in corporate networks, evade detection, and prepare for ransomware deployment.Bleeping Computer
February 12, 2026 – Malware
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials Full Text
Abstract
The "AgreeToSteal" attack marks the first known instance of a malicious Microsoft Outlook add-in in the wild, exploiting the abandoned "AgreeTo" add-in to steal over 4,000 Microsoft credentials.The Hacker News
February 11, 2026 – Phishing
Pride Month Phishing Targets Employees via Trusted Email Services Full Text
Abstract
The phishing campaign began in December 2025, initially targeting 504 organizations primarily in the financial services and consulting sectors as part of a testing phase.Hack Read
February 11, 2026 – Malware
ZeroDayRAT malware grants full access to Android, iOS devices Full Text
Abstract
ZeroDayRAT is a sophisticated mobile spyware platform targeting Android and iOS devices, offering cybercriminals full remote control. It poses significant risks to both individuals and enterprisesBleeping Computer
February 11, 2026 – Attack
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps Full Text
Abstract
A cyber incident in Poland's energy sector targeted OT and ICS systems, affecting renewable energy plants, a combined heat and power plant, and a manufacturing company. The attack exploited vulnerable edge devices.CISA
February 11, 2026 – Phishing
North Korean hackers targeted crypto exec with fake Zoom meeting, ClickFix scam Full Text
Abstract
North Korean hackers, identified as UNC1069, targeted a cryptocurrency executive using a fake Zoom meeting and ClickFix scam. The attack aimed to enable cryptocurrency theft and fuel future social engineering campaigns.The Record
February 9, 2026 – Breach
Birmingham mental health authority warns 30,000+ people of data breach that leaked SSNs and medical info Full Text
Abstract
The Jefferson Blount St. Claire Mental Health Authority in Birmingham, Alabama, experienced a significant data breach in November 2025, affecting over 30,000 individuals.CompariTech
February 9, 2026 – Breach
Flickr emails users about data breach, pins it on 3rd party Full Text
Abstract
Flickr, a legacy image-sharing platform, has experienced a data breach affecting its global user base. Operating in 190 countries, Flickr has 35 million active users monthly, including 228,000 in Europe.The Register
February 9, 2026 – Phishing
State-backed phishing attacks targeting military officials and journalists on Signal Full Text
Abstract
A state-backed hacking group is targeting military officials, journalists, and diplomats in Germany and Europe through phishing attacks on Signal. These attacks aim to gain unauthorized access to accounts by impersonating Signal support.Help Net Security
February 9, 2026 – Outage
Payments platform BridgePay confirms ransomware attack behind outage Full Text
Abstract
BridgePay, a major U.S. payment gateway, has confirmed a ransomware attack that has caused a significant outage across its services. Initial forensic findings indicate that no payment card data has been compromised.Bleeping Computer
February 9, 2026 – Botnet
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server Full Text
Abstract
The Prometei botnet, a Russian-linked threat active since 2016, has been identified in a UK construction firm's Windows Server. Known for mining Monero cryptocurrency, it also excels at stealing passwords and maintaining remote control over systems.Hack Read
February 6, 2026 – Vulnerabilities
Why a decade-old EnCase driver still works as an EDR killer Full Text
Abstract
Attackers are exploiting a decade-old EnCase driver to disable 59 endpoint security products. The driver's certificate, issued on December 15, 2006, allows it to load on modern Windows systems due to Microsoft's backward compatibility policies.Help Net Security
February 6, 2026 – Breach
Romanian oil pipeline operator Conpet discloses cyberattack Full Text
Abstract
The Qilin ransomware gang, known for targeting high-profile organizations, has claimed responsibility for the cyberattack on Conpet, alleging the theft of nearly 1TB of data, including sensitive documents and financial information.Bleeping Computer
February 6, 2026 – Vulnerabilities
Critical Vulnerabilities in Ilevia EVE X1 Server Allow Remote Exploitation Full Text
Abstract
The Ilevia EVE X1 Server has been found to contain multiple critical vulnerabilities that could allow attackers to execute arbitrary commands, disclose sensitive information, and escalate privileges.CISA
February 6, 2026 – Malware
Technical Analysis of Marco Stealer Full Text
Abstract
Marco Stealer is a sophisticated information stealer targeting browser data, cryptocurrency wallets, and sensitive files. It employs advanced anti-analysis techniques and uses AES-256 encryption for secure C2 communication.ZScalar
February 6, 2026 – Outage
Italian university La Sapienza goes offline after cyberattack Full Text
Abstract
La Sapienza University, Europe's largest by in-campus students, has been hit by a ransomware attack attributed to the pro-Russian group Femwar02. The attack has led to significant disruptions, with IT systems offline and data encrypted.Bleeping Computer
February 6, 2026 – Botnet
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack Full Text
Abstract
The AISURU/Kimwolf botnet has launched a record-setting DDoS attack, peaking at 31.4 Tbps. This attack is part of a significant increase in DDoS activity in 2025, with Cloudflare mitigating over 47.1 million attacks throughout the year.The Hacker News
February 6, 2026 – Government
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added two vulnerabilities, CVE-2025-11953 and CVE-2026-24423, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively exploited and pose significant risks to federal enterprises.CISA
February 6, 2026 – Outage
Spain’s Ministry of Science shuts down systems after breach claims Full Text
Abstract
Spain's Ministry of Science has partially shut down its IT systems following claims of a cyberattack. The Ministry cited a "technical incident" without confirming the attack.Bleeping Computer
February 5, 2026 – Malware
Hugging Face abused to spread thousands of Android malware variants Full Text
Abstract
A recent Android malware campaign has been identified, exploiting the Hugging Face platform to distribute thousands of malicious APK variants. The malware, disguised as a security tool named TrustBastion.Bleeping Computer
February 5, 2026 – Breach
Notepad++ users take note: It’s time to check if you’re hacked Full Text
Abstract
A critical security breach has been identified in the update infrastructure of Notepad++, a widely used text editor for Windows. The breach, attributed to suspected Chinese state hackers.ArsTechnica
February 5, 2026 – Vulnerabilities
Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk Full Text
Abstract
Two critical vulnerabilities, collectively known as "LookOut," have been identified in Google Looker, a business intelligence platform used by over 60,000 organizations globally.Help Net Security
February 5, 2026 – Breach
Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes Full Text
Abstract
A recent cloud breach highlights the dangers of exposed AWS credentials and AI-assisted attacks. An attacker gained full admin access to a company's cloud environment in just eight minutes.Hack Read
February 5, 2026 – Government
CISA warns of five-year-old GitLab flaw exploited in attacks Full Text
Abstract
CISA issued a warning regarding a five-year-old GitLab vulnerability that is actively being exploited. CISA has urged all organizations, including those in the private sector, to prioritize securing their devices against these ongoing attacks.Bleeping Computer
February 4, 2026 – Breach
Seattle-area neurologist warns 13,500 people of data breach that leaked SSNs, medical info Full Text
Abstract
A data breach has occurred at Neurological Associates of Washington, affecting 13,500 individuals. The breach involved the theft of sensitive information, including Social Security numbers and medical records, by the ransomware group DragonForce.CompariTech
February 4, 2026 – Government
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities affect SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab, posing significant security risks to affected systems.Security Affairs
February 4, 2026 – Vulnerabilities
Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities Full Text
Abstract
Foxit Software has addressed multiple cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud and Foxit eSign. These vulnerabilities could allow attackers to execute arbitrary JavaScript within a user's browser.The Cyber Express
February 4, 2026 – Phishing
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers Full Text
Abstract
Microsoft has identified a growing threat where Python-based infostealers are targeting macOS environments. These attacks exploit cross-platform capabilities and trusted platforms to distribute malware at scale.The Hacker News
February 4, 2026 – Phishing
How fake party invitations are being used to install remote access tools Full Text
Abstract
A sophisticated social engineering campaign is targeting Windows users in the UK by using fake party invitations to install ScreenConnect, a legitimate remote access tool, for malicious purposes.Malware Bytes
February 3, 2026 – APT
Russian hackers exploit recently patched Microsoft Office bug in attacks Full Text
Abstract
APT28 is actively exploiting a recently patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw is being used to target Ukrainian government entities and potentially extends to EU-based organizations.Bleeping Computer
February 3, 2026 – Breach
Portland, ME schools warn 12,000+ people of data breach that leaked SSNs, financial and medical info Full Text
Abstract
Portland Public Schools in Maine has confirmed a data breach affecting over 12,000 individuals, compromising sensitive personal information. The breach was claimed by the ransomware group RansomHub, known for targeting educational institutions.CompariTech
February 3, 2026 – Breach
Colorado clinic warns 65,000+ people of data breach that leaked SSNs, credit cards, and medical info Full Text
Abstract
A significant data breach at Alpine Ear, Nose & Throat has compromised the personal information of over 65,000 individuals. The breach, attributed to the ransomware group BianLian, involved the theft of sensitive data.CompariTech
February 3, 2026 – Attack
Notepad++ hijacking linked to Chinese Lotus Blossom crew Full Text
Abstract
A sophisticated malware campaign leveraging Pulsar RAT has been identified, targeting Windows systems. This campaign employs advanced techniques to evade detection and maintain persistent access, posing a significant threat to affected systems.The Register
February 3, 2026 – Breach
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms Full Text
Abstract
Panera Bread has confirmed a data breach affecting 5.1 million accounts, significantly fewer than the initially reported 14 million. The breach involved the exposure of contact information, including email addresses and physical addresses.Security Affairs
February 2, 2026 – Breach
California tribal clinics warn patients of data breach that leaked SSNs and medical info Full Text
Abstract
A data breach has occurred at the MACT Health Board, affecting several clinics in California's Sierra Foothills. The breach, attributed to the ransomware group Rhysida, has compromised sensitive personal and medical information of patients.CompariTech
February 2, 2026 – Vulnerabilities
Shadow Directories: A Unique Method to Hijack WordPress Permalinks Full Text
Abstract
A new method of hijacking WordPress permalinks involves the creation of shadow directories. This technique allows attackers to inject spam content into search engine results without altering the visible content on the website or its database.Sucuri
February 2, 2026 – Vulnerabilities
Privileged File System Vulnerability Present in a SCADA System Full Text
Abstract
A vulnerability identified as CVE-2025-0921 has been discovered in the Iconics Suite, a SCADA system used for industrial process control. This vulnerability allows for execution with unnecessary privileges, potentially leading to a DoS condition.Palo Alto Network
February 2, 2026 – Attack
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists Full Text
Abstract
The RedKitten cyber campaign, attributed to a Farsi-speaking threat actor aligned with Iranian state interests, targets NGOs and individuals documenting human rights abuses in Iran.The Hacker News
February 2, 2026 – Breach
CrossCurve Bridge Hacked for $3M After Smart Contract Validation Vulnerability Exploited Full Text
Abstract
The CrossCurve bridge suffered a cyberattack resulting in a $3 million loss. Attackers exploited a vulnerability in the smart contract infrastructure, specifically a gateway validation bypass within the ReceiverAxelar contract.The Cyber Express