[email protected] (The Hacker News)

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Ravie LakshmananFeb 16, 2026Zero-Day / Browser Security Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked…

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve…

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Ravie LakshmananFeb 13, 2026Threat Intelligence / Malware A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as…

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Ravie LakshmananFeb 13, 2026Malware / Critical Infrastructure Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to…

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

Ravie LakshmananFeb 13, 2026Cloud Security / Cyber Espionage A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services…

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as…

npm’s Update to Harden Their Supply Chain, and Points to Consider

The Hacker NewsFeb 13, 2026Supply Chain Security / DevSecOps In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid…

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. “Overnight we observed first in-the-wild exploitation of BeyondTrust across…

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Ravie LakshmananFeb 12, 2026Cyber Espionage / Artificial Intelligence Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its…

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign…

« Previous
1
…
11
12
13
14
15
…
378
Next »