securityrss.ai

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Threat actors are exploiting CVE-2026-1731 (CVSS 9.9) in BeyondTrust Remote Support and Privileged Remote Access products, allowing unauthenticated remote code execution. BeyondTrust has released patches for affected versions.

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

Microsoft security researchers have identified a trend of AI Recommendation Poisoning, where companies embed hidden instructions in “Summarize with AI” buttons to manipulate AI assistants' memory.

300,000+ Chrome users installed these malicious extensions posing as AI assistants — delete them right now

Over 300,000 Chrome users installed 30 malicious extensions masquerading as AI assistants, leading to potential data theft. Discovered by LayerX, these extensions, including Gemini AI Sidebar and others, siphon sensitive information like passwords and emails.

Odido Telecom Suffers Cyberattack – 6.2 Million Customer Accounts Affected

Odido Telecom confirmed on February 12, 2026, that a cyberattack compromised personal data from 6.2 million customer accounts, detected over February 7-8. Exposed information includes names, addresses, email addresses, and IBANs, but not passwords or sensitive logs.

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have identified the first malicious Microsoft Outlook add-in, AgreeTo, which has stolen over 4,000 Microsoft credentials. The add-in, originally legitimate, was exploited after its developer abandoned it, allowing an attacker to claim the domain and serve a phishing page.

Google: China's APT31 used Gemini to plan cyberattacks against US orgs

A Chinese hacking group, APT31, has reportedly used Google's AI chatbot, Gemini, to analyze vulnerabilities and plan cyberattacks against U.S. organizations. Google’s Threat Intelligence Group noted that APT31 employed a structured approach to automate vulnerability analysis.

Windows Notepad Vulnerability Allows Attackers to Execute Malicious Code Remotely

Microsoft has patched a critical remote code execution vulnerability in the Windows Notepad app, tracked as CVE-2026-20841, disclosed on February 10, 2026. The flaw allows attackers to execute malicious code by tricking users into opening a compromised Markdown file.

Microsoft tightens Windows security with app transparency and user consent

Microsoft is enhancing Windows security with two initiatives: User Transparency and Consent, which prompts users for access to sensitive resources and records permission decisions, and Windows Baseline Security Mode, which restricts the execution of only properly signed applications by default.

Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals

Apple released iOS 26.3 and iPadOS 26.3 on February 11, 2026, addressing over 40 vulnerabilities, including a critical zero-day (CVE-2026-20700) in the dyld component, exploited in targeted attacks against high-profile individuals.

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

A new Linux botnet named SSHStalker has infected approximately 7,000 systems using outdated 2009-era exploits and automated SSH scanning techniques. Detected by Flare researchers, it employs IRC for command-and-control, maintaining persistent access without immediate monetization.

Fake 7-Zip downloads are turning home PCs into proxy nodes

A trojanized installer masquerading as 7-Zip from the lookalike domain 7zip[.]com has been converting victims' PCs into residential proxy nodes. The malware, signed with a revoked certificate, installs components in C:\Windows\SysWOW64\ and establishes persistence via Windows services.

NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure

The NCSC has issued a warning to critical national infrastructure (CNI) providers in the UK about severe cyber threats following coordinated attacks on Poland's energy sector in December.

UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering

North Korean threat actor UNC1069 has targeted the cryptocurrency sector using advanced social engineering and AI-enabled tactics. Mandiant's investigation revealed an intrusion involving seven malware families, including SILENCELIFT and DEEPBREATH.

Microsoft Patch Tuesday February 2026 – 54 Vulnerabilities Fixed, Including 6 Zero-days

Microsoft's February 2026 Patch Tuesday, released on February 10, addresses 54 vulnerabilities, including six zero-days across various products. Key vulnerabilities include two Critical flaws in Azure Compute Gallery, allowing data leaks and privilege escalation.

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

Ransomware attackers are exploiting the SmarterMail vulnerability CVE-2026-24423, which allows unauthenticated remote code execution via the ConnectToHub API in versions prior to v100.0.9511.

Hackers Deliver Global Group Ransomware Offline via Phishing Emails

Researchers at Forcepoint X-Labs uncovered a phishing campaign using Phorpiex malware to deliver Global Group ransomware. Active in 2024-2025, the attack employs deceptive Windows shortcut files (.lnk) to execute commands via legitimate programs, downloading the ransomware locally.

Discord to Age-Restrict User Access to Key Features Starting Next Month

Discord will implement global "teen-by-default" safety controls and an expanded age assurance system in March. Users will verify their age only when accessing age-restricted content, with defaults set to protect younger users from sensitive media and unsolicited messages.

Singapore says China-linked hackers targeted telecom providers in major spying campaign

Singapore's Cyber Security Agency reported that the China-linked group UNC3886 targeted all four major telecom operators: M1, SIMBA Telecom, Singtel, and StarHub, in a sophisticated espionage campaign.

EU, Dutch government announce hacks following Ivanti zero-days

A wave of cyberattacks linked to critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) has prompted emergency warnings globally. The vulnerabilities, CVE-2026-1281 and CVE-2026-1340, allow unauthorized control over devices.

BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution

BeyondTrust disclosed a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) affecting its Remote Support and Privileged Remote Access platforms, allowing unauthenticated attackers to execute OS commands. Vulnerable versions include Remote Support 25.3.

BridgePay Payment Gateway Hit by Ransomware, Causing Nationwide Outages

On February 6, 2026, BridgePay Network Solutions experienced a ransomware attack, causing nationwide outages in card processing. The incident began at 3:29 a.m. EST, with systems down by 5:48 a.m. EST. By 7:08 p.m. EST, ransomware was confirmed as the cause, but no payment card data was compromised.

Analysis of active exploitation of SolarWinds Web Help Desk

The Microsoft Defender Research Team reported active exploitation of SolarWinds Web Help Desk (WHD) instances, allowing attackers to gain unauthenticated remote code execution.

European Commission probes intrusion into staff mobile management backend

The European Commission is investigating a cyber intrusion into its mobile device management systems, detected on January 30 by CERT-EU. The breach may have exposed staff names and mobile numbers.

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware

Bitdefender Labs found that 17% of OpenClaw AI skills analyzed in February 2026 are malicious, targeting crypto keys and installing macOS malware. Attackers disguise harmful tools as legitimate utilities, with 54% of threats related to crypto.

State-backed phishing attacks targeting military officials and journalists on Signal

German security authorities warn of state-backed phishing attacks targeting military officials and journalists via Signal. Attackers impersonate Signal support, urging victims to provide security PINs or scan QR codes, leading to account takeover.

Flickr Confirms Data Breach – 35 million Users Data at Risk

Flickr reported a potential data breach on February 5, 2026, affecting its 35 million users due to a vulnerability in a third-party email service. Exposed data may include usernames, email addresses, and IP addresses, but not passwords or financial details.

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Anthropic's Claude Opus 4.6 has identified over 500 high-severity security flaws in major open-source libraries, including Ghostscript, OpenSC, and CGIF. The model, launched on Thursday, excels in discovering vulnerabilities without specialized tools.

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Cisco Talos has identified "DKnife," a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework used since at least 2019, targeting primarily Chinese-speaking users.

CISA tells agencies to stop using unsupported edge devices

CISA has ordered federal agencies to cease using unsupported edge devices, such as firewalls and routers, due to their vulnerability to cyberattacks. Agencies must inventory these devices within three months and replace them within one year.

Italy blames Russia-linked hackers for cyberattacks ahead of Winter Olympics

Italy's Foreign Minister Antonio Tajani reported thwarted cyberattacks of "Russian origin" targeting diplomatic missions and sites linked to the 2026 Winter Olympics, affecting around 120 targets, including consulates in Sydney, Toronto, and Paris.