F5 released its February 2026 Quarterly Security Notification on February 4, announcing several medium and low-severity CVEs, plus a security exposure affecting BIG-IP, NGINX, and container services. These issues primarily stem from denial-of-service (DoS) risks and configuration weaknesses, potentially disrupting…
Tag: EN
Spam Campaign Distributes Fake PDFs, Installing Remote Monitoring Tools for Persistent Access
Security teams have discovered an active spam campaign that uses fake PDF documents to trick users into installing remote monitoring and management (RMM) software. The campaign targets organizations by sending emails containing PDF attachments that appear to be invoices, receipts,…
New Epstein Tool Searches LinkedIn Connections Against 3.5 Million Pages Epstein Files
A new open-source Python tool named EpsteIn enables users to check if their LinkedIn connections appear in over 3.5 million pages of Jeffrey Epstein court documents recently released by the U.S. Department of Justice. Developed by Christopher Finke, it runs…
Mobile privacy audits are getting harder
Mobile apps routinely collect and transmit personal data in ways that are difficult for users, developers, and regulators to verify. Permissions can reveal what an app can access, and privacy policies can claim what an app should do, yet neither…
Phishing and OAuth Token Vulnerabilities Lead to Full Microsoft 365 Breach
Two medium-severity vulnerabilities, an unsecured email API endpoint and verbose error messages exposing OAuth tokens, chain together to enable authenticated phishing that bypasses all email security controls, persistent access to Microsoft 365 environments While protocols like SPF, DKIM, and DMARC…
CentOS 9 Security Flaw Enables Privilege Escalation – PoC Released
A critical security flaw has been identified in CentOS 9 that allows a local user to escalate their privileges to root. The vulnerability, which stems from a Use-After-Free (UAF) condition in the Linux kernel’s networking subsystem, was awarded first place…
The hidden cost of putting off security decisions
In this Help Net Security video, Hanah Darley, Chief AI Officer, Geordie AI, talks about how putting off security risk decisions creates long-term costs that often stay hidden. Drawing on her work with CISOs and security leaders, she shows how…
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched…
Hackers Exploit Windows Screensaver to Deploy RMM Tools, Gain Remote Access
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) software to establish persistent control over…
Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek. This article has been indexed from…
CISA Advisory Highlights Exploited SmarterTools Vulnerability in Recent Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity vulnerability affecting SmarterTools SmarterMail to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-24423, this flaw is actively being weaponized in the wild, with security researchers confirming its use in…
Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog
CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks. The post Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek. This article has been indexed from…
New infosec products of the week: February 6, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Avast, Fingerprint, Gremlin, and Socure. Gremlin launches Disaster Recovery Testing for zone, region, and datacenter failovers Gremlin, the proactive reliability platform, launched Disaster Recovery Testing:…
OpenClaw, MoltBot, Clawdbot – From Bad to Worse
In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the vulnerabilities in OpenClaw Marketplace, a rapid AI-assisted AWS…
Betterment Data Breach Exposes Sensitive Information of 1.4 Million Customers
Automated investment platform Betterment has confirmed a data breach affecting approximately 1.4 million customers. The incident, which occurred in January 2026, was the result of a targeted social engineering attack rather than a direct exploit of the company’s core infrastructure.…
Spam Campaign Distributes Fake PDFs, Deploys Remote Monitoring Tools for Ongoing Access
An ongoing spam campaign that leverages social engineering to deploy legitimate Remote Monitoring and Management (RMM) software on victim networks. By disguising malicious payloads as essential Adobe Acrobat updates, threat actors are successfully bypassing traditional security controls and establishing persistent…
New CentOS 9 Vulnerability Lets Attackers Escalate to Root Privileges – PoC Released
A critical use-after-free (UAF) vulnerability in the Linux kernel’s sch_cake queuing discipline (Qdisc) affects CentOS 9, allowing local users to gain root privileges. Security firm SSD Secure Disclosure published details on February 5, 2026, noting the flaw won first place…
Orchid Security Launches Tool to Monitor Identity Behavior Across Business Applications
Modern organizations rely on a wide range of software systems to run daily operations. While identity and access management tools were originally designed to control users and directory services, much of today’s identity activity no longer sits inside those…
Zscaler Acquires Browser Security Firm SquareX
Zscaler says the acquisition will allow customers to embed lightweight extensions into any browser, providing increased security and eliminating the need for third-party browsers. The post Zscaler Acquires Browser Security Firm SquareX appeared first on SecurityWeek. This article has been indexed…
ISC Stormcast For Friday, February 6th, 2026 https://isc.sans.edu/podcastdetail/9798, (Fri, Feb 6th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, February 6th, 2026…