Microsoft says it has uncovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessments. The campaign employs carefully crafted lures to blend into routine workflows, such as cloning repositories, opening projects, and… Read More "Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors"
The UK’s National Health Service (NHS) has outlined plans to proactively work with suppliers to improve cybersecurity resilience across the healthcare and social care system in an open letter issued on January 22. The move follows the voluntary cybersecurity supply… Read More "NHS Issues Open Letter Demanding Improved Cybersecurity Standards"
Ravie LakshmananFeb 25, 2026 Zero Day / National Security A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian… Read More "Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker"
A Ukrainian man has been sentenced to five years in prison after helping North Korean IT workers infiltrate American companies using stolen identities, reports Bleepingcomputer. The 39-year-old man from Kiev pleaded guilty in November 2025 to charges including aggravated identity… Read More "Ukrainian convicted for helping fake North Korean IT workers"
Amid exploitation campaigns targeting end of support (EOS) edge devices, the US’ leading cybersecurity agency has issued a directive to decommission all such devices within 12 months. On February 5, the Cybersecurity and Infrastructure Security Agency (CISA) published Binding Operational… Read More "US Agencies Told to Scrap End of Support Edge Devices"
“El Mencho” is dead. This weekend, Mexican Army Special Forces killed Nemesio Rubén “El Mencho” Oseguera Cervantes, the head of the powerful Jalisco New Generation Cartel (CJNG) in Tapalpa, Jalisco, Mexico. Following confirmation of El Mencho’s death by federal authorities,… Read More "How Mexico’s ‘CJNG’ Drug Cartel Embraced AI, Drones, and Social Media"
Ravie LakshmananFeb 25, 2026Vulnerability / Windows Security SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the… Read More "SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution"
At that point there is one chance to stop the attack: The victim has to click on the download for the installation to proceed. Many employees would, for it feels like the natural thing to do, says Stefan Dasic, Malwarebytes manager… Read More "Fake Zoom meeting silently installs surveillance software, says Malwarebytes"
Widespread misconfiguration of popular AI assistant OpenClaw means many instances are exposed to the public-facing internet, SecurityScorecard has warned. The security vendor said it found 40,214 such instances of the tool, formerly known as Clawdbot and Moltbot, although the figure… Read More "Researchers Find 40,000+ Exposed OpenClaw Instances"
Ravie LakshmananFeb 25, 2026Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as… Read More "CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability"
