Identity Prioritization isn’t a Backlog Problem – It’s a Risk Math Problem

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of factors: control posture, hygiene, business context, and intent. Any one of […]

Continue Reading

Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks

Ravie LakshmananFeb 24, 2026Threat Intelligence / Healthcare The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom’s threat intelligence division said it also […]

Continue Reading

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct backdoors codenamed LuciDoor and MarsSnake, according to a report published by Positive Technologies last week. “The group used several […]

Continue Reading

Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model

Ravie LakshmananFeb 24, 2026Artificial Intelligence / Anthropic Anthropic on Monday said it identified “industrial-scale campaigns” mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude’s capabilities to improve their own models. The distillation attacks generated over 16 million exchanges with its large language model (LLM) through about 24,000 fraudulent […]

Continue Reading

APT28 Targeted European Entities Using Webhook-Based Macro Malware

Ravie LakshmananFeb 23, 2026Malware / Threat Intelligence The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign […]

Continue Reading

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. “Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated, multi-stage infection prioritizing maximum cryptocurrency mining hashrate, often destabilizing the victim system,” Trellix researcher Aswath […]

Continue Reading

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious […]

Continue Reading

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

Ravie LakshmananFeb 23, 2026Threat Intelligence / Artificial Intelligence The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo. The activity, first observed on January 26, […]

Continue Reading

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026. “No exploitation of FortiGate vulnerabilities […]

Continue Reading

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) credential and a global leader in applied cybersecurity education, today launched its Enterprise AI […]

Continue Reading

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Ravie LakshmananFeb 21, 2026Artificial Intelligence / DevSecOps Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user’s software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. […]

Continue Reading

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

Ravie LakshmananFeb 20, 2026Vulnerability / Cyber Attack Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and  The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating […]

Continue Reading

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

Ravie LakshmananFeb 20, 2026Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). “The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, […]

Continue Reading

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026

The Hacker NewsFeb 20, 2026Cyber Insurance / Password Security With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.  For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of […]

Continue Reading

Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case

Ravie LakshmananFeb 20, 2026Cybercrime / Law Enforcement A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea’s fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr “Alexander” Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities […]

Continue Reading

Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran

Ravie LakshmananFeb 20, 2026Insider Threat / Corporate Espionage Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka […]

Continue Reading

PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots, and […]

Continue Reading

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Ravie LakshmananFeb 19, 2026Vulnerability / Network Security Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the […]

Continue Reading

ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories

Ravie LakshmananFeb 19, 2026Cybersecurity / Hacking News The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact. […]

Continue Reading

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Ravie LakshmananFeb 19, 2026Banking Malware / Mobile Security Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that’s designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking […]

Continue Reading

CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware

Ravie LakshmananFeb 19, 2026Cyber Espionage / Data Security Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran’s ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious […]

Continue Reading

Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody

Ravie LakshmananFeb 18, 2026Mobile Security / Spyware New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident’s phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at […]

Continue Reading