Information security

Information security

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [artificial intelligence] agents," Hudson Rock said. Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details.

The Osaka deployment adds 100 Gbps of edge capacity and is hosted within carrier-neutral facilities operated by Equinix. This increases regional proximity, resilience, and throughput for customers serving users in Japan and nearby markets, while maintaining consistent traffic handling and security enforcement. As organizations scale across regions, maintaining low latency, stable availability, and clear operational control has become increasingly complex.

Organizations traditionally approach security risk through a narrow lens, often equating "security" primarily with cybersecurity. While cybersecurity is critically important, it represents only one subset of a much broader security landscape. Cybersecurity focuses on the protection of technologies that collect, store, process and transmit data. By contrast, security-related risk encompasses all forms of loss arising from the failure to protect organizational assets.

do something with AI

Most businesses, which includes modern ones, invest heavily in technology, but they rarely plan for its eventual and inevitable exit strategy. Generally speaking, companies spend millions on the latest hardware while overlooking the critical phase when those assets reach their end. This lack of planning creates a massive gap in the operational lifecycle of many otherwise successful global organizations. Decisions made at the end of a device's life carry real business risks that can impact the bottom line financially and environmentally speaking.

Commanders and security personnel review posts to identify potential threats to operational security, assess character and judgment, and ensure service members uphold the standards expected of those in uniform. Understanding what triggers military scrutiny can help service members navigate social media responsibly while avoiding career-damaging mistakes. Military regulations explicitly permit commanders to review publicly accessible social media accounts when mission requirements or security concerns justify it.

That changed last week when the US Department of Justice published a sentencing memorandum [PDF] that frames Williams' conduct as a betrayal of his employer and the US government, and the cause of significant harm to US national security. Williams "made it possible for the Russian Broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world," the DoJ said.

Reza abasi notes that there is a new forum called the "Kurd Hacker Forum" that focuses on databreaches in Iran, Syria, and Turkey. The domain was registered January 28, 2026. The forum, which is on the clear net, looks like it has the same format as the classic BreachForums, with the same types of sections and subsections. The threads in the forum are either in English or Kurdish languages.

The platform made headlines for being the first social media site expressly for AI agents, not humans. But for me, its significance goes way beyond that. Moltbook is a harbinger-the first real sign that a new type of internet is upon us. No, not a dead internet. Something much more epochal: a zombie internet that could have devastating consequences for advertising, social media, and the human web in the years ahead. Or perhaps it could be our salvation.

BeyondTrust announced patches for CVE-2026-1731 on February 6, the same day Hacktron AI, whose researchers discovered the issue in late January, warned that roughly 11,000 instances had been exposed to the internet, including approximately 8,500 on-prem deployments that may have been vulnerable to attacks. "Given that BeyondTrust Remote Support and Privileged Remote Access are widely deployed in enterprise environments for remote access and privileged session management, the potential blast radius of this vulnerability is significant," Hacktron said.

Tianfu Cup was launched as an alternative to the Zero Day Initiative's Pwn2Own competition, which regularly pays out more than $1 million to white hat hackers who demonstrate critical vulnerabilities in consumer and enterprise hardware and software, industrial control systems, and automotive products. Tianfu Cup made headlines in 2021, when participants earned a total of $1.9 million for exploits targeting Windows, Ubuntu, iOS, Microsoft Exchange, Chrome, Safari, Adobe Reader, Asus routers, and various virtualization products.

Google on Tuesday announced the release of Chrome 145 to the stable channel with fixes for 11 vulnerabilities, including three high-severity bugs. First in line is CVE-2026-2313, a high-severity use-after-free issue in CSS that earned the reporting researchers an $8,000 bug bounty reward. The two other high-severity defects, tracked as CVE-2026-2314 and CVE-2026-2315, were found and reported by Google and are described as a heap buffer overflow in Codecs and an inappropriate implementation in WebGPU, respectively.

"This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick Biasini, Aaron Boyd, Asheer Malhotra, and Vitor Ventura said. "UAT-9921 uses compromised hosts to install VoidLink command-and-control (C2), which are then used to launch scanning activities both internal and external to the network."

The number of ways that Windows shortcut (.LNK) files can be abused just keeps growing: A cybersecurity researcher has documented four new techniques to trick Windows users into running malicious actions through innocent-looking shortcuts. Wietze Beukema demonstrated how to spoof the visible LNK destination, hide command-line arguments, and execute a different program than the one shown to the user, potentially offering attackers new vectors for phishing, USB-borne attacks, or initial access operations.

I belong to six professional organizations. Or maybe it's 13, 19, 26, or 47. I can't be sure. The ones where I pay dues or volunteer I know well: ASIS International, the Life Safety Alliance, Chartered Security Professionals, and a couple of others. Then come the niche and industry-specific associations like the International Council of Shopping Centers, public-private partnerships such as OSAC and Infragard, and the countless ASIS Communities.

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. "The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance,"

A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, to auto-analyze vulnerabilities and plan cyberattacks against US organizations, the company says. While there's no indication that any of these attacks were successful, "APT groups like this continue to experiment with adopting AI to support semi-autonomous offensive operations," Google Threat Intelligence Group chief analyst John Hultquist told The Register. "We anticipate that China-based actors in particular will continue to build agentic approaches for cyber offensive scale."

While you're thinking about third-party add-ons for your computer and phone, take a moment to review everything you have installed on both fronts and consider how many of those programs you actually still use. The fewer cracked windows you allow on your Google account, the better - and if you aren't even using something, there's no reason to keep it connected.

Palo Alto Networks has officially completed its $25 billion acquisition of CyberArk. Identity security will now become a core pillar of Palo Alto's platform offering. The deal, announced in July 2025, was completed faster than expected due to German approval. The acquisition adds more than 10,000 CyberArk customers to Palo Alto's customer base. These organizations use the platform for identity security, with a focus on Privileged Access Management. The offering focuses on securing human, machine, and AI identities.

I have added Service Account Details and my own email: XXX@ProjectNameYYY.iam.gserviceaccount.com As I understand email can have secured access to the Specific Google Sheet.

Ivanti on Tuesday announced patches for over a dozen vulnerabilities in Endpoint Manager (EPM), including issues that were first disclosed in October 2025. In a new advisory, the company warns of a high-severity bug and a medium-severity flaw resolved in EPM, both of which could be exploited remotely. Tracked as CVE-2026-1603, the high-severity weakness is described as an authentication bypass leading to the exposure of credential data.

"The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of Linux 2.6.x-era exploits (2009-2010 CVEs)," cybersecurity company Flare said. "These are low value against modern stacks, but remain effective against 'forgotten' infrastructure and long-tail legacy environments." SSHStalker combines IRC botnet mechanics with an automated mass-compromise operation that uses an SSH scanner and other readily available scanners to co-opt susceptible systems into a network and enroll them in IRC channels.

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often attributed to Pakistan-aligned threat clusters tracked as SideCopy and APT36 (aka Transparent Tribe).

The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive the victim," Google Mandiant researchers Ross Inman and Adrian Hernandez said.

A core part of the resurgence is the use of CastleLoader, a separate piece of malware that's installed initially. It runs solely in memory, making it much harder to detect than malware that resides on a hard drive. Its code is heavily obfuscated, making it hard to spot its malice even when malware scanners can see it. CastleLoader also provides a flexible and full-featured command-and-control communication mechanism that users can customize to meet their specific needs.

Claude Desktop Extensions, recently renamed MCP Bundles, are packaged applications that extend the capabilities of Claude Desktop using the Model Context Protocol, a standard way to give generative AI models access to other software and data. Stored as .dxt files (with Anthropic transitioning the format to .mcpb), they are ZIP archives that package a local MCP server alongside a manifest.json file describing the extension's capabilities.

Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. In the company's Tuesday patch notes, Microsoft says a bad actor could carry out a remote code execution attack by tricking users "into clicking a malicious link inside a Markdown file opened in Notepad," as reported earlier by The Register. Clicking the link would "launch unverified protocols," allowing attackers to remotely load and execute malicious files on a victim's computer, according to the patch notes.