Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
Ivanti EPMM vulnerabilities
Ivanti EPMM and the New Attack Surface of Trust
March 03, 2026
Ivanti disclosed two zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product on Jan. 29. Both flaws—CVE-2026-1281 and CVE-2026-1340—are code-injection bugs that Ivanti says can allow unauthenticated remote code execution on a vulnerable EPMM server.…
Read More >
Unit42 identity security
Attackers Aren’t Breaking In Anymore — They’re Logging In
March 03, 2026
Unit42, the threat intelligence and security consulting team at Palo Alto Networks, has published the Global Incident Response Report 2026, exploring threat trends likely to influence the landscape for the rest of the year. The…
Read More >
Dell RecoverPoint zero-day
The Dell RecoverPoint Zero-Day and China’s Expanding Playbook
March 02, 2026
Dell recently put out an advisory and security update for CVE-2026-22769, a critical vulnerability in many versions of Dell RecoverPoint for Virtual Machines. The flaw has been actively exploited in the wild since mid-2024, with…
Read More >
Chrome extensions LayerX
Somebody Is Watching: AI Weaponizes Fake Chrome Extensions to Spy on Users
February 26, 2026
The promise of productivity has turned AI tools into effective lures for cybercriminals. Researchers at LayerX Security recently exposed AiFrame, a coordinated campaign of 30 malicious Chrome browser extensions that impersonated well-known AI assistants in…
Read More >
vibecoding £5 botnet
How a Single AI Prompt Built a 90-Host Botnet
February 24, 2026
AI cybersecurity company Darktrace recently observed a botnet incident involving 91 compromised hosts, in which the threat actors brought in only five British pounds in earnings. Darktrace’s global honeypot network, CloudyPots, captured a completely AI-generated…
Read More >
VoidLink AI malware
How VoidLink Signals the Dawn of Machine-Built Malware
February 24, 2026
For years, security researchers have warned that artificial intelligence could eventually let a single operator produce malware that rivals the output of an entire development team. Two recent investigations into a Linux command-and-control framework called…
Read More >
Sysdig cloud security AWS
Eight Minutes to Admin: AI Just Changed the Cloud Threat Model
February 19, 2026
The Sysdig Threat Research Team (TRT) discovered a threat operation against an Amazon Web Services (AWS) environment on November 28th, 2025. The attacker in this incident was able to progress from initial access to administrative…
Read More >
agentic AI security secure AI
The Agentic AI Security Gap Is Already Here
February 17, 2026
In the past several years, AI has increasingly been adopted by individuals and organizations alike for both personal and business purposes. Unfortunately, it has also been implemented by many cybercriminals to enhance their attacks, and…
Read More >
Poland Electrum electric grid cyber attack
Poland Grid Hack Signals Shift in Cyberwarfare Strategy
February 16, 2026
A new report from Dragos confirms what many in the energy sector had suspected: the December 2025 cyberattack on Poland’s power grid was a deliberate test of the system’s vulnerabilities. There were no blackouts. Electricity…
Read More >
DockerDash AI
DockerDash Exposes the Dark Side of AI Trust in DevOps
February 16, 2026
The AI explosion in recent years has led to widespread adoption in a variety of business environments, including the rapid rise of AI assistants inside DevOps and cloud workflows. These “trusted” tools are now embedded…
Read More >
Zscaler shadow AI risk
AI Everywhere, Oversight Nowhere: The New Enterprise Risk Blind Spot
February 12, 2026
Zscaler recently released the ThreatLabz 2026 AI Security Report, offering insight into the state of security amid the AI explosion. The growth of AI usage is becoming exponential as more and more organizations adopt AI…
Read More >
Netwrix cybersecurity identity security
Identity: The New Data Perimeter in the Age of Agentic AI
February 10, 2026
A new forecast from Netwrix Security Research Lab argues that the next wave of cybersecurity disruption will not come from new exploits, but rather from scaled attacks. “Soon, cybersecurity will stop being a people-scaling problem…
Read More >
WinRAR patched vulnerability
A Patched Flaw Still Opening Doors: Inside the WinRAR Exploit Surge
February 06, 2026
Months after it was patched, a path traversal flaw in WinRAR (CVE-2025-8088) is still being actively exploited, according to Google’s Threat Intelligence Group. The vulnerability was fixed in July 2025, but many users haven’t updated,…
Read More >
LinkedIn phishing comments policy violation
Fake LinkedIn “Policy Violation” Comments Turn Public Posts into Phishing Traps
February 05, 2026
A recent phishing campaign has arisen targeting users on LinkedIn in public post comments. This demonstrates attackers shifting away from DMs and email as initial attack vectors and toward highly visible spaces where users feel…
Read More >
Kimwolf DDoS botnet
Infected Android Devices Are Powering a Global DDoS Army
February 03, 2026
A massive, sprawling DDoS and proxy botnet, known as Kimwolf, has recently shown increased activity, growing to more than two million infected devices since August 2025. These millions of Android devices are globally distributed and…
Read More >
Fortinet cloud complexity AI
The Cloud Complexity Gap Is Becoming an AI Security Liability
February 02, 2026
A new report from Fortinet and Cybersecurity Insiders outlines growing tension between the pace of AI-driven cloud adoption and the capacity of current security models to keep up. The 2026 Cloud Security Report highlights how…
Read More >
Black Duck Broadcom Wi-Fi vulnerability
How a Broadcom Wi-Fi Flaw Exposes a Fragile Wireless Reality
February 02, 2026
Wireless networks are often treated as invisible utilities by organizations and individuals alike—expected to work continuously, silently, and flawlessly. Unfortunately, this assumption is not always true, as demonstrated in a recent publication based on a…
Read More >
Veeam RCE remote code execution vulnerability
Critical Veeam Remote Code Execution Attack Highlights Risk of Trusted Backup Access
January 29, 2026
Shortly after the New Year, Veeam disclosed a critical Remote Code Execution (RCE) vulnerability in its backup and replication software. This underscores a familiar but uncomfortable reality in enterprise security: The most dangerous attacks often don’t…
Read More >
Subscribe for the Latest News
Webinars
5 SIEM Migration Myths Debunked: Why You Should Move to a Cloud-Native, AI-Driven SOC
Register Now
Securing the AI Frontier: Defending the Enterprise Ecosystem with Prisma AIRS
Register Now
Scaling Secure Development: Modern Code Security Without Slowing Innovation
Register Now