News
-
SmartLoader campaign trojanized Oura MCP server to deliver StealC infostealer
A SmartLoader campaign trojanized an Oura MCP server to deliver the StealC infostealer using fake GitHub accounts. The trojanized server remains listed on the MCP registry.
-
Developer beta adds end-to-end encryption for RCS in iOS and iPadOS 26.4
The iPhone maker released an iOS and iPadOS 26.4 developer beta that adds end-to-end encryption for RCS messages in testing, limited to the company’s devices, and includes Memory Integrity Enforcement and stolen device protections.
-
Washington Hotel discloses ransomware infection that exposed business data
Washington Hotel disclosed a February 13, 2026 ransomware attack that compromised servers and exposed business data. IT staff disconnected affected servers and outside experts were engaged. Customer records appear unlikely to be exposed, investigation continues.
-
Infostealer exfiltrates OpenClaw configuration, capturing tokens and keys
Researchers found an information stealer exfiltrated OpenClaw configuration files, including gateway tokens, device keys and the agent soul file. The analysis warns this enables remote access and may prompt specialized malware modules for AI agents.
-
Study finds cloud password managers vulnerable to server-side recovery attacks
A technical analysis by ETH Zurich and Universit della Svizzera italiana found that Bitwarden, LastPass, and Dashlane are vulnerable to server-side password recovery attacks, with researchers detailing multiple attack types and vendor mitigations.
-
CISA orders federal agencies to patch BeyondTrust flaw within three days
CISA ordered federal agencies to secure BeyondTrust Remote Support instances by February 16 after CVE-2026-1731 was added to its Known Exploited Vulnerabilities catalog. The flaw allows unauthenticated remote command execution and on-premises patches must be installed manually.
-
ZeroDayRAT spyware sold on Telegram enables live surveillance and financial theft on Android and iOS
A technical analysis by iVerify identified ZeroDayRAT, a commercial spyware platform sold on Telegram that targets Android and iOS. The malware enables live camera and microphone access, location tracking, account enumeration and clipboard wallet hijacking.
-
Google patches actively exploited Chrome zero-day CVE-2026-2441
Google released Chrome updates to fix CVE-2026-2441, a high severity use after free bug in CSS that is being exploited in the wild. Users should update Chrome to the patched versions to reduce risk.
-
In-the-wild exploitation observed for critical BeyondTrust RCE CVE-2026-1731
Researchers observed overnight exploitation attempts for CVE-2026-1731 targeting BeyondTrust Remote Support and Privileged Remote Access. The flaw is rated CVSS 9.9. Patches are available for affected versions and administrators should apply updates immediately.
-
Odido cyberattack exposes personal data of 6.2 million customers
A Dutch telecom provider detected a cyberattack that exposed personal data for about 6.2 million customers. The provider blocked access, notified the data regulator, and is emailing affected customers with details.
