Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-04 07:00 PST
- EDR killer tool uses signed kernel driver from forensic software
BleepingComputer • 2026-02-04 06:17 • www.bleepingcomputer.com
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. […]
https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/ - China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
The Hacker News • 2026-02-04 06:09 • thehackernews.com
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.
Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,
https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html - New Amaranth Dragon cyberespionage group exploits WinRAR flaw
BleepingComputer • 2026-02-04 06:00 • www.bleepingcomputer.com
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. […]
https://www.bleepingcomputer.com/news/security/new-amaranth-dragon-cyberespionage-group-exploits-winrar-flaw/ - Microsoft rolls out native Sysmon monitoring in Windows 11
BleepingComputer • 2026-02-04 04:58 • www.bleepingcomputer.com
Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-native-windows-11-sysmon-security-monitoring/ - US Declassifies Information on JUMPSEAT Spy Satellites
Schneier on Security • 2026-02-04 04:02 • www.schneier.comThe US National Reconnaissance Office has declassified information about a fleet of spy satellites operating between 1971 and 2006.
I’m actually impressed to see a declassification only two decades after decommission.
- Orchid Security Introduces Continuous Identity Observability for Enterprise Applications
The Hacker News • 2026-02-04 03:58 • thehackernews.com
An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls.
The Challenge: Identity Lives Outside the Identity Stack
Identity and access management tools were built to govern users and directories.
Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication
https://thehackernews.com/2026/02/orchid-security-introduces-continuous.html - Owner of Incognito dark web drugs market gets 30 years in prison
BleepingComputer • 2026-02-04 03:24 • www.bleepingcomputer.com
A Taiwanese man was sentenced to 30 years in prison for operating Incognito Market, one of the world’s largest online narcotics marketplaces that sold over $105 million worth of illegal drugs to customers worldwide. […]
https://www.bleepingcomputer.com/news/security/taiwanese-man-gets-30-years-for-operating-dark-web-drug-market/ - The First 90 Seconds: How Early Decisions Shape Incident Response Investigations
The Hacker News • 2026-02-04 02:00 • thehackernews.com
Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete.
I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The
https://thehackernews.com/2026/02/the-first-90-seconds-how-early.html - Malicious Script Delivering More Maliciousness, (Wed, Feb 4th)
SANS ISC Diary (full) • 2026-02-04 01:34 • isc.sans.eduToday, I received an interesting email with a malicious attachment. When I had a look at the automatic scan results, it seemed to be a malicious script to create a Chrome Injector to steal data. Because InfoStealers are very common these days, it looked “legit†but there was something different. The .bat file looks to be a fork of the one found in many GitHub repositories[1].
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
