Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-04 12:00 PST
- Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models
The Hacker News • 2026-02-04 09:52 • thehackernews.com
Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems.
The tech giant’s AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while maintaining a low false positive
https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.html - CISA: VMware ESXi flaw now exploited in ransomware attacks
BleepingComputer • 2026-02-04 09:38 • www.bleepingcomputer.com
CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks. […]
https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/ - DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files
The Hacker News • 2026-02-04 09:24 • thehackernews.com
Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of “disciplined tradecraft and clever abuse of legitimate system features” to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT.
“The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory
https://thehackernews.com/2026/02/deadvax-malware-campaign-deploys.html - CISA warns of five-year-old GitLab flaw exploited in attacks
BleepingComputer • 2026-02-04 07:42 • www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. […]
https://www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/ - The Double-Edged Sword of Non-Human Identities
BleepingComputer • 2026-02-04 07:05 • www.bleepingcomputer.com
Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows how exposed machine credentials quietly grant attackers long-term access to enterprise systems. […]
https://www.bleepingcomputer.com/news/security/the-double-edged-sword-of-non-human-identities/ - EDR killer tool uses signed kernel driver from forensic software
BleepingComputer • 2026-02-04 06:17 • www.bleepingcomputer.com
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. […]
https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/ - China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
The Hacker News • 2026-02-04 06:09 • thehackernews.com
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.
Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,
https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
