Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-11 07:00 PST
- Rewiring Democracy Ebook is on Sale
Schneier on Security • 2026-02-11 06:48 • www.schneier.comI just noticed that the ebook version of Rewriring Democracy is on sale for $5 on Amazon, Apple Books, Barnes & Noble, Books A Million, https://www.schneier.com/blog/archives/2026/02/rewiring-democracy-ebook-is-on-sale.html
- The game is over: when “free” comes at too high a price. What we know about RenEngine
Securelist • 2026-02-11 06:00 • securelist.com
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.
https://securelist.com/renengine-campaign-with-hijackloader-lumma-and-acr-stealer/118891/ - WSL in the Malware Ecosystem, (Wed, Feb 11th)
SANS ISC Diary (full) • 2026-02-11 05:28 • isc.sans.eduWSL or “Windows Subsystem Linuxâ€[1] is a feature in the Microsoft Windows ecosystem that allows users to run a real Linux environment directly inside Windows without needing a traditional virtual machine or dual boot setup. The latest version, WSL2, runs a lightweight virtualized Linux kernel for better compatibility and performance, making it especially useful for development, DevOps, and cybersecurity workflows where Linux tooling is essential but Windows remains the primary op…
https://isc.sans.edu/diary/rss/32704 - Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms
The Hacker News • 2026-02-11 05:28 • thehackernews.com
It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services.
Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition.
Elsewhere
https://thehackernews.com/2026/02/over-60-software-vendors-issue-security.html - Prompt Injection Via Road Signs
Schneier on Security • 2026-02-11 04:03 • www.schneier.comInteresting research: “CHAI: Command Hijacking Against Embodied AI.”
Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. These capabilities, however, also create new security risks. In this paper, we introduce CHAI (Command Hijacking against embodied AI), a new class of prompt-based…
https://www.schneier.com/blog/archives/2026/02/prompt-injection-via-road-signs.html - Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
The Hacker News • 2026-02-11 03:30 • thehackernews.com
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments.
The issue is not the applications themselves, but how they are often
https://thehackernews.com/2026/02/exposed-training-open-door-for-crypto.html - Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days
The Hacker News • 2026-02-11 02:22 • thehackernews.com
Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild.
Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code
https://thehackernews.com/2026/02/microsoft-patches-59-vulnerabilities.html - Spam and phishing in 2025
Securelist • 2026-02-11 02:00 • securelist.com
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.
https://securelist.com/spam-and-phishing-report-2025/118785/ - SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits
The Hacker News • 2026-02-11 01:56 • thehackernews.com
Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes.
“The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of
https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
