Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-17 07:00 PST
- What 5 Million Apps Revealed About Secrets in JavaScript
BleepingComputer • 2026-02-17 06:40 • www.bleepingcomputer.com
Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery – until now. Intruder’s research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here’s what we learned. […]
https://www.bleepingcomputer.com/news/security/what-5-million-apps-revealed-about-secrets-in-javascript/ - New Keenadu backdoor found in Android firmware, Google Play apps
BleepingComputer • 2026-02-17 06:05 • www.bleepingcomputer.com
A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. […]
https://www.bleepingcomputer.com/news/security/new-keenadu-backdoor-found-in-android-firmware-google-play-apps/ - SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
The Hacker News • 2026-02-17 04:42 • thehackernews.com
Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC.
“The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health data – and built a deceptive
https://thehackernews.com/2026/02/smartloader-attack-uses-trojanized-oura.html - Side-Channel Attacks Against LLMs
Schneier on Security • 2026-02-17 04:01 • www.schneier.comHere are three papers describing different side-channel attacks against LLMs.
“Remote Timing Attacks on Efficient Language Model Inference“:
Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristi…
https://www.schneier.com/blog/archives/2026/02/side-channel-attacks-against-llms.html - Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster
The Hacker News • 2026-02-17 03:59 • thehackernews.com
Cloud attacks move fast — faster than most incident response teams.
In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins.
Cloud forensics is fundamentally
https://thehackernews.com/2026/02/cloud-forensics-webinar-learn-how-ai.html - Poland arrests suspect linked to Phobos ransomware operation
BleepingComputer • 2026-02-17 03:31 • www.bleepingcomputer.com
Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. […]
https://www.bleepingcomputer.com/news/security/poland-arrests-suspect-linked-to-phobos-ransomware-operation/ - My Day Getting My Hands Dirty with an NDR System
The Hacker News • 2026-02-17 03:30 • thehackernews.com
My objectiveThe role of NDR in SOC workflowsStarting up the NDR systemHow AI complements the human responseWhat else did I try out?What could I see with NDR that I wouldn’t otherwise?Am I ready to be a network security analyst now?My objective
As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (
https://thehackernews.com/2026/02/my-day-getting-my-hands-dirty-with-ndr.html - Ireland now also investigating X over Grok-made sexual images
BleepingComputer • 2026-02-17 02:02 • www.bleepingcomputer.com
Ireland’s Data Protection Commission (DPC), the country’s data protection authority, has opened a formal investigation into X over the use of the platform’s Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children. […]
https://www.bleepingcomputer.com/news/security/ireland-now-also-investigating-x-over-grok-made-sexual-images/ - Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
The Hacker News • 2026-02-17 01:31 • thehackernews.com
New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the “Summarize with AI” button that’s being increasingly placed on websites in ways that mirror classic search engine poisoning (SEO).
The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech giant
https://thehackernews.com/2026/02/microsoft-finds-summarize-with-ai.html - Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
Securelist • 2026-02-17 01:00 • securelist.com
Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the world’s most prolific Android botnets.
https://securelist.com/keenadu-android-backdoor/118913/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
