Breaking News – Cyber Threats (last 6h)
Generated: 2026-02-23 07:00 PST
- Another day, another malicious JPEG, (Mon, Feb 23rd)
SANS ISC Diary (full) • 2026-02-23 06:26 • isc.sans.eduIn his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. At that point in time, I've not come across the malicious “MSI image†myself, but while I was going over malware samples that were caught by one of my customer's e-mail pr…
https://isc.sans.edu/diary/rss/32738 - ⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
The Hacker News • 2026-02-23 05:00 • thehackernews.com
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar.
Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools
https://thehackernews.com/2026/02/weekly-recap-double-tap-skimmers.html - On the Security of Password Managers
Schneier on Security • 2026-02-23 04:03 • www.schneier.comGood article on password managers that secretly have a backdoor.
New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely analyzed Bitwarden, Dashlane, and LastPass and identified ways that someone with control over the server—either administrative or the result …
https://www.schneier.com/blog/archives/2026/02/on-the-security-of-password-managers.html - How Exposed Endpoints Increase Risk Across LLM Infrastructure
The Hacker News • 2026-02-23 03:58 • thehackernews.com
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves and more from the infrastructure that serves, connects and automates the model. Each new LLM endpoint expands the attack surface, often in
https://thehackernews.com/2026/02/how-exposed-endpoints-increase-risk.html - CISA: Recently patched RoundCube flaws now exploited in attacks
BleepingComputer • 2026-02-23 03:44 • www.bleepingcomputer.com
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. […]
https://www.bleepingcomputer.com/news/security/cisa-recently-patched-roundcube-flaws-now-exploited-in-attacks/ - Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
The Hacker News • 2026-02-23 02:20 • thehackernews.com
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded
https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
