Information security

Information security

"BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company said in an advisory released February 6, 2026. "By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user." The vulnerability, categorized as an operating system command injection, has been assigned the CVE identifier CVE-2026-1731.

The KEV list is useful but largely misunderstood. KEVology explains what it is, and how best to use it. CISA's KEV Catalog, more commonly known as the KEV list, emerged with the issue of BOD 22-01 in November 2021. This catalog, currently a list of just over 1,500 vulnerabilities known to have been exploited in the wild, suggests a high value prioritization source for vulnerability remediation within industry.

Meanwhile, the actual threat landscape evolved in an entirely different direction. Today's attackers aren't sitting at keyboards manually typing password guesses. They're running offline brute force attacks with dedicated GPU rigs that can attempt 100 billion passwords per second against hashing algorithms like MD5 or SHA-1. At that speed, your clever substitution of "@" for "a" buys you microseconds of additional security.

Cloudflare says DDoS crews ended 2025 by pushing traffic floods to new extremes, while Britain made an unwelcome leap of 36 places to become the world's sixth-most targeted location. The Q4 stats confirm it was a lively year for traffic floods, with Cloudflare claiming it had to swat away 47.1 million DDoS attacks, more than double 2024's count. Momentum picked up toward the end of the year, as Q4 volumes jumped 31 percent from the prior quarter and 58 percent over 2024.

After a recent release of files related to Jeffrey Epstein exposed victim information, credentials and other sensitive data, new reports suggest the Department of Justice (DOJ) did not adequately redact all files, as select blacked-out documents contain raw email data. This discovery was made by Mahmoud Al-Qudsi, Founder of NeoSmart Technologies, a private software research and development firm. Al-Qudsi detailed his findings in a blog post, stating he'd come across it by accident.

The common denominator of advanced attacks revolves around ever more difficult detection. Although Endpoint Detection & Response (EDR) can pick up multiple signals, the browser remains a blind spot. Zscaler has also come to this conclusion and has acquired SquareX to keep an eye on browser usage via a lightweight extension. In doing so, Zscaler is following the same philosophy as CrowdStrike: acquire a promising Browser Detection & Response (BDR) player to expand its own portfolio.

According to a report from the company's Frontier Red Team, during testing, Opus 4.6 identified over 500 previously unknown zero-day vulnerabilities-flaws that are unknown to people who wrote the software, or the party responsible for patching or fixing it-across open-source software libraries. Notably, the model was not explicitly told to search for the security flaws, but rather it detected and flagged the issues on its own.

Sysmon has long been part of Microsoft's Sysinternals toolkit, widely used by security teams to track detailed system activity and spot suspicious behavior. Until now, it had to be downloaded and installed separately. With this update, Sysmon is becoming a built-in Windows feature. "Windows now brings Sysmon functionality natively to Windows," the company wrote. "Sysmon functionality allows you to capture system events that can help with threat detection, and you can use custom configuration files to filter the events you want to monitor."

Building security into the framework of an organization prevents security from being seen as a barrier to daily activities. If an employee feels as if a security measure is inhibiting them from completing their daily tasks, they're far more likely to find a way around that measure. This can range from propping open a door to using the same easy-to-remember password for every account.

LinkedIn has redesigned its static application security testing pipeline (SAST) to provide consistent, enforceable code scanning across a GitHub-based, multi-repository development environment. The initiative was a result of the company's shift-left strategy by delivering fast, reliable, and actionable security feedback directly in pull requests, strengthening the security of LinkedIn's code and infrastructure and helping protect members and customers.

Between 2020 and 2021, Svara would advertise on internet forums, including Reddit, that he could "get into girls snap accounts" for others and provide content "for you or trade," prosecutors said. Using personal information, he would try to gain access to women's Snapchat accounts before posing as a representative of Snap Inc. to obtain security codes sent to the women. He texted more than 4,500 women for the codes, which approximately 570 women provided, prosecutors said.

According to former burglar turned security consultant Michael Fraser, who spent years breaking into homes before turning his life around, these seemingly innocent habits are exactly what professionals look for. "Most people have no idea they're broadcasting an empty house," he told me during a recent interview. "They think they're being careful, but they're actually creating a roadmap." After speaking with several security experts and reformed burglars, I discovered that the things we do without thinking often create the perfect opportunity for break-ins.

Strategy's ($MSTR) Executive Chairman Michael Saylor said on the company's fourth-quarter 2025 earnings call that Strategy will initiate a Bitcoin Security Program. The effort is meant to coordinate with the global cyber, crypto, and Bitcoin security community. In the call, Saylor framed quantum computing as a long-term engineering challenge rather than an immediate danger. He said the technology is likely more than a decade away from posing a serious risk to Bitcoin's cryptography.

This week didn't produce one big headline. It produced many small signals - the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That's the point. Entry is becoming less visible while impact scales later.

Datadog Security Labs said it observed threat actors associated with the recent React2Shell ( CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX configurations to pull off the attack. "The malicious configuration intercepts legitimate web traffic between users and websites and routes it through attacker-controlled backend servers," security researcher Ryan Simon said. "The campaign targets Asian TLDs (.in, .id, .pe, .bd, .th), Chinese hosting infrastructure (Baota Panel), and government and educational TLDs (.edu, .gov)."

Google has released a Chrome security update addressing two high-severity vulnerabilities that could allow attackers to execute arbitrary code or cause browser crashes. The issues affect core browser components and may be triggered when users visit specially crafted websites. One of the vulnerabilities, CVE-2026-1861, allows "... a remote attacker to potentially exploit heap corruption via a crafted HTML page," NIST said in its reporting.

It allows developers to test code, review pull requests, and more, but also exposes them to attacks via repository-defined configuration files, Orca says. "Codespaces is essentially VS Code running in the cloud, backed by Ubuntu containers, with built-in GitHub authentication and repository integration. This means any VS Code feature that touches execution, secrets, or extensions can potentially be abused when attackers control the repository content," the cybersecurity firm notes.

Security researchers at Sysdig warn that attackers can quickly take over AWS environments using large language models. Their latest analysis shows that AI is already being used to automate cloud attacks, accelerate them, and make them harder to detect. The Sysdig Threat Research Team bases these conclusions on an attack that began on November 28, 2025. In this case, an attacker gained initial access and escalated to full administrator rights within an AWS account in less than ten minutes.

Betterment, which offers automated investment and financial planning services, first disclosed the breach in January after detecting unauthorized access to certain internal systems on January 9. Betterment said the hacker gained entry through a social engineering scheme that relied on impersonation to infiltrate third-party marketing and operations tools, then used that access to send customers a fraudulent cryptocurrency promotion disguised as an official company message.

Before its debut, Anthropic's frontier red team tested Opus 4.6 in a sandboxed environment to see how well it could find bugs in open-source code. The team gave the Claude model everything it needed to do the job - access to Python and vulnerability analysis tools, including classic debuggers and fuzzers - but no specific instructions or specialized knowledge. Claude found more than 500 previously unknown zero-day vulnerabilities in open-source code using just its "out-of-the-box" capabilities,

The phone rings at 2:47 AM. Your heart pounds as you fumble for the receiver. "Grandma?" The voice is shaky, desperate. "I'm in trouble. I got arrested. Please don't tell Mom and Dad." The voice sounds just like your grandson. He uses the nickname only family knows. He remembers that trip you took together last summer. Everything about this call feels real because, in many ways, it is.

"I deeply apologize to all users affected by this hijacking," the author of a post published to the official notepad-plus-plus.org site wrote Monday. The post said that the attack began last June with an "infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org." The attackers, whom multiple investigators tied to the Chinese government, then selectively redirected certain targeted users to malicious update servers where they received backdoored updates.