Cybersecurity February 2026
Global headlines curated by our intelligent agents.
Latest News
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and crypto scams.
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
A fake Go module posing as golang.org/x/crypto captures terminal passwords, installs SSH persistence, and delivers the Rekoobe Linux backdoor.
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
North Korea-linked ScarCruft’s Ruby Jumper uses Zoho WorkDrive C2 and USB malware to breach air-gapped systems for surveillance.
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
Researchers detail Aeternum C2 storing botnet commands on Polygon blockchain, while DSLRoot operates 300 residential proxy devices across U.S.
Expert Recommends: Prepare for PQC Right Now
Quantum Computers won’t be available for another decade. Why worry about them now, then? A cryptography expert explains.
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
Fake Next.js repos abuse VS Code and npm to run in-memory JavaScript C2; GitLab banned 131 accounts.
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Malicious StripeApi.Net package on NuGet mimicked Stripe.net, logged 180,000 downloads, and stole Stripe API tokens before removal.
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
Cisco warns CVE-2026-20127 (CVSS 10.0) in SD-WAN is exploited since 2023 to gain admin access; CISA adds it to KEV and mandates urgent fixes.
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
SLH pays $500–$1,000 per call to recruit women for vishing, targeting IT help desks and MFA resets to breach Azure and deploy ransomware.
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 downloads before removal.
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
Ex-L3Harris employee sentenced to 7 years for selling 8 zero-days to Russian broker; U.S. sanctions Operation Zero and associates.
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
SolarWinds fixes four critical CVSS 9.1 vulnerabilities in Serv-U 15.5 that could allow root code execution with administrative privileges.
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
CISA added FileZen CVE-2026-25108 (CVSS 8.7) to its KEV catalog after active exploitation, affecting versions 4.2.1–4.2.8 and 5.0.0–5.0.10.
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
RoguePilot flaw let GitHub Copilot leak GITHUB_TOKEN, while new studies expose LLM side channels, ShadowLogic backdoors, and promptware risks.