Latest Cybersecurity News and Articles
26 February 2026
TrendAI has fixed eight critical and high-severity issues in Windows and macOS endpoint security products.
The post Trend Micro Patches Critical Apex One Vulnerabilities appeared first on SecurityWeek.
26 February 2026
Already added to CISA’s KEV catalog, the flaw allows attackers to bypass authentication and gain administrative privileges.
The post Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers appeared first on SecurityWeek.
26 February 2026
The risks surrounding tax season are varied.
26 February 2026
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.
The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain
25 February 2026
Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries.
"This prolific, elusive actor has a long history of targeting international governments and global telecommunications organizations across Africa, Asia, and the Americas,"
25 February 2026
Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials.
"The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables – executing
25 February 2026
More than half (56%) of the 400,000 vulnerabilities IBM X-Force tracked in 2025 required no authentication before exploitation.
The post The Blast Radius Problem: Stolen Credentials are Weaponizing Agentic AI appeared first on SecurityWeek.
25 February 2026
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN, and full updating and hardening.
25 February 2026
The UNC2814 threat actor has been active since at least 2017, targeting organizations across 42 countries.
The post Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments appeared first on SecurityWeek.
25 February 2026
The four security defects could be exploited for remote code execution but require administrative privileges.
The post SolarWinds Patches Four Critical Serv-U Vulnerabilities appeared first on SecurityWeek.
25 February 2026
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks.
The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to
25 February 2026
Triage is supposed to make things simpler. In a lot of teams, it does the opposite.
When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up as missed SLAs, higher cost per case, and more room for real threats to slip through.
So where does triage go wrong? Here are five triage
25 February 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 25, 2026 – Listen to the podcast “CISO Confidential” is a new series on the Cybercrime Magazine Podcast, brought to our listeners by Doppel, a cybersecurity company on a mission to protect
The post CISO Confidential Launches On The Cybercrime Magazine Podcast appeared first on Cybercrime Magazine.
25 February 2026
UFP Technologies appears to have been targeted in a ransomware attack that involved data theft and file-encrypting malware.
The post Medical Device Maker UFP Technologies Hit by Cyberattack appeared first on SecurityWeek.
25 February 2026
Peter Williams was sentenced to 87 months in prison for selling cyber exploits to a Russian broker.
The post Ex-US Defense Contractor Executive Jailed for Selling Exploits to Russia appeared first on SecurityWeek.
25 February 2026
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data.
The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role assignments, and permission mappings, as well as manipulates authorization rules to create persistent backdoors in victim applications.
25 February 2026
Hackers claim to have stolen personally identifiable information and internal corporate data from the automotive firm.
The post Over 12 Million Users Impacted by CarGurus Data Breach appeared first on SecurityWeek.
25 February 2026
SecurityWeek’s M&A data indicates that today's market is more disciplined, and it seems to favor GRC, data protection, and identity.
The post SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025 appeared first on SecurityWeek.
25 February 2026
The high-end casino and hotel operator has admitted that employee data was stolen by ShinyHunters.
The post Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site appeared first on SecurityWeek.
25 February 2026
Why automating sensitive data transfers is now a mission-critical priority
More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This should alarm every defense and government leader because manual handling of sensitive data is not just inefficient, it is a systemic