RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

2026-02-24T18:52:00Z A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositor…

UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors

2026-02-24T09:54:00Z The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications comp…

APT28 Targeted European Entities Using Webhook-Based Macro Malware

2026-02-23T19:41:00Z The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targ…

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

February 23, 2026 at 11:29PM Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated…

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

February 23, 2026 at 06:30PM Security news rarely moves in a straight line. This week, it feels more like a series of sharp tur…

How Exposed Endpoints Increase Risk Across LLM Infrastructure

February 23, 2026 at 05:28PM As more organizations run their own Large Language Models (LLMs), they are also deploying more int…

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

February 23, 2026 at 03:50PM Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" su…

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

February 23, 2026 at 12:55PM The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) …

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

February 21, 2026 at 08:19PM A Russian-speaking, financially motivated threat actor has been observed taking advantage of comme…

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

February 21, 2026 at 10:00AM With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four ne…

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

February 21, 2026 at 12:51PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaw…

Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran

February 20, 2026 at 10:57AM Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly…