Zeljka Zorz
Scammers exploit trust in Atlassian Jira to target organizations
Threat actors have leveraged legitimate email notification feature of Atlassian Jira to deliver localized scam emails at scale. The emails From late December 2025 through late …
Notepad++ secures update channel in wake of supply chain compromise
Notepad++, the popular text and source code editor for Windows whose update mechanism was hijacked last year, has been updated to prevent similar attacks in the future. …
Design weaknesses in major password managers enable vault attacks, researchers say
Can cloud-based password managers that claim “zero-knowledge encryption” keep users’ passwords safe even if their encrypted-vault servers are compromised? …
Firmware-level Android backdoor found on tablets from multiple manufacturers
A new Android backdoor embedded directly in device firmware can quietly take control of apps and harvest data, Kaspersky researchers found. The malware, named Keenadu, was …
OpenClaw creator Peter Steinberger joins OpenAI
Peter Steinberger, the Austrian software developer who vibe coded the popular OpenClaw autonomous AI agent, has joined OpenAI. “My next mission is to build an agent that …
Google patches Chrome vulnerability with in-the-wild exploit (CVE-2026-2441)
Google released a security update for Chrome to address a high-severity zero‑day vulnerability (CVE-2026-2441) on Friday. “Google is aware that an exploit for …
Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. …
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be …
Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)
Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the …
Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells
A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Shadowserver Foundation has …
Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026
Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. The “security feature …
Singapore telcos breached in China-linked cyber espionage campaign
Singapore’s four major telecommunications companies were hit by a coordinated cyber espionage campaign last year, the country’s Cyber Security Agency (CSA) has revealed. …
Featured news
Resources
Don't miss
- HR, recruiters targeted in year-long malware campaign
- Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
- Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming
- The people behind cyber extortion are often in their forties
- Fake Claude Code install pages highlight rise of “InstallFix” attacks