Security News

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million malicious files and mapped 15.5 million adversarial actions observed across 2025, attackers are no longer optimizing for

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI's total funding close to $10 million. This marks a recognition from leading capital markets of a new solution: ending the era of high false positive rates in security tools and making every alert

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief Commercial Officer, Derek Curtis, said. "Prior to the breach, we had approximately 30 servers/VMs

Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data

The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday. "On January 29, the National Cyber Security Center (

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may

ISC Stormcast For Tuesday, February 10th, 2026 https://isc.sans.edu/podcastdetail/9802, (Tue, Feb 10th)

TransUnion's Real Networks Deal Focuses on Robocall Blocking

The acquisition allows the credit reporting agency to add SMS spam and scam prevention to its robocall blocking capabilities.

Warlock Gang Breaches SmarterTools Via SmarterMail Bugs

The ransomware group breached SmarterTools through a vulnerability in the company's own SmarterMail product.

OT Attacks Get Scary With 'Living-off-the-Plant' Techniques

Ironically, security by obscurity has helped prevent dangerous OT attacks in recent years. It won't be that way forever.

TeamPCP Turns Cloud Infrastructure into Crime Bots

The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces.

Black Basta Bundles BYOVD With Ransomware Payload

Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta's ransomware, illustrating the increasing popularity of the defense-evasion technique.

What Organizations Need to Change When Managing Printers

Ask the Expert: Organizations need to close the ownership vacuum, establish durable security controls, and ensure printers are protected as rigorously as other endpoints.

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, and

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even

ISC Stormcast For Monday, February 9th, 2026 https://isc.sans.edu/podcastdetail/9800, (Mon, Feb 9th)

Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)

Malicious RTF (Rich Text Format) documents are back in the news with the exploitation of CVE-2026-21509 by APT28.

YARA-X 1.13.0 Release, (Mon, Feb 9th)

YARA-X&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s 1.13.0 release brings 4 improvements and 4 bugfixes.

How Top CISOs Solve Burnout and Speed up MTTR without Extra Hiring

Why do SOC teams keep burning out and missing SLAs even after spending big on security tools? Routine triage piles up, senior specialists get dragged into basic validation, and MTTR climbs, while stealthy threats still find room to slip through. Top CISOs have realized the solution isn’t hiring more people or stacking yet another tool onto the workflow, but giving their teams faster, clearer

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is known to be active since at least 2023, orchestrating spear-phishing attacks against manufacturing, finance, and IT