The Hacker News

⚡ Android 17 beta blocks cleartext traffic by default. Apps targeting 17+ must define a Network Security Configuration; usesCleartextTraffic="true" alone won’t allow HTTP. Google also adds HPKE hybrid cryptography for stronger app communications. 🔗 Read → https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html#privacy-model-hardening

🚨 A financially driven actor breached 600+ FortiGate devices across 55 countries using commercial AI. No zero-days. They scanned exposed management ports, brute-forced weak logins, accessed VPNs, ran DCSync in AD, and targeted Veeam backups. 🔗 Details here → https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html

Generative AI traffic is up 890%, and 87% of organizations report AI-driven attacks. EC-Council has launched four AI certifications plus Certified CISO v4 to help teams handle adoption, security, and governance as AI risk grows. 🔗 Framework and certification details → https://thehackernews.com/2026/02/ec-council-expands-ai-certification.html

🔥 Anthropic is rolling out Claude Code Security, an AI tool that scans full codebases and suggests patches. In limited preview for Enterprise and Team users, it analyzes code like a human, traces data flows, and reduces false positives in a review dashboard. All fixes require human approval. 🔗 Learn how it works → https://thehackernews.com/2026/02/anthropic-launches-claude-code-security.html

⚠️ A 9.9-rated Roundcube RCE flaw is now on CISA’s KEV list after confirmed active exploitation. Researchers say attackers diffed and weaponized the bug within 48 hours. An exploit was reportedly offered for sale in June 2025. The issue lived in the code for more than 10 years. A second XSS flaw is also being abused. 🔗 Read → https://thehackernews.com/2026/02/cisa-adds-two-actively-exploited.html

⚠️ WARNING: Cline CLI was silently altered for 8 hours after a stolen npm token was used to publish v2.3.0 with a hidden postinstall script that installed OpenClaw. Roughly 4,000 downloads occurred before the release was pulled & the token revoked. 🔗 Read → https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html

MIMICRAT, a new RAT, is spreading via compromised legitimate sites. Hijacked services displayed fake Cloudflare checks, pushing a PowerShell command that disables logging and AV, then connects over HTTPS masked as analytics traffic. 🔗 Loader stages and 22-command toolkit → https://thehackernews.com/2026/02/clickfix-campaign-abuses-compromised.html

🛡️ One in three cyber-attacks starts with a compromised employee account, pushing insurers to 🔐 audit passwords, admin access, and full MFA enforcement. Coverage now depends on proving identity risk is tightly controlled. 🔗 Why MFA gaps can cost millions → https://thehackernews.com/2026/02/identity-cyber-scores-new-metric.html

A 29-year-old Ukrainian was sentenced to prison for aiding North Korea’s IT job fraud scheme. He admitted selling stolen U.S. identities through a site seized in 2024, helping overseas workers secure jobs. 🔗 Details → https://thehackernews.com/2026/02/ukrainian-national-sentenced-to-5-years.html

The FBI warns ATM “jackpotting” caused over $20M in losses in 2025. Since 2020, 1,900 incidents have been reported, including 700 last year. Attackers use #malware like Ploutus to bypass bank authorization via the XFS layer & trigger rapid cash-outs. 🔗 Read → https://thehackernews.com/2026/02/fbi-reports-1900-atm-jackpotting.html

Three former tech employees were indicted for allegedly stealing Google trade secrets and transferring them to Iran. Prosecutors say the data involved Pixel Tensor processor security and cryptography. Files were copied, photographed, and concealed. 🔗 Details → https://thehackernews.com/2026/02/three-former-google-engineers-indicted.html

This week’s ThreatsDay recap starts with core platform risk. 🔓 OpenSSL RCE flaws 📄 Foxit PDF exploits 🤖 Copilot DLP bypass 📬 Enterprise email exposure 🛠 Patches issued 🧪 ClickFix macOS hits 📦 Loaders → RATs/ransomware 🌐 Typosquat delivery chains 🏭 119 groups hit OT/ICS 🔗 Supply-chain entry tactics 🔑 LLM-made passwords 📊 Weak randomness patterns 🎯 Predictable outputs 🛡 Security workflow risk 🔗 Complete recap → https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html