The Hacker News

🕵️‍♂️⚠️ Ransomware Persists — But Encryption Is No Longer the Main Signal of Attack! Picus reviewed 1.1M malware samples and found a shift toward stealth access over disruption. Encryption attacks fell 38% YoY as extortion moves to data theft and credential abuse. 🔗 Explore the full stealth-attack dataset → https://thehackernews.com/2026/02/from-ransomware-to-residency-inside.html

Earn and learn at Infosec Compliance Now 2026! Registration for the 6th annual Infosec Compliance Now virtual event is live! Attend and earn up to 4 free CPE credits while learning about AI-powered GRC, cyber resilience, continuous control monitoring using automation, and more. Register Now ➜ https://thn.news/infosec-risk-summit

⚠️🛠️ Warlock ransomware breached SmarterTools via unpatched SmarterMail VM. Attackers entered Jan 29, moved laterally, seized Active Directory, and staged Velociraptor pre-encryption. ~12 servers and a QC data center were hit; core apps and customer data stayed unaffected. 🔗 See exploited CVEs → https://thehackernews.com/2026/02/warlock-ransomware-breaches.html

Three practical questions security teams should answer before selecting an SSE platform: ⚙️ Deployment complexity 👁️ In-session visibility 🛡️ Real session risk coverage 🔗 Framework, tradeoffs, rollout risks → https://thehackernews.com/expert-insights/2026/02/3-questions-to-ask-before-your-next-sse.html

🚨 Ivanti EPMM Zero-Day Exploits Breach Dutch Regulators, Linked to Wider 🇪🇺 EU Government Intrusions. Attackers exploited CVSS 9.8 unauthenticated RCE flaws to access employee work contact data. Related activity also impacted the European Commission and Finland’s Valtori systems. 🔗 Details → https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html

🚨🛡️ Fortinet Fixes Critical FortiClientEMS RCE (CVE-2026-21643, CVSS 9.1). SQL injection flaw enables unauthenticated remote command execution via crafted requests. Affects EMS 7.4.4 (patch available). Separate FortiCloud SSO bug is actively exploited for admin persistence and firewall config theft. 🔗 See affected versions and patch guidance → https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html

⚠️ Singapore’s cyber agency says China-linked UNC3886 targeted all four national telecom operators. Attackers used a firewall zero-day and rootkits to access parts of critical systems. Espionage activity was contained. No service disruption or customer data theft found. 🔗 Read → https://thehackernews.com/2026/02/china-linked-unc3886-targets-singapore.html

🚨 Microsoft traced a multi-stage intrusion to exposed SolarWinds Web Help Desk servers. Attackers used unauthenticated RCE, moved laterally, and abused legit RMM tools for persistence — plus credential dumping and DCSync. 🔗 Tradecraft, CVEs, and lateral movement chain → https://thehackernews.com/2026/02/solarwinds-web-help-desk-exploited-for.html

⚠️ AI tools, supply chains, and trusted platforms are now attack paths. Malicious AI skills, Signal phishing, Docker AI RCE, update hijacks — plus a record 31.4 Tbps DDoS. All in one week. 🔎 Read the full recap here: https://thehackernews.com/2026/02/weekly-recap-ai-skill-malware-31tbps.html

🧪⚡ SOC teams aren’t failing on tools — they’re overloaded by triage. Constant validation loops are fueling burnout and SLA drift. CISOs are moving to sandbox-first workflows, exposing live behavior early and reducing escalations, MTTR, and senior drag. 🔗 How evidence replaces guesswork → https://thehackernews.com/2026/02/how-top-cisos-solve-burnout-and-speed.html

🛠️ Bloody Wolf tied to a spear-phishing campaign deploying NetSupport RAT across Central Asia and Russia. ~60 victims across government, finance, manufacturing. Malicious PDFs drop loaders that persist via scripts + scheduled tasks. 🔗 Details → https://thehackernews.com/2026/02/bloody-wolf-targets-uzbekistan-russia.html

🛑 Cloud worm malware campaign is systematically taking over cloud infrastructure. TeamPCP exploits exposed Docker, Kubernetes, Redis, and React2Shell to mass-deploy proxies, scanners, crypto miners & ransomware across compromised clusters. 🔗 Read → https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html