The Hacker News

🛠️📊🔍 Most incident response failures start in the first moments. Early responder decisions on evidence and scope shape the case. That window repeats as scope expands. Isolating systems too fast can hide real intrusion patterns. 🔗 Inside the first 90 seconds → https://thehackernews.com/2026/02/the-first-90-seconds-how-early.html

🛡️ Mid-market firms aren’t under-secured. IBM finds 83 security tools on average, and complexity is the real blocker. The gaps come from unused EDR, alert overload, and weak prevention—not missing tools. 🔗 Simplifying security across the full threat lifecycle → https://thehackernews.com/expert-insights/2026/02/how-to-secure-your-mid-market-business.html

🛑 Microsoft warns infostealers are expanding from Windows to macOS. Since late 2025, malvertising (Google Ads) and ClickFix lures have delivered fake DMG installers. Python-based stealers abuse native macOS tools + AppleScript to extract creds, cookies, and iCloud Keychain data. 🔗 Attack chain and theft capabilities → https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html

🔒 Eclipse Foundation will add pre-publish security checks to the Open VSX extension registry. This shifts enforcement from post-report cleanup to blocking risky uploads before release, targeting impersonation, leaked secrets, and known malicious patterns. 🔗 Details → https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html

🚨 SolarWinds Web Help Desk flaw added to CISA KEV • CVE-2025-40551 (CVSS 9.8): unauthenticated RCE via deserialization • Fixed in WHD v2026.1 • Federal agencies must patch by February 6 🔗 Read → https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html

⚠️ A critical flaw in Docker’s Ask Gordon AI let container metadata execute real commands. A single malicious Docker LABEL could pass through the MCP gateway and run tools with user privileges. Fixed in version 4.50.0. 🔗 DockerDash details → https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html

📢 WEBINAR ALERT → Adding tools hasn’t made SOCs calmer or faster. It’s mostly added noise. In this session, two SOC operators walk through practical build vs buy decisions, real models, and a customer case study you can reuse. 🔗 Join to Watch: https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html

🚨 Researchers detect active exploitation of a critical React Native CLI flaw. CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers, with attacks deploying PowerShell and a Rust payload. 🔗 Read → https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html

Want to enhance your cyber resilience with strategies and insights from industry leaders? Sign up for Infosec Compliance Now and earn up to 4 free CPE credits! This virtual event will explore: ✔️ Structuring AI governance programs ✔️ Establishing continuous control monitoring ✔️ Navigating the current cyber risk landscape Register Now → https://thn.news/cyber-risk-summit

🔐 Major cloud outages didn’t just break apps—they broke access. When shared cloud services fail, identity systems fail too, even if the IdP is running. Authentication depends on databases, DNS, and control planes. 🔗 How cloud outages cascade into identity failures → https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html

🛡️ Russia-linked APT28 exploited a newly disclosed Microsoft Office flaw within days of disclosure. CVE-2026-21509 was used via malicious RTF files, with geo-fenced delivery targeting Ukraine, Slovakia, and Romania. 🔗 Read → https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html

🕸️ Exposed C2 server showed a complete BYOB botnet in the open 🧠 Droppers, loaders, and RATs for Windows, Linux, and macOS were publicly accessible, revealing a multi-stage chain for evasion, persistence, and control. Crypto miners were also hosted. 🔗 Read → https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#:~:text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure