Latest Internet & Cybersecurity News
Microsoft Patches 6 Actively Exploited Zero-Days in February 2026 Updates
Microsoft's February 2026 Patch Tuesday fixes 60 vulnerabilities, including six zero-days under active exploitation. Organizations urged to apply updates immediately to mitigate risks from ongoing attacks.
This release addresses critical flaws targeted by threat actors worldwide.
Cisco AsyncOS Email Gateway Faces Maximum-Severity RCE Exploited by China-Linked APT
CVE-2025-20393 (CVSS 10.0) in Cisco Secure Email Gateway exploited by UAT-9686 since late 2025 into February 2026. The remote code execution flaw affects AsyncOS-based appliances.
Administrators should patch vulnerable systems promptly.
European Commission Breached via Ivanti EPMM Zero-Days
Attackers exploited CVE-2026-1281 and CVE-2026-1340 in Ivanti EPMM, detected January 30, 2026, disclosed February 9. Data exfiltration occurred before detection by the European Commission.
Highlights risks to government mobile device management.
Open VSX Registry Supply-Chain Attack Poisons 49 VS Code Extensions
Hackers used stolen OVSX_PAT token to inject GlassWorm malware into extensions around January 30, 2026. Malware exfiltrates SSH keys, cloud credentials, and wallet data.
Users of Open VSX should update extensions and revoke tokens.
BreachForums XSS Flaw Leads to User Data Theft
Stored/reflected XSS on BreachForums exploited February 4, 2026, by attacker 'Nicotine'. Captured user data shared on darkweb channels.
Forum users advised to change credentials and enable 2FA.
CISA Warns US Infrastructure After Russian-Linked Attack on Poland Power Grid
Destructive cyberattack in December targeted Poland's renewable energy via vulnerable edge devices, linked to Static Tundra/Berserk Bear. CISA amplifies Polish CERT report, stressing OT/ICS risks.
Attack deployed wiper malware, disrupting control systems.
NCSC Alerts UK CNI Providers on Severe Cyber Threats Post-Poland Attacks
UK NCSC urges critical infrastructure to act against malware threats seen in Poland's energy sector. Follows December coordinated attacks on wind and solar farms.
Emphasizes immediate resilience measures.
International AI Safety Report 2026 Warns of AI-Enabled Cyberattacks
Report details GPAI aiding vulnerability discovery, code exploits, used by criminals and states. Highlights deepfakes for scams, fraud, but AI not yet fully autonomous in attacks.
Calls for balancing offensive and defensive AI innovations.
Bitsight Launches Dark Web Intelligence for Supply Chains
New tool provides real-time threat visibility into vendor breaches and targeting. AI maps darkweb signals to third-party exposures.
Addresses CEO concerns on supply chain resilience.
Citi Estimates $2-3.3 Trillion GDP Risk from Quantum Cyberattack on Fedwire
Quantum-enabled attack on US bank could disrupt payments, cascading to economy. 'Harvest now, decrypt later' threats already active on long-lived data.
Urges massive cryptography upgrade beyond Y2K scale.
Vectra AI Report Reveals Lagging Cyber Resilience Despite AI Investments
2026 State of Threat Detection shows security teams lack confidence in threat signals. Gap persists between investments and real-world response.
Calls for better visibility and outcomes proof.
ENISA International Strategy 2026 Boosts Global Cybersecurity Partnerships
Strategy aligns EU policy with partners, extends tools to Balkans, Ukraine, US. Focuses on capacity building, info sharing amid evolving threats.
Operationalizes EU Cybersecurity Reserve for associates.