Latest Internet & Cybersecurity News
Microsoft February 2026 Patch Tuesday Addresses 54 Vulnerabilities Including Six Zero-Days
Microsoft released patches for 54 vulnerabilities on February 10, 2026, including six zero-days actively exploited, such as CVE-2026-21510 (security feature bypass) and CVE-2026-21533 (Windows RDP privilege escalation). CISA added these to its KEV catalog, urging immediate patching especially for RDP-exposed servers.
Reports vary slightly on total CVEs patched, up to 61.
SolarWinds Web Help Desk Flaw CVE-2025-40551 Actively Exploited for RCE
A critical unauthenticated RCE vulnerability in SolarWinds WHD (CVE-2025-40551) is under active exploitation, added to CISA's KEV catalog. Attackers use vishing and smishing to gain initial access, then legitimate RMM tools for execution.
Targets include government and tech sectors with focus on domain controllers and cloud providers.
Muddled Libra Ransomware Campaign Evolves with Living-off-the-Land Tactics
Muddled Libra shifted to ransomware affiliates, using vishing/smishing and RMM tools to bypass EDR, targeting aviation, retail, and telcos. Group compromises domain controllers, VMware vSphere, AWS, and Azure.
Minimizes malware use, exploiting human psychology for faster attacks.
RenEngine Campaign Deploys Stealers via Cracked Games to 400,000 Victims
Since March 2025, RenEngine loader in cracked games delivers HijackLoader, Lumma, and ACR Stealer, stealing credentials and crypto wallets globally. Multi-stage chain affects over 400,000 victims.
Uses public IRC for C2 on compromised Linux systems.
FIRST Forecasts Over 50,000 CVEs in 2026, Potentially Up to 117,000
Cyber group FIRST predicts 59,000 median CVEs in 2026, surpassing 50,000 for first time, with 90% confidence up to 117,673. Surge driven by broader software coverage and open-source components.
Three-year outlook shows sustained high volumes to 53,000+ in 2028.
Coinbase Cartel Ransomware Group Claims 60+ Victims with Data Theft Focus
Emerging since September 2025, Coinbase Cartel prioritizes data exfiltration over encryption, claiming over 60 victims. Operations avoid system disruption to maximize extortion leverage.
Part of surging data-theft ransomware trend.
Intel 471: Extortion Breaches Surged 63% in 2025 to 6,800, Qilin Leads 2026
Extortion attacks rose 63% in 2025, peaking at 800+ breaches monthly from CLOP and Qilin campaigns. Qilin dominates with 18% of victims, advancing coercion via data audits; expected top threat in 2026.
Supply chain hits include Cleo Harmony and Oracle EBS.
Global Cyber Attacks Rise in January 2026 with Ransomware and GenAI Risks
Check Point reports increased global attacks in January 2026, driven by ransomware surge and GenAI data exposure expansion. Ransomware activity notably up amid broader threat landscape.
Highlights need for enhanced defenses against evolving tactics.
CISA Issues OT Security Guidance for Secure Communications in Critical Infrastructure
CISA advises phased adoption of signing, logging, and encryption for OT to counter MITM and unauthorized updates, addressing cost and complexity barriers. Prioritize northbound traffic; start with signing before full enforcement.
Targets integrity of OT data in critical sectors.
LTX Stealer Targets Windows via Obfuscated Installers with Cloud Backend
New Node.js-based LTX Stealer harvests Chromium browser credentials and crypto data from Windows, using Supabase and Cloudflare for C2. Distributed via obfuscated Inno Setup installers in large-scale campaign.
Focuses on credential and artifact exfiltration.
Ransomware Remains Top AI Threat in 2026 with $74 Billion Projected Costs
Cybersecurity Ventures lists ransomware among top 10 AI threats for 2026, predicting costs rise 30% to $74B from $57B in 2025. AI enables malware, prompt injection, and evolved extortion beyond encryption.
Includes agentic AI and human-targeted attacks.
Pwn2Own Automotive Uncovers 76 Zero-Days in Vehicles and Chargers
Third annual Pwn2Own Automotive in Tokyo revealed 76 zero-days in Tesla IVI, EV chargers like Alpitronic, and Automotive Grade Linux. Top teams earned up to $215,000; highlights automotive cyber risks.
Vulnerabilities in in-vehicle systems and OS.