The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking.

Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users.

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity.

Dans un article publié le 18 février 2026, le média britannique The Register revient sur l'exaspération de nombreux modérateurs open source confrontés au fait de devoir vérifier et corriger des demandes de modification de code boostées par IA. Une gronde qui pousse bon nombre de projets à adopter des mesures de

Citizen Lab and Amnesty link Cellebrite extractions and Predator spyware to surveillance of activists and journalists.

This breach now appears far more serious. The leaked data includes rich personal and financial details that phishers could use.

Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns.

Roughly a third of attacks now use stolen credentials, according to the company’s latest report.

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to ransomware activity.

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.

Former federal elections expert Ryan Macias testifies that the FBI’s Fulton County raid was based on "baseless" claims and "gross mischaracterizations" of the 2020 election process.

A report from Palo Alto Networks finds hackers are increasingly using stolen identities and exploiting critical vulnerabilities within minutes of disclosure.

We built a pure Go YARA engine that's 6.8x faster for text-based scanning, with no C dependencies. It now processes over 57,000 scans per day in production, ...

Four popular VS Code extensions with 125M+ installs have flaws that could let hackers steal files and run code remotely.

Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company.

Posts about macOS malware, exploits, and tools

Explore how AI accelerates token sprawl, why legacy IAM struggles, and practical steps to shrink non-human identity risk.

This week in cybersecurity from the editors at Cybercrime Magazine

Posts about macOS malware, exploits, and tools

Cybersecurity in 2026 shifts to AI defense, Zero Trust identity, lifecycle security, and post-quantum crypto readiness.

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.

A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024.

Phishers are using fake Google Forms pages hosted on lookalike domains to trick job seekers into handing over their Google credentials.

A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing.

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.

The title of the post is”What AI Security Research Looks Like When It Works,” and I agree: In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the ...