Latest Internet & Cybersecurity News
Hackers Exploit BeyondTrust RCE Vulnerability CVE-2026-1731
A critical remote code execution flaw in BeyondTrust’s Remote Support and Privileged Remote Access solutions is under active exploitation. BeyondTrust urges self-hosted customers to apply patches immediately. Microsoft also addressed over 50 vulnerabilities in February 2026 Patch Tuesday, including six zero-days.
Ransomware Breaches SmarterTools via Fixed Vulnerability
A ransomware group exploited a recently patched vulnerability in SmarterMail to breach SmarterTools systems. The specific flaw was not disclosed, but it enabled unauthorized access. This highlights risks of delayed patching in email server alternatives.
Singapore Telcos Hit by China-Linked UNC3886 Espionage
Singapore’s major telcos—M1, SIMBA, Singtel, StarHub—faced deep network probes by APT group UNC3886 in a cyber espionage campaign last year. The Cyber Security Agency mounted a large defense operation. Breaches underscore state-sponsored threats to telecom infrastructure.
Ivanti EPMM CVE-2026-1281 Sees Massive Exploitation with Sleeper Webshells
Exploitation of critical pre-auth Ivanti EPMM flaw CVE-2026-1281 includes automated scans and 'sleeper' webshells by initial access brokers. One threat actor conducted most attacks. Researchers from Greynoise and Defused warn of follow-on threats.
Microsoft Patches Windows Notepad RCE Vulnerability CVE-2026-20841
February 2026 Patch Tuesday fixed CVE-2026-20841, a command injection flaw in Notepad enabling remote code execution via Markdown features. Attackers could exploit it on Windows systems. Over 50 holes were plugged, including exploited zero-days.
Fortinet Releases Fixes for High-Severity FortiSandbox and FortiOS Flaws
Fortinet patched CVE-2025-52436 (XSS in FortiSandbox) allowing arbitrary command execution and CVE-2026-22153 (auth bypass in FortiOS). Unaffected users should update immediately. Singapore CSA issued high-severity alert on February 16.
Google Patches Actively Exploited Chrome Zero-Day CVE-2026-2441
Google issued its first 2026 Chrome update for high-severity 'use-after-free' CSS flaw CVE-2026-2441, exploited in the wild. Researcher Shaheen Fazim reported it; exploits confirmed. Users must update to prevent heap corruption via malicious sites.
Odido Telco Breach Exposes Millions of Dutch Customers' Data
Netherlands' largest mobile operator Odido suffered a breach in its customer contact system, potentially affecting 6.2 million users. Stolen data includes names, addresses, emails, IBANs, birth dates, and IDs—no passwords or billing info. Company engaged experts for mitigation.
Attackers Leverage AI for Open-Source Data Scraping and Victim Conversations
Threat actors use AI to autonomously gather open-source intelligence and conduct live phishing scams without human input. This reduces barriers for low-skill attackers. Trend ties into broader AI warfare integration concerns.
Organizations Face 1,968 Cyber Attacks Weekly, Up 18% YoY
2025 saw average 1,968 attacks per organization weekly, 18% increase YoY and 70% since 2023, with ClickFix tactics surging 500%. Ransomware groups like Qilin dominated; zero-day exploits accelerated. Attackers outpace defenses via AI.
U.S. Military Integrates Anthropic's Claude AI Amid Ethical Concerns
U.S. military adopted Claude AI model for operations, raising warfare ethics issues. Experts stress strategic autonomy for AI safety. Ties into digital transformation and cybersecurity hybrid solutions needs.
Congress Extends Cyber Security Information Sharing Act
U.S. Congress extended the act to boost cross-sector info sharing against evolving threats. Collaboration emphasized for resilience. AI integration in cybersecurity highlighted as key focus.