How AI Collapses Your Response Window
We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a "temporary" API key…
Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users
Ravie LakshmananFeb 19, 2026Banking Malware / Mobile Security Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial…
CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware
Ravie LakshmananFeb 19, 2026Cyber Espionage / Data Security Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran's ongoing protests to conduct information theft…
Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody
Ravie LakshmananFeb 18, 2026Mobile Security / Spyware New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite…
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Ravie LakshmananFeb 18, 2026Network Security / Enterprise Security Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to…
Operating in a World of Permanent Instability
In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and…
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Ravie LakshmananFeb 18, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow…
3 Ways to Start Your Intelligent Workflow Program
Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools…
Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
Ravie LakshmananFeb 18, 2026Zero-Day / Vulnerability A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed…
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Ravie LakshmananFeb 18, 2026Vulnerability / Application Security Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software…
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Ravie LakshmananFeb 18, 2026Threat Intelligence / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence…
