📱 Apple is testing a new iOS setting that reduces how precisely cellular networks can 📍 locate your device.

Limit Precise Location restricts location data to a broad area instead of an exact address.

🔗 Learn how the setting works and where it’s available → https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html#cellular-location-precision-reduced

⚠️ WARNING: A supply chain attack spread malware via trusted VS Code extensions on Open VSX.

Attackers hijacked a real developer account and pushed GlassWorm through four existing tools.

22,000+ installs happened before removal.

🔗 Read → https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html

⚠️ ALERT — eScan antivirus delivered a malicious update after its update system was compromised.

During a two-hour window, attackers swapped a trusted file to stop updates and 🛠️ cleanup. The malware hid by faking update status and downloading more payloads.

🔗 Details → https://thehackernews.com/2026/02/escan-antivirus-update-servers.html

🛑 WARNING - Notepad++ confirmed state-sponsored attackers hijacked its update traffic via a compromised hosting provider. Selected users were redirected to malicious update servers.

The activity ran for months.

🔗 Learn more → https://thehackernews.com/2026/02/notepad-official-update-mechanism.html

Experts at CTM360 report brand impersonation has become a scaled fraud operation.

Its findings show 30,000+ fake fashion stores across 80+ countries, using ads and real payment flows before disappearing.

🔗 How the FraudWear network operates at scale → https://thehackernews.com/expert-insights/2026/02/ctm360-research-reveals-30000-fake.html

🛡️⚙️ Mid-market security fails when siloed tools drive up cost and alerts faster than teams can cope.

Endpoint, email, and firewall tools run in isolation, weakening protection. The shift is toward single platforms across the full threat lifecycle to cut risk without extra overhead.

🔗 How lifecycle security works in practice → https://thehackernews.com/2026/02/securing-mid-market-across-complete.html

What if the hardest vulnerability to patch… is self-doubt?

ICS environments are unforgiving. Responders can’t afford hesitation—but they also can't ignore it. In ICS410, Justin Searle helps practitioners move from doubt to decisive action, grounded in technical precision and OT situational awareness.

Register for ICS410 at SANS Surge 2026 (Feb 23–28) and train live with Justin: https://thn.news/sans-surge-26

Latest edition of Cybersecurity recap worth reading:

🌐 Proxy botnet disrupted
🪟 Office zero-day exploited
🤖 AI endpoints hijacked
⚡ Power systems targeted
🧩 Malware in dev tools
📧 AWS creds abused
🗄️ Databases extorted
🔐 Enterprise flaws exploited

🔗 Full RECAP → https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html

⚡ Microsoft will phase out NTLM in Windows through a three-step plan.

Deprecated in June 2024, NTLM remains widely used despite known security flaws. NTLM will be disabled by default in a future Windows release, with Kerberos becoming the standard.

🔗 dtails → https://thehackernews.com/2026/02/microsoft-begins-ntlm-phase-out-with.html

🔥 A high-severity RCE flaw in OpenClaw lets attackers take over the local agent with a single click.

A crafted link can steal a gateway token via unvalidated WebSocket origins, enabling full command execution even on localhost-only setups through the user’s browser.

🔗 Details and attack chain → https://thehackernews.com/2026/02/openclaw-bug-enables-one-click-remote.html

⚡🤖 Researchers find 341 malicious ClawHub skills targeting OpenClaw users via fake install steps.

The skills deploy Atomic Stealer on macOS and keylogging malware on Windows, abusing OpenClaw’s open marketplace model.

🔗 Read → https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html

🚨 China-linked Lotus Blossom compromised Notepad++ hosting infrastructure to hijack update traffic and deliver the Chrysalis backdoor, Rapid7 reports.

The issue affected older versions and was fixed with version 8.8.9 in December 2025.

🔗 Read → https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html

🤖 Mozilla will add 1-click Firefox setting to fully disable generative AI features.

With Firefox 148, users can block all current and future AI features or manage them individually, keeping AI strictly opt-in as browsers add more automation.

🔗 Read → https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html

🕸️ Exposed C2 server showed a complete BYOB botnet in the open 🧠

Droppers, loaders, and RATs for Windows, Linux, and macOS were publicly accessible, revealing a multi-stage chain for evasion, persistence, and control. Crypto miners were also hosted.

🔗 Read → https://thehackernews.com/2026/02/weekly-recap-proxy-botnet-office-zero.html#:~:text=Exposed%20C2%20Server%20Reveals%20BYOB%20Infrastructure

🛡️ Russia-linked APT28 exploited a newly disclosed Microsoft Office flaw within days of disclosure.

CVE-2026-21509 was used via malicious RTF files, with geo-fenced delivery targeting Ukraine, Slovakia, and Romania.

🔗 Read → https://thehackernews.com/2026/02/apt28-uses-microsoft-office-cve-2026.html

🔐 Major cloud outages didn’t just break apps—they broke access.

When shared cloud services fail, identity systems fail too, even if the IdP is running. Authentication depends on databases, DNS, and control planes.

🔗 How cloud outages cascade into identity failures → https://thehackernews.com/2026/02/when-cloud-outages-ripple-across.html

Want to enhance your cyber resilience with strategies and insights from industry leaders? Sign up for Infosec Compliance Now and earn up to 4 free CPE credits!

This virtual event will explore:
✔️ Structuring AI governance programs
✔️ Establishing continuous control monitoring
✔️ Navigating the current cyber risk landscape

Register Now → https://thn.news/cyber-risk-summit

🚨 Researchers detect active exploitation of a critical React Native CLI flaw.

CVE-2025-11953 allows unauthenticated OS command execution on exposed Metro dev servers, with attacks deploying PowerShell and a Rust payload.

🔗 Read → https://thehackernews.com/2026/02/hackers-exploit-metro4shell-rce-flaw-in.html

📢 WEBINAR ALERT → Adding tools hasn’t made SOCs calmer or faster. It’s mostly added noise.

In this session, two SOC operators walk through practical build vs buy decisions, real models, and a customer case study you can reuse.

🔗 Join to Watch: https://thehackernews.com/2026/02/webinar-smarter-soc-blueprint-learn.html

⚠️ A critical flaw in Docker’s Ask Gordon AI let container metadata execute real commands.

A single malicious Docker LABEL could pass through the MCP gateway and run tools with user privileges. Fixed in version 4.50.0.

🔗 DockerDash details → https://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html