The Hacker News

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Five malicious Rust crates and an AI bot exploited CI/CD pipelines and GitHub Actions in Feb 2026, stealing developer secrets ...
SecurityWeek

Over 100 GitHub Repositories Distributing BoryptGrab Stealer

Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Google: Cloud attacks exploit flaws more than weak credentials

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...
Redmondmag.com

GitHub Abuse Emerges in Twin Social Engineering Campaigns Spotted by Fortra, Trend Micro

Security researchers are tracking two separate GitHub-related threat campaigns that use the platform's infrastructure in different ways -- one to deliver vishing lures through legitimate GitHub ...
TechRadar

Google patches first Chrome zero-day of the year - so update now or face attack

Google patches Chrome zero-day CVE-2026-2441, a “use after free” bug in CSS Exploit allowed arbitrary code execution via crafted HTML pages, actively abused in the wild Update to Chrome ...
Forbes

Google Issues Emergency Chrome Update — 0Day Exploit Confirmed

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Updated February 19 with further analysis from cybersecurity experts following an update now ...
Bleeping Computer

Critical BeyondTrust RCE flaw now exploited in attacks, patch now

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published ...
IGN

Arc Raiders Dev Says Players Who Used 'Recent Exploits' Will Face Warnings and Suspensions Starting This Week

Embark Studios is keeping its promise to take action against players who took advantage of duplication exploits and other glitches in Arc Raiders by issuing warnings and suspensions. The developer ...
Forbes

Microsoft Confirms Windows Is Under Attack — Update Now

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
Hosted on MSN

Google patches first Chrome zero-day of the year - so update now

Google patches Chrome zero-day CVE-2026-2441, a “use after free” bug in CSS Exploit allowed arbitrary code execution via crafted HTML pages, actively abused in the wild Update to Chrome ...