February 2026 – Page 41

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.
The compromised versions of the two packages are listed below –

@dydxprotocol/v4-client-js (npm) – 3.4.1, 1.22.1, 1.15.2, 1.0.31&

5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel

The news comes after the Department of Energy conducted its annual Liberty Eclipse cybersecurity exercise.

The post 5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel appeared first on SecurityWeek.

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests.

The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF.
Claude Opus 4.6, which was launched on Thursday, comes with improved coding skills, including code review and debugging capabilities, along

Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog

CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks.

The post Questions Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek.

Zscaler Acquires Browser Security Firm SquareX

Zscaler says the acquisition will allow customers to embed lightweight extensions into any browser, providing increased security and eliminating the need for third-party browsers.

The post Zscaler Acquires Browser Security Firm SquareX appeared first on SecurityWeek.

Spain’s Ministry of Science shuts down systems after breach claims

Spain’s Ministry of Science (Ministerio de Ciencia) announced a partial shutdown of its IT systems, affecting several citizen- and company-facing services. […]

Ransomware gang uses ISPsystem VMs for stealthy payload delivery

Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. […]

Microsoft to shut down Exchange Online EWS in April 2027

Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after nearly 20 years. […]

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds.
Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The

Month: February 2026