The “shift left” approach has increased pressure on developers, as speed demands override security checks in modern CI pipelines. Qualys explains how analyzing 34,000 public container images revealed 7.3% were malicious and why security must be enforced at the infrastructure layer by default. […]
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months.
“On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI
“On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI
PayPal discloses data breach that exposed user info for 6 months
PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. […]
BeyondTrust Vulnerability Exploited in Ransomware Attacks
CISA has updated its KEV entry for CVE-2026-1731 to alert organizations of exploitation in ransomware attacks.
The post BeyondTrust Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT).
“The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage
“The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage
Mississippi medical center closes all clinics after ransomware attack
The University of Mississippi Medical Center (UMMC) closed all its clinic locations statewide on Thursday following a ransomware attack. […]
FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
The FBI has confirmed that the Ploutus malware, which has been around for over a decade, is still being used in the wild.
The post FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025 appeared first on SecurityWeek.
Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk.
For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are
For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are
FBI: Over $20 million stolen in surge of ATM malware attacks in 2025
The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM “jackpotting” attacks, in which criminals use malware to force cash machines to dispense money. […]
Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea’s fraudulent information technology (IT) worker scheme.
In November 2025, Oleksandr “Alexander” Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land
In November 2025, Oleksandr “Alexander” Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to IT workers to help them land