Security News
Latest Updates

Schneier on Security

Security news and analysis by Bruce Schneier

I Am in the Epstein Files - February 06, 2026

Once. Someone named “Vincenzo lozzo” wrote to Epstein in email, in 2016: “I wouldn’t pay too much attention to this, Schneier has a long tradition of dramatizing and misunderstanding things.” The topic of the email is DDoS attacks, and it is unclear what I am dramatizing and misunderstanding.

Rabbi Schneier is also mentioned, also incidentally, also once. As far as either of us know, we are not related.

The Hacker News

Cybersecurity news and insights

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk - February 06, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) agencies to strengthen asset lifecycle management for edge network devices and remove those that no longer receive security updates from original equipment manufacturers (OEMs) over the next 12 to 18 months. The agency said the move is to drive down technical debt and minimize

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities - February 06, 2026

A previously undocumented cyber espionage group operating from Asia broke into the networks of at least 70 government and critical infrastructure organizations across 37 countries over the past year, according to new findings from Palo Alto Networks Unit 42. In addition, the hacking crew has been observed conducting active reconnaissance against government infrastructure associated with 155

Schneier on Security

Security news and analysis by Bruce Schneier

iPhone Lockdown Mode Protects Washington Post Reporter - February 06, 2026

404Media is reporting that the FBI could not access a reporter’s iPhone because it had Lockdown Mode enabled:

The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after raiding the home of the reporter, Hannah Natanson, in January as part of an investigation into leaks of classified information. It also provides rare insight into the apparent effectiveness of Lockdown Mode, or at least how effective it might be before the FBI may try other techniques to access the device.

“Because the iPhone was in Lockdown mode, CART could not extract that device,” the court record reads, referring to the FBI’s Computer Analysis Response Team, a unit focused on performing forensic analyses of seized devices. The document is written by the government, and is opposing the return of Natanson’s devices...

SecurityWeek

Latest cybersecurity news

Flickr Security Incident Tied to Third-Party Email System - February 06, 2026

Potential breach at Flickr exposes usernames, email addresses, IP addresses, and activity data.

The post Flickr Security Incident Tied to Third-Party Email System appeared first on SecurityWeek.

Living off the AI: The Next Evolution of Attacker Tradecraft - February 06, 2026

Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP.

The post Living off the AI: The Next Evolution of Attacker Tradecraft appeared first on SecurityWeek.

In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities - February 06, 2026

Other noteworthy stories that might have slipped under the radar: AT&T and Verizon response to Salt Typhoon, AI agents solve security challenges, man arrested in Poland for DDos Attacks.

The post In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

How Samsung Knox Helps Stop Your Network Security Breach - February 06, 2026

As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically

SecurityWeek

Latest cybersecurity news

Airrived Emerges From Stealth With $6.1 Million in Funding - February 06, 2026

The startup aims to unify SOC, GRC, IAM, vulnerability management, IT, and business operations through its Agentic OS platform.

The post Airrived Emerges From Stealth With $6.1 Million in Funding appeared first on SecurityWeek.

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks - February 06, 2026

Used since at least 2019, DKnife has been targeting the desktop, mobile, and IoT devices of Chinese users.

The post ‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware - February 06, 2026

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below -

@dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31&

SecurityWeek

Latest cybersecurity news

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks - February 06, 2026

The security defect allows unauthenticated attackers to execute arbitrary code remotely via malicious HTTP requests.

The post Critical SmarterMail Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries - February 06, 2026

Artificial intelligence (AI) company Anthropic revealed that its latest large language model (LLM), Claude Opus 4.6, has found more than 500 previously unknown high-severity security flaws in open-source libraries, including Ghostscript, OpenSC, and CGIF. Claude Opus 4.6, which was launched Thursday, comes with improved coding skills, including code review and debugging capabilities, along with

SecurityWeek

Latest cybersecurity news

Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog - February 06, 2026

CISA updated 59 KEV entries in 2025 to specify that the vulnerabilities have been exploited in ransomware attacks.

The post Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack - February 05, 2026

The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. Cloudflare, which automatically detected and mitigated the activity, said it’s part of a growing number of hyper-volumetric HTTP DDoS attacks mounted by the botnet in the fourth quarter of 2025. The

SecurityWeek

Latest cybersecurity news

Substack Discloses Security Incident After Hacker Leaks Data - February 05, 2026

The hacker claims to have stolen nearly 700,000 Substack user records, including email addresses and phone numbers.

The post Substack Discloses Security Incident After Hacker Leaks Data appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories - February 05, 2026

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less visible while impact

Schneier on Security

Security news and analysis by Bruce Schneier

Backdoor in Notepad++ - February 05, 2026

Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users.

Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until September 2. Even then, the attackers maintained credentials to the internal services until December 2, a capability that allowed them to continue redirecting selected update traffic to malicious servers. The threat actor “specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.” Event logs indicate that the hackers tried to re-exploit one of the weaknesses after it was fixed but that the attempt failed...

The Hacker News

Cybersecurity news and insights

The Buyer’s Guide to AI Usage Control - February 05, 2026

Today’s “AI everywhere” reality is woven into everyday workflows across the enterprise, embedded in SaaS platforms, browsers, copilots, extensions, and a rapidly expanding universe of shadow tools that appear faster than security teams can track. Yet most organizations still rely on legacy controls that operate far away from where AI interactions actually occur. The result is a widening

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends - February 05, 2026

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of January 2026. “The threat actor stopped maintaining its C2 servers on January 8 for the first time since we

Schneier on Security

Security news and analysis by Bruce Schneier

US Declassifies Information on JUMPSEAT Spy Satellites - February 04, 2026

The US National Reconnaissance Office has declassified information about a fleet of spy satellites operating between 1971 and 2006.

I’m actually impressed to see a declassification only two decades after decommission.