This posting is here to collect cyber security news in February 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in February 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
136 Comments
Tomi Engdahl says:
Maksatko virustorjunnasta? Asiantuntijan mukaan haittaohjelmien torjunta on tarpeetonta
https://www.ts.fi/elamantapa/6887919
Tietoturva-asiantuntija muistuttaa, että viruksia ei enää ole ja että älylaitteiden oma suojaus riittää.
Tomi Engdahl says:
Maksatko turhaan virusturvasta? Ilmainen voi riittää paremmin kuin luulet
Asiantuntijan mukaan maksullinen virustorjunta voi olla tarpeen aktiivisille käyttäjille.
https://www.verkkouutiset.fi/a/maksatko-turhaan-virusturvasta-ilmainen-voi-riittaa-paremmin-kuin-luulet/#e437b0b0
Tomi Engdahl says:
USA skannaa kesän jalkapallokisojen fanit tekoälyllä ja millimetriaalloilla
https://etn.fi/index.php/13-news/18400-usa-skannaa-kesaen-jalkapallokisojen-fanit-tekoaelyllae-ja-millimetriaalloilla
Tomi Engdahl says:
RFID-sirut valmistautuvat EU:n digitaaliseen tuotepassiin
https://etn.fi/index.php/13-news/18391-rfid-sirut-valmistautuvat-eu-n-digitaaliseen-tuotepassiin
EU:n valmistelema digitaalinen tuotepassi muuttaa tapaa, jolla tuotteita tunnistetaan ja seurataan koko elinkaaren ajan. Pelkkä tunnistenumero ei enää riitä. Tuotteen mukana on kuljettava tietoa alkuperästä, eristä, viimeisistä käyttöpäivistä ja kierrätyksestä. Tämä paine kohdistuu nyt myös RFID-tekniikan ytimeen eli siruihin.
Perinteinen RAIN RFID on rakennettu varastonhallintaa ja nopeaa inventointia varten. Sirut ovat olleet äärimmäisen edullisia ja yksinkertaisia. Usein niihin tallennetaan vain yksilöivä tunnus, joka linkittää tuotteen taustajärjestelmän tietokantaan. Digitaalisen tuotepassin logiikassa tämä on niukka ratkaisu.
Tomi Engdahl says:
AI security startup CEO posts a job. Deepfake candidate applies, inner turmoil ensues.
‘I did not think it was going to happen to me, but here we are’
https://www.theregister.com/2026/02/01/ai_security_startup_ceo_posts/
Nearly every company, from tech giants like Amazon to small startups, has first-hand experience with fake IT workers applying for jobs – and sometimes even being hired.
Even so, using a deepfake video to apply for a security researcher role with a company that does threat modeling for AI systems seems incredibly brash.
“It’s one of the most common discussion points that pops up in the CISO groups I’m in,” Evoke co-founder and CEO Jason Rebholz told The Register, talking about the North Korean-type job interview scam. “I did not think it was going to happen to me, but here we are.”
Tomi Engdahl says:
Microsoft crosses privacy line few expected
Why a BitLocker warrant changed the privacy debate
https://www.foxnews.com/tech/microsoft-crosses-privacy-line-few-expected
Tomi Engdahl says:
Clouds rush to deliver OpenClaw-as-a-service offerings
As analyst house Gartner declares AI tool ‘comes with unacceptable cybersecurity risk’ and urges admins to snuff it out
https://www.theregister.com/2026/02/04/cloud_hosted_openclaw/
If you’re brave enough to want to run the demonstrably insecure AI assistant OpenClaw, several clouds have already started offering it as a service.
OpenClaw, the name its developer Peter Steinberger settled on after changing from Clawdbot to Moltbot, is a platform for AI agents. Users can provide it with their credentials to various online services and prompt OpenClaw to operate them by issuing instructions in messaging apps like Telegram or WhatsApp. Steinberger says it “clears your inbox, sends emails, manages your calendar, checks you in for flights.”
Using OpenClaw’s AI features requires access to an AI model, either by connecting to an API or by running one locally. The latter possibility apparently sparked a rush to buy Apple’s $599 Mac Mini.
Tomi Engdahl says:
Microsoft finally sends TLS 1.0 and 1.1 to the cloud retirement home
Azure Storage now requires version 1.2 or newer for encrypted connections
https://www.theregister.com/2026/02/03/microsoft_tls_deprecations/
Today is the day Azure Storage stops supporting versions 1.0 and 1.1 of Transport Layer Security (TLS). TLS 1.2 is the new minimum.
The change has been a long time coming. Microsoft warned users several years ago that February 3, 2026, was the cut-off date after which the deprecated standards would no longer be supported.
The minimum TLS version is enforced at the storage account level. Microsoft said: “If your storage account hosts other Azure Storage services (such as Azure Files, Queue Storage, or Table Storage), those services are also subject to the same TLS requirements.”
Tomi Engdahl says:
https://thenewstack.io/openclaw-moltbot-security-concerns/
Tomi Engdahl says:
Käytätkö mobiilivarmennetta? Turvallisuus vaarassa
Laura Halminen
Julkaistu 30.01.2026 | 16:16
Päivitetty 30.01.2026 | 16:16
Tietoturva
Mobiilivarmenteen voi varastaa ilman että uhri saa tietää siitä mitään.
https://www.verkkouutiset.fi/a/kaytatko-mobiilivarmennetta-turvallisuus-vaarassa/#2707427f
Tomi Engdahl says:
Huijarit iskivät Windowsiin tutun sovelluksen kautta – Näin tunnistat vaaran
Marko Pinola6.2.202611:33|päivitetty6.2.202611:33TietojenkalasteluKyber
Hyökkääjät houkuttelivat uhreja asentamaan.scr-päätteisen näytönsäästäjätiedoston koneelleen.
https://www.tivi.fi/uutiset/a/a72323f3-b129-4771-8b3d-6bd3da06cc88
Tomi Engdahl says:
https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Tomi Engdahl says:
Cyber pros found a way to unredact some Epstein PDFs: emails contain raw code
https://cybernews.com/security/some-epstein-email-attachments-can-be-uncensored/
The Department of Justice (DOJ) appears to have failed to redact all Epstein files completely: some blacked-out documents also contain raw email data that enables the complete reconstruction of email attachments. Computer forensic experts are already working to uncover hidden pieces.
Mahmoud Al-Qudsi, the founder of NeoSmart Technologies, has shared a method and tools for reconstructing PDF documents from Epstein emails.
This is possible because the DOJ released Epstein emails in their raw code, with attachments preserved as base64-encoded data. However, there is also a challenge – the files were scanned from printouts, and text recognition tools fail to recognize some characters, making reconstruction labor-intensive.
https://neosmart.net/blog/recreating-epstein-pdfs-from-raw-encoded-attachments/
Tomi Engdahl says:
https://www.neowin.net/news/fbi-bypasses-impenetrable-encryption-using-bitlocker-keys-supplied-by-microsoft/
Tomi Engdahl says:
Verkkorikollisten suosima työkalu paljastui – Suurin laatuaan maailmassa?
Välityspalvelinten verkkoon oli liittynyt ihmisiä sekä tarkoituksella että tietämättään.
https://www.iltalehti.fi/digiuutiset/a/af9d68ba-277c-4b6c-82bb-99607f5b14e5
Google on ryhtynyt toimiin erittäin laajaa epäilyttävää välityspalvelinten verkkoa vastaan. Tiettävästi yli 500 eri tahoa käytti verkkoa toimintaansa.
Verkkosivuillaan julkaisemassaan päivityksessä Googlen työryhmä arvelee, että muun muassa Android-laitteista koostunut verkko oli suurin laatuaan maailmassa. The Hacker Newsin mukaan siihen kuului yli kuusi miljoonaa ip-osoitetta.
Tomi Engdahl says:
Stop connecting smart bulbs to your main Wi-Fi: The safer way to set them up
https://www.howtogeek.com/want-a-more-secure-network-but-dont-have-vlan-use-a-wi-fi-guest-network-instead/
Tomi Engdahl says:
British security services warn hundreds of EV buses have same Chinese ‘kill switch’ found in Norway and US
Published on Feb 04, 2026 at 1:52 PM (UTC+4)
by Henry Kelsall
Last updated on Feb 04, 2026 at 9:18 PM (UTC+4)
Edited by Emma Matthews
https://supercarblondie.com/british-security-services-warn-chinese-ev-buses-same-kill-switch-norway/
Tomi Engdahl says:
Cybersecurity Cartoons Protect You From Hackers And Identity Theft
Cybercrime is no laughing matter
Cybersecurity Ventures is excited to provide our followers with a new original cartoon in Cybercrime Magazine every week. They’re fan favorites! If you’d like to include one of our cartoons on your website, in a presentation, newsletter, poster, training materials, or other media, then contact us for licensing options and fees.
https://cybersecurityventures.com/cybersecurity-cartoon-archives/
Tomi Engdahl says:
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html
Tomi Engdahl says:
Rotten Tomatoes addresses ‘fake’ user score claims for Melania movie after documentary set new record
Film has set a record for the largest discrepancy between critics’ scores and audience ratings
https://www.independent.co.uk/arts-entertainment/films/news/melania-documentary-rotten-tomatoes-user-score-genuine-discrepancy-b2915883.html
Rotten Tomatoes has shut down speculation that the high audience score for Melania Trump documentary Melania was the result of “manipulation”.
The Amazon movie about the First Lady, directed by Brett Ratner, broke records for the review aggregator website this week for the dubious honour of achieving the biggest discrepancy between critics’ scores and audience ratings in the last 27 years.
Critical response to the film, which was released in cinemas at the end of January and debuted at number 29 at the UK box office, has been poor, picking up just 8 per cent on the Rotten Tomatoes “Tomatometer”.
However, it received a 99 per cent score from cinemagoers on the “Popcornmeter”, prompting some film fans to speculate that some of those fan reviews might not be entirely legitimate.
Tomi Engdahl says:
https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html
Tomi Engdahl says:
Azure outage disrupts VMs and identity services for over 10 hours
news
Feb 4, 2026
5 mins
A misconfiguration in Microsoft-managed storage accounts triggered cascading failures across virtual machine operations, managed identities, and developer workflows.
https://www.infoworld.com/article/4127149/azure-outage-disrupts-vms-and-identity-services-for-over-10-hours-2.html
Tomi Engdahl says:
OpenClaw (formerly Clawdbot) and Moltbook let attackers walk through the front door
https://the-decoder.com/openclaw-formerly-clawdbot-and-moltbook-let-attackers-walk-through-the-front-door/
Tomi Engdahl says:
Great Job
As AI Surges, Layoffs Hit Worst Moment Since 2009 During Throes of Financial Crisis
Things are getting grim.
https://futurism.com/future-society/ai-layoffs-financial-crisis
Tomi Engdahl says:
https://www.infoworld.com/article/4127149/azure-outage-disrupts-vms-and-identity-services-for-over-10-hours-2.html
Tomi Engdahl says:
‘Starlink killer’: China’s 20 GW microwave weapon could fry satellites with 60-second bursts
The compact microwave beam technology could disrupt satellite operations in low Earth orbit all the way from the ground.
https://interestingengineering.com/space/china-microwave-weapon-fry-satellites
Tomi Engdahl says:
‘Kill Switch’—Iran Shuts Down Musk’s Starlink For First Time
https://www.forbes.com/sites/zakdoffman/2026/01/13/kill-switch-iran-shuts-down-starlink-internet-for-first-time/
We have not seen this before. Iran’s digital blackout has now deployed military jammers, reportedly supplied by Russia, to shut down access to Starlink Internet. This is a game-changer for the Plan-B connectivity frequently used by protesters and anti-regime activists when ordinary access to the internet is stopped..
“Despite reports that tens of thousands of Starlink units are operating inside Iran,” says Iran Wire, “the blackout has also reached satellite connections.” It is reported that about 30 per cent of Starlink’s uplink and downlink traffic was (initially) disrupted,” quickly rising “to more than 80 per cent” within hours.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/
Tomi Engdahl says:
Global Threat Map: Open-source real-time situational awareness platform
Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single interactive map. It visualizes indicators such as malware distribution, phishing activity, and attack traffic by geographic region.
https://www.helpnetsecurity.com/2026/02/04/global-threat-map-open-source-osint/
Tomi Engdahl says:
Ranskalta kova kieltopäätös – VPN:t pannaan?
Justus Vento3.2.202621:00Vpn-ohjelmatVpn
Ranskalaisministeri väläytti kovaa keinoa somen käytön hillitsemiseksi.
https://www.tivi.fi/uutiset/a/0242315a-bd54-4b5a-80f7-1c053085f2ec
Ranska on mahdollisesti kieltämässä virtual private networkien (VPN) käytön maassa. Kielto olisi osa hanketta, jossa ranskalaisnuoret pyritään saamaan pois sosiaalisesta mediasta. VPN-palveluita voidaan käyttää kiellon kiertämiseen. Yhdysvaltalaismedia Engadgetin mukaan Ranskan tekoäly- ja digiministeri Anne Le Hénanff sanoi Franceinfon haastattelussa edistävänsä paraikaa alle 15-vuotiaiden somekiellon valmistelua, mutta VPN-palveluiden olevan ”hänen listallaan seuraavana”.
Tomi Engdahl says:
https://cybernews.com/security/epstein-passwords-leak-in-file-release-redditors-access-accounts/
Tomi Engdahl says:
Redditors claim access to Epstein accounts after passwords appear in released DOJ files
https://betanews.com/article/redditors-claim-access-to-epstein-accounts-after-passwords-appear-in-released-doj-files/
Tomi Engdahl says:
https://cybernews.com/tech/china-ban-tesla-like-door-handles/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post&fbclid=IwT01FWAPwvZdleHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR5q4j3IV3fBX-6o-O5_V9OKi0XjUZjGkN5LvBi8_9LuCFeYGFpwUDQJ1oArew_aem_4QbKTK4dQbnoPDdstcPoMQ
Tomi Engdahl says:
Tietomurto Valtorin järjestelmään – 20 000 laitteen tietoja varastettiin
Hyökkäys perustui haavoittuvuuteen, johon ei vielä ollut korjausta.
https://www.is.fi/digitoday/tietoturva/art-2000011794793.html
Tomi Engdahl says:
Koodareiden suosikkisovelluksessa massiivinen tietomurto
Justus Vento3.2.202608:30TietomurrotTietovuodotHakkeritVerkkorikollisuus
Notepad++ sanoo murron taustalla olleen Kiinaan kytketty hakkeriryhmä.
https://www.tivi.fi/uutiset/a/550f228d-d1c5-4c50-923b-71526d53d979
Koodareiden ja verkkoammattilaisten suosikkisovellus Notepad++ kertoo selvittäneensä viime vuonna palvelussaan tapahtuneen massiivisen tietomurron. Tietomurto jatkui kokonaisuudessaan kesäkuusta 2025 joulukuuhun 2025. Notepad++:n mukaan asialla oli Kiinan hallintoon kytketty hakkeriryhmä, joka onnistui kaappaamaan osan ohjelmiston päivitysliikenteestä.
Tomi Engdahl says:
Microsoft plans to bury its NTLM security relic after 30 years — replacing it with stronger Kerberos-based alternatives via future Windows client releases
News
By Kevin Okemwa published February 2, 2026
The software giant plans to disable NTLM authentication by default, strengthening security with modern protocols.
https://www.windowscentral.com/microsoft/windows/microsoft-plans-to-bury-its-ntlm-security-relic-after-30-years
Tomi Engdahl says:
AI security startup CEO posts a job. Deepfake candidate applies, inner turmoil ensues.
‘I did not think it was going to happen to me, but here we are’
https://www.theregister.com/2026/02/01/ai_security_startup_ceo_posts/
Tomi Engdahl says:
How recruitment fraud turned cloud IAM into a $2 billion attack surface
https://venturebeat.com/security/recruitment-fraud-cloud-iam-2-billion-attack-surface
A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developer’s machine — GitHub personal access tokens, AWS API keys, Azure service principals and more — are exfiltrated, and the adversary is inside the cloud environment within minutes.
Your email security never saw it. Your dependency scanner might have flagged the package. Nobody was watching what happened next.
The attack chain is quickly becoming known as the identity and access management (IAM) pivot, and it represents a fundamental gap in how enterprises monitor identity-based attacks. CrowdStrike Intelligence research published on January 29 documents how adversary groups operationalized this attack chain at an industrial scale. Threat actors are cloaking the delivery of trojanized Python and npm packages through recruitment fraud, then pivoting from stolen developer credentials to full cloud IAM compromise.
In one late-2024 case, attackers delivered malicious Python packages to a European FinTech company through recruitment-themed lures, pivoted to cloud IAM configurations and diverted cryptocurrency to adversary-controlled wallets.
Tomi Engdahl says:
Patch or perish: Vulnerability exploits now dominate intrusions
Apply fixes within a few hours or face the music, say the pros
https://www.theregister.com/2026/01/29/faster_patching_please_cry_infoseccers/
Tomi Engdahl says:
US cyber defense chief accidentally uploaded secret government info to ChatGPT
Congress recently grilled the acting chief on mass layoffs and a failed polygraph.
https://arstechnica.com/tech-policy/2026/01/us-cyber-defense-chief-accidentally-uploaded-secret-government-info-to-chatgpt/
Tomi Engdahl says:
Dutch authorities allegedly seize VPN server without a warrant — company claims that law enforcement will return it after analyzing the device fully
News
By Jowi Morales published 21 hours ago
The authorities apparently got tired of asking and just went in themselves.
https://www.tomshardware.com/software/vpn/dutch-authorities-allegedly-seize-vpn-server-without-a-warrant-company-claims-that-law-enforcement-will-return-it-after-analyzing-the-device-fully
Canada-based Windscribe, a VPN provider, just said that one of its European servers has been allegedly seized by Dutch authorities without a warrant. According to the company’s post on X, law enforcement said that they will return it to the service provider after they “fully analyze it.” It’s unclear why law enforcement impounded just a single rack from Windscribe’s cabinet, but the VPN provider said that it only uses RAM disk servers, meaning anyone who would look through the installed SSDs would only find a stock Ubuntu install on it, so the servers shouldn’t hold any trackable data.
“THIS IS NOT A DRILL: The Dutch authorities, without a warrant, just seized one of our VPN servers saying they’ll give it back after they ‘fully analyze it’,” the company said in its social media post. “Windscribe uses RAM disk servers so that only thing the authorities will find is a stock Ubuntu install.”
The company maintains on its website that it doesn’t keep personal data about the activity of its users.
Tomi Engdahl says:
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
https://www.bleepingcomputer.com/news/security/dknife-linux-toolkit-hijacks-router-traffic-to-spy-deliver-malware/
A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns.
The framework serves as a post-compromise framework for traffic monitoring and adversary-in-the-middle (AitM) activities. It is designed to intercept and manipulate traffic destined for endpoints (computers, mobile devices, IoTs) on the network.
Researchers at Cisco Talos say that DKnife is an ELF framework with seven Linux-based components designed for deep packet inspection (DPI), traffic manipulation, credential harvesting, and malware delivery.
Tomi Engdahl says:
Malware Hidden in Pirated Games Infects 400,000 Devices
Updated Feb 06, 2026
Security researchers uncover evidence that the Windows-based ‘RenEngine loader’ malware has infected around 30,000 users in the US alone.
https://uk.pcmag.com/security/163012/malware-hidden-in-pirated-games-infects-400000-devices
Tomi Engdahl says:
https://www.vice.com/en/article/north-koreas-smartphones-are-pocket-sized-orwellian-nightmares/
Tomi Engdahl says:
AWS intruder achieved admin access in under 10 minutes thanks to AI assist, researchers say
LLMs automated most phases of the attack
https://www.theregister.com/2026/02/04/aws_cloud_breakin_ai_assist/
UPDATED A digital intruder broke into an AWS cloud environment and in just under 10 minutes went from initial access to administrative privileges, thanks to an AI speed assist.
The Sysdig Threat Research Team said they observed the break-in on November 28, and noted it stood out not only for its speed, but also for the “multiple indicators” suggesting the criminals used large language models to automate most phases of the attack, from reconnaissance and privilege escalation to lateral movement, malicious code writing, and LLMjacking – using a compromised cloud account to access cloud-hosted LLMs.
“The threat actor achieved administrative privileges in under 10 minutes, compromised 19 distinct AWS principals, and abused both Bedrock models and GPU compute resources,” Sysdig’s threat research director Michael Clark and researcher Alessandro Brucato said in a blog post about the cloud intrusion. “The LLM-generated code with Serbian comments, hallucinated AWS account IDs, and non-existent GitHub repository references all point to AI-assisted offensive operations.”
Tomi Engdahl says:
CVE-2025-15467: Critical OpenSSL Flaw Enables Pre-Auth Remote Code Execution
https://orca.security/resources/blog/cve-2025-15467-openssl-pre-auth-rce/
Tomi Engdahl says:
https://integrity.aristotle.com/2025/02/the-rise-of-digital-shoplifting-and-how-to-prevent-it/
Tomi Engdahl says:
AutoPentestX – Automated Penetration Testing Toolkit Designed for Linux systems
https://cybersecuritynews.com/autopentestx-penetration-testing-toolkit/#google_vignette
AutoPentestX, an open-source automated penetration testing toolkit for Linux systems, enables comprehensive security assessments from a single command.
Developed by Gowtham Darkseid and released in November 2025, it generates professional PDF reports while emphasizing safe, non-destructive testing.
AutoPentestX targets Kali Linux, Ubuntu, and Debian-based distributions, automating OS detection, port scanning, service enumeration, and vulnerability checks.
It integrates Nmap for network scans, Nikto and SQLMap for web testing, and CVE lookups for risk scoring based on CVSS metrics. The toolkit stores results in an SQLite database and supports Metasploit RC scripts for manual exploitation review without actual harm.
Tomi Engdahl says:
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
https://thehackernews.com/2026/02/openclaw-integrates-virustotal-scanning.html
OpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem.
“All skills published to ClawHub are now scanned using VirusTotal’s threat intelligence, including their new Code Insight capability,” OpenClaw’s founder Peter Steinberger, along with Jamieson O’Reilly and Bernardo Quintero said. “This provides an additional layer of security for the OpenClaw community.”
The process essentially entails creating a unique SHA-256 hash for every skill and cross checking it against VirusTotal’s database for a match. If it’s not found, the skill bundle is uploaded to the malware scanning tool for further analysis using VirusTotal Code Insight.
Skills that have a “benign” Code Insight verdict are automatically approved by ClawHub, while those marked suspicious are flagged with a warning. Any skill that’s deemed malicious is blocked from download. OpenClaw also said all active skills are re-scanned on a daily basis to detect scenarios where a previously clean skill becomes malicious.
Tomi Engdahl says:
Security researcher says AMD auto-updater downloads software insecurely, enabling remote code execution — company rep reportedly said man-in-the-middle attacks are “out of scope,” ignored bug
News
By Bruno Ferreira published 2 days ago
Hell hath no fury like a security researcher scorned.
https://www.tomshardware.com/tech-industry/cyber-security/security-researcher-says-amd-auto-updater-downloads-software-insecurely-enabling-remote-code-execution-company-rep-reportedly-said-man-in-the-middle-attacks-are-out-of-scope-ignored-bug