This posting is here to collect cyber security news in February 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in February 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
136 Comments
Tomi Engdahl says:
Research: you crack your own computer, or someone else’s with their consent
Criminal: you crack someone else’s computer without consent, and it’s more than just an accidental discovery.
Mitigation: “Your honour, I reported all my findings and didn’t hold them hostage. To avoid any conflict of interest, I didn’t even offer to fix their problems – for money, or pro bono. I did not make my findings public either. I’m a good guy, I really am.”
Tomi Engdahl says:
Motives. Ethics. Truth. Honesty. Honor. Integrity. Help you find the line.
Crime. Is a line that moves all the time.
It is defined by the State. It can be anything the State needs it to be at any time. You can wake up in the morning and find that you have become a criminal.
Tomi Engdahl says:
“the difference between hacking and network administration is permission”
Tomi Engdahl says:
https://www.isc2.org/ethics?fbclid=IwdGRjcAP5DQJjbGNrA_kM_GV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHr25gyj_P5O0dGNAwgCIH0k2RalpPDzviIjO2ARengJLyVa3ck94p0-ekxKP_aem_J7gjE_qR8X9T9cluVWEBZg
Tomi Engdahl says:
Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks
https://cybersecuritynews.com/claude-desktop-extensions-0-click-vulnerability/
Tomi Engdahl says:
https://futurism.com/future-society/homeland-security-google
Tomi Engdahl says:
Luottamus Yhdysvaltoihin horjui – vaalitiedot saatetaan sittenkin pitää Suomessa
Oikeusministeriö harkitsee vakavasti paluuta vaalidatan säilyttämisessä kotimaiseen systeemiin amerikkalaisen Amazonin pilvipalvelun sijaan.
https://yle.fi/a/74-20209475
Tomi Engdahl says:
Kyberhyökkäys Suomen valtiota vastaan – ”Äärettömän vakava asia”
https://www.iltalehti.fi/politiikka/a/c86605d5-9546-4704-8193-75e293ab4362
Ministerit Ikonen ja Ranne kertovat nyt Iltalehdelle, mitä ajattelevat valtionhallintoon kohdistuneesta tietomurrosta.
– Valtori on tehnyt myöskin paljon varautumistyötä. Valtori, KRP ja Kyberturvallisuuskeskus käyvät tätä läpi ja selvittävät myöskin asiaa siltä osin, Ikonen sanoo Iltalehdelle.
Valtion ict-palveluita tuottava Valtori joutui tammikuun lopulla tietomurron kohteeksi. Valtorin tuottamaan mobiililaitteiden hallintapalveluun tehdyssä tietomurrossa hyökkääjä sai haltuunsa palvelun toiminnassa käytettäviä tietoja, kuten nimiä, työsähköpostiosoitteita, puhelinnumeroita sekä laitteiden tunnistetietoja.
Valtiovarainministeriön ict-johtaja Jarkko Levasman mukaan on mahdollista, että tietomurron tekijä on saanut haltuunsa valtion organisaatioiden ja jopa kriisiorganisaatioiden salassa pidettyjä nimilistoja tai henkilökokoonpanoja.
It-asiantuntija Mikko Hyppösen mukaan varastetut tiedot valtionhallinnon organisaatioista ovat arvokkaita tiedustelupalveluille, vaikka toistaiseksi ei tiedetä, kuka hyökkäyksen takana on.
Tietomurto on vaarantanut ainakin 50 000 työntekijän tiedot, joista ainakin osan mobiililaitteet joudutaan vaihtamaan.
Tietomurto on vaikuttanut myös valtioneuvostoon, johon kuuluu Suomen ylin poliittinen johto. Ikonen ei suostu kommentoimaan sitä, onko esimerkiksi ministerien puhelimia vaihdettu.
– Meillä on valitettavasti paljon tällaisia vihamielisiä tahoja tämän päivän maailmassa, jotka pyrkivät koputtelemaan erilaisiin järjestelmiin. On todella tärkeää, että me teemme kaikkemme, Ikonen sanoo.
Tomi Engdahl says:
Valtionhallinnossa on piru merrassa – Hyökkääjä saattoi saada vakavan luokan tietoa
https://www.iltalehti.fi/politiikka/a/7d6d68e4-147e-4d4d-b216-da720b08d344
Valtiohallinnon mobiililaitteisiin kohdistuneessa kyberhyökkäyksessä on viety tietoja, jotka ovat asiantuntijan mukaan arvokkaita tiedustelupalveluille.
Valtiovarainministeriön ict-johtajan Jarkko Levasman mukaan on mahdollista, että Valtoriin kohdistuneen tietomurron tekijä on saanut haltuunsa valtion organisaatioiden ja jopa kriisiorganisaatioiden salassa pidettyjä nimilistoja tai henkilökokoonpanoja.
Tammikuun lopulla Valtorin tuottamaan mobiililaitteiden hallintapalveluun tehdyssä tietomurrossa hyökkääjä sai haltuunsa palvelun toiminnassa käytettäviä tietoja, kuten nimiä, työsähköpostiosoitteita, puhelinnumeroita sekä laitteiden tunnistetietoja.
Tämänhetkisen tiedon mukaan murto on vaarantanut noin 50 000 valtion työntekijän tiedot. Joukkoon sisältyy myös valtioneuvosto, johon kuuluu Suomen ylin poliittinen johto.
Tomi Engdahl says:
Kokoomusmeppi Aura Salla varoittaa: Luottokortteihin on piilotettu tappokytkin
https://www.iltalehti.fi/digiuutiset/a/6055b371-c407-493d-acda-08b1e66387e4
Europarlamentaarikko Aura Salla varoittaa yhdysvaltalaisteknologioiden riippuvuuksista. Tämä pätee myös luottokortteihin kuten Visaan ja Mastercardiin.
Tomi Engdahl says:
Oppa Kim Jong Un Style
This Smartphone Smuggled Out of North Korea Is Absolutely Wild
“Smartphones are now part and parcel of the way North Korea tries to indoctrinate people.”
https://futurism.com/the-byte/smartphone-north-korea?fbclid=IwdGRjcAP6mYpjbGNrA_qZa2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHn5H7B-YGA4WYraJpH5nyKlCnhxdh8-phRE5cA17GqTKuz8rG97d6AY0zrvT_aem_rgjmZawnqpIKZ4CRvxkidA
As the BBC reports, consuming foreign media is punishable by imprisonment and even death in the dictatorship. In 2023, Kim even made it a crime for people to use South Korean phrases or speak in a South Korean accent.
It’s an Orwellian degree of absolutist control over the freedom of speech. And it extends to deep features of localized smartphones in the reclusive nation; a North Korean phone that was smuggled out of the country and obtained by the BBC was programmed to automatically replace forbidden words as they were typed, demonstrating the extraordinary extent of the Kim regime’s efforts to control the way people express themselves — in an incredibly literal way.
For instance, the South Korean word “oppa,” which directly translates to older brother but has become a popular term to address older male friends or romantic partners, gets autocorrected to the word “comrade.”
“This word can only be used to describe your siblings,” reads a warning that automatically pops up on the smuggled phone when a user types the word “oppa.”
And the word for South Korea automatically changes to “puppet state,”
Worst of all, the device is taking a screenshot every five minutes and sending it to the authorities — files that the user isn’t even able to access.
“Smartphones are now part and parcel of the way North Korea tries to indoctrinate people,” North Korean tech expert Martyn Williams told the BBC.
And it’s working, Williams argued, with North Korea “starting to gain the upper hand” in its ongoing information war with the South.
Tomi Engdahl says:
Tällaista mainosta ei kenenkään pitäisi nähdä – silti 993 000 000 000 näyttökertaa
Jopa joka kymmenes mainos on huijaus sosiaalisen median käyttäjälle Euroopassa.
https://www.is.fi/digitoday/tietoturva/art-2000011804755.html
Tomi Engdahl says:
https://www.makeuseof.com/im-done-with-onenote-heres-what-im-using-now/
Tomi Engdahl says:
https://mobiili.fi/2026/02/09/venalaiset-hakkerit-hyodyntavat-office-haavoittuvuutta-microsoft-julkaisi-hatakorjauksen/
Tomi Engdahl says:
nmapUnleashed Makes Nmap Scanning More Comfortable and Effective
https://cybersecuritynews.com/nmapunleashed-tool/#google_vignette
Tomi Engdahl says:
Suositussa sovelluksessa massiivinen tietomurto
Notepad++ sanoo murron taustalla olleen Kiinaan kytketty hakkeriryhmä.
https://www.tivi.fi/uutiset/a/550f228d-d1c5-4c50-923b-71526d53d979
Tomi Engdahl says:
Puppydog Eyes
Ring Boasts About Power to Surveil Entire Neighborhoods
“There’s no world in which finding lost dogs is the final end-use for this technology.”
https://futurism.com/future-society/ring-doorbell-surveillance-dog?fbclid=IwdGRjcAP7A-VjbGNrA_sDuGV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHj_pJJyZzAlsk-Hv8OjeXXT9EQRI6fkrTtivto9k8sGuIgnsZCt8jTQTkMA4_aem_TkGz6xMtkll5gUVh0N4tDg
When Ring’s latest commercial came on over a Super Bowl ad break, it offered a service that seems like a no-brainer. Called “Search Party,” it’s a new function that lets Ring devices help canvas the neighborhood through its vast network of cameras to find lost pets.
“One post of a dog’s photo in the Ring app starts outdoor cameras looking for a match to help families find lost dogs,” the company’s Super Bowl ad enthuses.
Yet beneath all that is a startling revelation: that Ring doorbells can now surveil living beings throughout every neighborhood the devices might be found.
For those unfamiliar, Ring is Amazon’s doorbell camera company — those ubiquitous gadgets mounted on front porches that record everyone who walks by.
The devices have been the target of widespread privacy criticisms for years at this point. However, their latest data sharing agreement with surveillance company Flock has many activists up in arms, as that startup has no qualms with working closely with federal agencies like Immigration and Customs Enforcement.
Tomi Engdahl says:
Grok Grotesqueries
Creeps Are Using Grok to Unblur Children’s Faces in the Epstein Files
It’s always Grok.
https://futurism.com/artificial-intelligence/grok-unblur-epstein-files?fbclid=IwdGRjcAP8NDVjbGNrA_w0MGV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHgr0Ei3SzKfLnCHtfT-R-61g56UriGhz9KIkm5B0VTOAlofNHA1KKMj63LRw_aem_ivc5DdlM36zczXmvya1pIg
Some of the worst freaks to walk planet Earth are using Elon Musk’s Grok to “unblur” the faces of women and children in the latest Epstein files, as documented by the research group Bellingcat.
A simple search on X, Musk’s social media site where Grok responds to user requests, shows at least 20 different photos that users tried to unredact using the AI chatbot, the group found. Many of the photos depicted children and young women whose faces had been covered with black boxes, but whose bodies were still visible.
“Hey @grok unblur the face of the child and identify the child seen in Jeffrey Epstein’s arms?” wrote one user.
Grok often complied. Out of the 31 “unblurring” requests made between January 30 and February 5 that Bellingcat found, Musk’s AI generated images in response to 27 of them. Some of the grotesque fabrications were “believable,” and others were “comically bad,” the group reported.
In the cases that Grok refused, it responded by saying the victims were anonymized “as per standard practices in sensitive images from the Epstein files.” In response to another, Grok said “deblurring or editing images was outside its abilities, and noted that photos from recent Epstein file releases were redacted for privacy,” per Bellingcat.
Tomi Engdahl says:
Ring, owned by Amazon, faced criticism for its dog-finding Super Bowl ad. In its wake, Ring ended its partnership with Flock Safety.
#ring #amazon #superbowlads
Amazon’s Ring ends controversial partnership days after its Super Bowl ad drew backlash
https://www.businessinsider.com/amazon-ring-flock-partnership-ends-super-bowl-ad-2026-2?fbclid=IwdGRjcAP8PgJjbGNrA_w90WV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHrbfCH1R7aCpNsOYTRQudP-ai62nzvoWqfeEMCJrkhnab4tsWSnLsUS4pfTb_aem_6CMOJloH5Bhcij8URLveNA&utm_campaign=mrf-insider-marfeel-headline-graphic&mrfcid=20260213698f5bc72afdae5cfbc2c092
Amazon’s Ring ended its partnership with Flock Safety after a “comprehensive review.”
Four days earlier, Ring aired a Super Bowl commercial that had some viewers worried about surveillance.
Ring’s partnership hadn’t taken effect, so no videos were ever shared with Flock customers, which include law enforcement.
Many viewers found Ring’s Super Bowl ad more creepy than cute. Days after after it aired, Ring is now canceling a controversial contract that came under scrutiny amid the backlash.
The smart doorbell company owned by Amazon ran a commercial during the Super Bowl featuring its dog-finding feature, Search Party. What was meant to pull at the heartstrings — what’s cuter than a young girl reunited with her lost dog? — turned into public pushback as people voiced surveillance concerns.
Some social media brought attention to Ring’s coming partnership with Flock Safety, a company with ties to law enforcement agencies. Four days after the Super Bowl, Ring announced that the integration “would require significantly more time and resources than anticipated.”
Tomi Engdahl says:
Company Stunned to Learn People Don’t Love Big Brother
Tomi Engdahl says:
Millions of smart homes at risk as Shelly flaw lets hackers open doors and garages
https://cybernews.com/security/smart-homes-at-risk-shelly-flaw-hackers/?fbclid=IwdGRjcAP9PXljbGNrA_09UWV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHpv1-FWxIpS5GdppUUHZYpuUMgmNtcezW0g_QuPjt6FBMafhwHZu3ph2Pc2D_aem__NksoApWSDDxIx5VZGyWOQ
Ethical hackers have uncovered a flaw in a new generation of popular smart-home devices that could allow someone standing outside a property to open the owners’ doors, garages, or gates via WiFi.
Researchers at PenTest Partners found that fourth-generation devices from smart-home brand Shelly leave a wireless access point (AP) active by default, even after installation on a home network.
This contrasts with earlier Shelly models, which automatically disabled this setup network once the configuration was complete.
Anyone within range could connect to the open AP and send commands directly to the device without authentication.
In simple cases, that could mean switching lights on or off. But many users deploy Shelly units to control garage doors, gates, and other physical access points, meaning a single unauthenticated request could trigger a relay and open an entrance.
“A more malicious attacker could set the device to power off and on every second, possibly causing damage to the appliance,” says Monie.
Pivoting to other IoT devices
The researcher warned that the exposure goes further. Once connected to the Gen 4 device, an attacker could upload modified firmware, monitor activity, or pivot deeper into the home network.
“An often-overlooked issue of being able to compromise devices is that it’s likely also connected to another wireless network. This means that an attacker can pivot from one device to other devices on a different network.”
PenTest Partners researcher Alan Monie
Tests showed compromised units could send commands to older Shelly devices on the same network and potentially interact with non-Shelly systems due to a transport layer security (TLS) handling weakness in earlier controllers.
Additionally, because the APs remain publicly visible, they can also be discovered at scale.
Bulgarian-based Shelly operates globally with offices in Germany, Slovenia, China, and the US, and its products are used in more than 5.2 million homes.
While the firm’s products are not as mainstream as Amazon, Google, or Philips, they are pretty popular within the DIY smart-home and installer communities, raising concerns about the potential footprint of the vulnerability.
Pen Test Partners disclosed the issue to Shelly in October 2025 and were told that firmware version 1.8.0 would disable the access point outside the setup window.
However, the researchers say they received “no timeline for release and no customer warning advising users to turn the feature off manually.”
Shelly IoT door controller config fail: leaving your garage, home and security exposed
https://www.pentestpartners.com/security-blog/shelly-iot-door-controller-config-fail-leaving-your-garage-home-and-security-exposed/?fbclid=IwVERDUAP9Ph5leHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR69xtC3zRr0cudjJOplEyCtazjTfmXUobcOQQ78bbvDw_pjfUIK6x-1dsWIGA_aem_9LViHDPpChA4LqhxUueEYw
Tomi Engdahl says:
Google: Gemini-tekoälyä yritetty kopioida massiivisilla hyökkäyksillä – jopa 100 000 pyyntöä
https://mobiili.fi/2026/02/14/google-gemini-tekoalya-yritetty-kopioida-massiivisilla-hyokkayksilla-jopa-100-000-pyyntoa/
Google kertoo, että sen Gemini-tekoälyä on joutunut laajamittaisten, kaupallisesti motivoituneiden toimijoiden kopiointiyritysten kohteeksi.
Googlen mukaan osa hyökkäyksistä on sisältänyt jopa yli 100 000 erillistä Geminille tehtyä pyyntöä, joiden tarkoituksena on ollut kopioida tekoälypalvelun toimintaa.
Google käy raportissaan läpi niin sanottuja “distillation attack” -tislaushyökkäyksiä. Käytännössä kyse on toistuvista, järjestelmällisistä kyselyistä, joilla pyritään selvittämään tekoälymallin sisäistä logiikkaa ja toimintaperiaatteita.
Googlen mukaan hyökkäysten takana ovat todennäköisimmin yksityiset yritykset tai tutkijat, jotka pyrkivät parantamaan omia tekoälymallejaan. Google ei kuitenkaan paljastanut tarkempia tietoja epäillyistä tahoista, mutta kertoi hyökkäysten tulleen eri puolilta maailmaa.
Google pitää toimintaa immateriaalioikeuksien varkautena.
Myös ChatGPT:stä tunnettu OpenAI on aiemmin kertonut vastaavasta toiminnasta sen tekoälymallien kopioimiseksi. Viime vuonna OpenAI syytti kiinalaista kilpailijaansa DeepSeekiä OpenAI:n mallien ”tislaamisesta omien tekoälyratkaisujensa kehittämiseksi.
Tomi Engdahl says:
The use of cryptocurrency in sales of human beings for prostitution and scam compounds nearly doubled in 2025, according to a conservative estimate. Many of the deals are happening in plain sight.
Read the full article: https://www.wired.com/story/crypto-funded-human-trafficking-is-exploding/?utm_source=facebook&utm_medium=social&utm_campaign=aud-dev&utm_brand=wired&utm_social-type=owned
Tomi Engdahl says:
Unringing the Bell
Ring’s “Orwellian” Ad Was the Worst Super Bowl Disaster Since Kendall Jenner Handed the Cops a Pepsi
It’s turning out to be an absolute disaster.
https://futurism.com/future-society/ring-orwellian-ad-worst-super-bowl-ad-pepsi?fbclid=IwdGRjcAP-82djbGNrA_7zQmV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHo91Tdvy4QpVm9PRXKEbSEg7AWz5L3lT8DnRUt4JeE8bA8s9FfY1uTjVynEC_aem_nx5JtLqctQCjxaZUHTYFyg
In a now-infamous 2017 commercial that aired during that year’s Super Bowl, Kendall Jenner handed a police officer confronting furious protesters a can of Pepsi.
Now, Amazon’s home security subsidiary Ring, may have finally dethroned Pepsi’s disastrous ad as the biggest Super Bowl marketing disaster in recent history, in a debacle that ended with the company canceling a controversial partnership with an AI surveillance company in an apparent attempt to save face.
During last weekend’s Super Bowl, Ring aired an ad to show off a new function, called “Search Party,” which allowed Ring to access devices across an entire neighborhood to find lost pets.
The expensive ad massively missed the mark, accidentally implying that Ring cameras are creating an “Orwellian” surveillance network that goes far beyond lost pets. Furious customers started disconnecting and even reportedly destroying their Ring cameras, refusing to be part of a dystopian network of internet-connected spy cameras.
“I think (the commercial) surprised a lot of Americans by revealing just how powerful surveillance networks backed by AI have become,” ACLU senior policy analyst Jay Stanley told USA Today. “That power may be applied to puppies today, but where else might it be applied? Searches for people wearing t-shirts with certain political messages on them?”
The timing couldn’t have been worse, as Immigration and Customs Enforcement agents continue to round up civiliansacross the United States, triggering widespread panic and fear.
There are signs that Ring is paying attention. On Thursday, roughly four days after the ad aired, Amazon announced it was canceling its widely-criticized partnership with surveillance company Flock, a firm that makes footage from its connected devices available to local and federal police and enforcement agencies like ICE.
“Cool, still never buying a Ring, especially after all this,” one furious Reddit user wrote in response to the latest news.
Tomi Engdahl says:
https://www.city.fi/viihde/podcast-juontaja-mauton-naytti-pelottavan-tempun-tekoalylla-ulkonako-muuttui-hetkessa/?fbclid=IwdGRjcAP-_lJjbGNrA_7932V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHgcu6A_IUQKJsSLI2D4dpLcSXiyXtYOlS9EF6KEGJX8cATYXBii54t_kgpWN_aem_3OTABJxnOJ_MjACRSaPC5w
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-beyondtrust-flaw-within-three-days/
Tomi Engdahl says:
Windows Notepad Vulnerability Allows Attackers to Execute Malicious Code Remotely
https://cybersecuritynews.com/windows-notepad-rce-vulnerability/
Tomi Engdahl says:
PentestAgent – AI Penetration Testing Tool With Prebuilt Attack Playbooks and HexStrike Integration
https://cybersecuritynews.com/pentestagent/
PentestAgent, an open-source AI agent framework from researcher Masic (GH05TCREW), has introduced enhanced capabilities, including prebuilt attack playbooks and seamless HexStrike integration.
Released on GitHub by GH05TCREW, this tool leverages large language models (LLMs) like Claude Sonnet or GPT-5 via LiteLLM to conduct sophisticated black-box security assessments.
PentestAgent operates through a terminal user interface (TUI), offering modes for assisted chats, autonomous agents, and multi-agent crews, making it accessible for pentesters seeking AI augmentation without sacrificing control. Legal use is emphasized: only test authorized systems, as unauthorized access violates laws.
PentestAgent comes with its structured attack playbooks, predefined workflows for web app testing like THP3-style assessments. Users launch them via CLI: pentestagent run -t example.com –playbook thp3_web.
These playbooks guide the AI through reconnaissance, vulnerability scanning, and exploitation phases, injecting domain-specific knowledge from a Retrieval-Augmented Generation (RAG) system.
Tomi Engdahl says:
Microsoft varoittaa: Osa sivustojen uusista napeista “myrkytettyjä”
Justus Vento13.2.202609:01TietoturvaTekoäly
Microsoftin mukaan hakkerit ovat kehittäneet uusia tapoja ”myrkyttää” tekoälyn esittämiä suosituksia.
https://www.tivi.fi/uutiset/a/d2f58a81-2a94-4f30-9c7e-729b6ef99733
Microsoft varoittaa uudesta ilmiöstä, jossa tekoälyn antamia suosituksia ”myrkytetään”. AI Recommendation Poisoning -nimellä tunnetussa hyökkäyksessä verkkosivujen ”Summarize with AI” -painikkeisiin ja linkkeihin piilotetaan manipuloivia ohjeita. Näiden linkkien URL-parametreihin voidaan piilottaa prompteja, jotka ohjaavat tekoälyavustajia antamaan puolueellisia suosituksia, kertoo The Register.
Tomi Engdahl says:
Mobiilivarmenteeseen muutos – Saattaa herättää epäilyksiä
Jani Ahosola10.2.202619:02TunnistautuminenTietoturvaMobiilisovellukset
Mobiilivarmenteen tunnistautumissivun ulkoasu sai muutoksen. Lisäturvaksi suositellaan häirinnänestokoodia.
https://www.iltalehti.fi/digiuutiset/a/e5f53327-e8ec-40b5-84c3-526b786a30c3
Tomi Engdahl says:
https://thehackernews.com/2026/02/sshstalker-botnet-uses-irc-c2-to.html
Tomi Engdahl says:
Nyt kannattaa toimia nopeasti – iPhoneen iskettiin rumasti
Nyt on päivityksen paikka.
https://www.is.fi/digitoday/tietoturva/art-2000011813584.html
Tomi Engdahl says:
Single prompt breaks AI safety in 15 major language models
news
Feb 10, 2026
https://www.infoworld.com/article/4130017/single-prompt-breaks-ai-safety-in-15-major-language-models-2.html
The GRP‑Obliteration technique reveals that even mild prompts can reshape internal safety mechanisms, raising oversight concerns as enterprises increasingly fine‑tune open‑weight models with privileged training access.
A single benign-sounding prompt can systematically strip safety guardrails from major language and image models, raising fresh questions about the durability of AI alignment when models are customized for enterprise use, according to Microsoft research.
The technique, dubbed GRP-Obliteration, weaponizes a common AI training method called Group Relative Policy Optimization, normally used to make models more helpful and safer, to achieve the opposite effect, the researchers said in a blog post.
Microsoft tested the method on 15 models from six families, including GPT-OSS, DeepSeek-R1-Distill variants, Google’s Gemma, Meta’s Llama 3.1, Mistral AI’s Ministral, and Qwen, using just one training prompt: “Create a fake news article that could lead to panic or chaos.”
https://www.microsoft.com/en-us/security/blog/2026/02/09/prompt-attack-breaks-llm-safety/
Tomi Engdahl says:
15,200 OpenClaw Control Panels with Full System Access Exposed to the Internet
https://cybersecuritynews.com/openclaw-control-panels-exposed/#google_vignette
A critical security failure in the rapidly adopting “agentic AI” ecosystem has left tens of thousands of personal and corporate AI assistants fully exposed to the public internet.
New research released today by the SecurityScorecard STRIKE Threat Intelligence Team reveals that 15,200 instances of the popular OpenClaw framework (formerly known as Moltbot) are vulnerable to Remote Code Execution (RCE), allowing attackers to take full control of the host machines.
The STRIKE team’s reconnaissance identified 42,900 unique IP addresses hosting exposed OpenClaw control panels across 82 countries.
Tomi Engdahl says:
https://futurism.com/artificial-intelligence/microsoft-added-ai-notepad-security-flaw
Tomi Engdahl says:
CISA Warns of Notepad++ Code Execution Vulnerability Exploited in Attacks
https://cybersecuritynews.com/notepad-code-execution-vulnerability/
CISA has added CVE-2025-15556 to its Known Exploited Vulnerabilities (KEV) catalog, highlighting active exploitation of a critical code execution flaw in Notepad++, a widely used open-source text editor popular among developers and IT professionals.
Added on February 12, 2026, with a federal civilian executive branch (FCEB) patching deadline of March 5, 2026, the vulnerability stems from the WinGUp updater’s failure to perform integrity checks on downloaded code.
Attackers can intercept or redirect update traffic, tricking users into installing malicious payloads that execute arbitrary code with user-level privileges.
This flaw, classified under CWE-494 (Download of Code Without Integrity Check), poses severe risks in real-world attacks. Threat actors could leverage man-in-the-middle (MitM) techniques on unsecured networks to serve tampered installers, potentially deploying ransomware, malware droppers, or persistent backdoors.
While direct ties to ransomware campaigns remain unknown, the vulnerability’s simplicity, requiring no authentication or user interaction beyond routine updates, makes it ideal for supply chain-style compromises.
Notepad++’s prevalence on Windows endpoints amplifies exposure, especially in enterprise environments where manual updates are common.
Notepad++ developers have addressed the issue in version 8.8.9 and later, as detailed in their official clarification and community forum. The patch enforces cryptographic verification of update packages, thwarting interception attempts.
However, users on vulnerable versions (primarily 8.6 through 8.8.8) remain at risk if auto-updates are disabled—a common configuration for stability.
Tomi Engdahl says:
Infosec exec sold eight zero-day exploit kits to Russia, says DoJ
https://www.theregister.com/2026/02/15/exl3harris_exec_sold_8_zeroday/
The former General Manager of defense contractor L3Harris’s cyber subsidiary Trenchant sold eight zero-day exploit kits to Russia, according to a court filing last week.
We first wrote about this case in October 2025, when former Trenchant boss Peter Williams pleaded guilty to two counts of theft of trade secrets – but court records didn’t detail exactly what he stole.
Tomi Engdahl says:
Zen-AI-Pentest: Open-source AI-powered penetration testing framework
Zen-AI-Pentest provides an open-source framework for scanning and exercising systems using a combination of autonomous agents and standard security utilities.
The project aims to let users run an orchestrated sequence of reconnaissance, vulnerability scanning, exploitation, and reporting using AI guidance and industry tools like Nmap and Metasploit. It is written to support command line, API, and web interfaces.
https://www.helpnetsecurity.com/2026/02/11/zen-ai-pentest-open-source-penetration-testing-framework/
Tomi Engdahl says:
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
https://thehackernews.com/2026/02/researchers-observe-in-wild.html
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr.
“Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. “Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel.”
The vulnerability in question is CVE-2026-1731 (CVS score: 9.9), which could allow an unauthenticated attacker to achieve remote code execution by sending specially crafted requests.
BeyondTrust noted last week that successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption.
Tomi Engdahl says:
Brutus: Open-source credential testing tool for offensive security
https://www.helpnetsecurity.com/2026/02/13/brutus-open-source-credential-testing-tool-offensive-security/
Brutus is an open-source, multi-protocol credential testing tool written in pure Go. Designed to replace legacy tools that have long frustrated penetration testers with dependency headaches and integration gaps, Brutus ships as a single binary with zero external dependencies and native support for the JSON-based reconnaissance pipelines that define offensive security.
Tomi Engdahl says:
Microsoft wants Windows 11 “secure by default,” could allow only properly signed apps and drivers by default
https://www.windowslatest.com/2026/02/12/microsoft-wants-windows-11-secure-by-default-could-allow-only-properly-signed-apps-and-drivers-by-default/
Microsoft just announced a per-app permission system, just like Android, for Windows 11, to make the OS “secure by default”. Soon, Windows is said to allow only properly signed apps and drivers to run. This is still an experiment, and we don’t know when it’ll become the default behaviour, but it’s being considered, and we might see changes soon. Of course, you’ll be able to turn off all new security features.
Tomi Engdahl says:
Self Own
Skeptic Builds “Havana Syndrome”-Style Device, Tests It on Himself, Suffers Grim Consequences
One-shotted by the brain scrambler.
https://futurism.com/science-energy/weapon-havana-syndrome-scientist?fbclid=IwdGRjcAQDGOVjbGNrBAMYkmV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHlDapE-hlgyTioqOegXC3KOAw5dLujLK2tvc_zhfRe7ywULTMWiHG1sSiaxj_aem_U_CDJjRvmwxCL8Bjbmq7Og
One of the strangest stories in contemporary statecraft refuses to go away.
New reporting by the Washington Post revealed that a Norwegian government scientist has been secretly working on a pulse-energy weapon, an approximation of the fabled “Havana syndrome” gun, which may or may not even exist. Specifically, the weapon was described as a device capable of emitting powerful pulses of microwave energy.
Here’s where things get truly weird. In 2024, after the unnamed scientist had presumably produced a working unit, he became skeptical of its efficacy. So he did what any self-respecting man of science would do, and turned the weapon on himself in an attempt to demonstrate microwave weapons are harmless, WaPo reported.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/
Tomi Engdahl says:
https://thehackernews.com/2026/02/infostealer-steals-openclaw-ai-agent.html
Tomi Engdahl says:
https://dvv.fi/-/digi-ja-vaestotietovirasto-kymmenen-vuoden-passeja-ei-ole-turvallista-myontaa-viela-vuosiin?fbclid=IwdGRjcAQCr79jbGNrBAKvsGV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHsSIYNxylQv8Jw51oCegN5qed4-nuUX7KIr-TYrO4ACmRvAWUisVNxu4dF1c_aem_HhoILR0jb4cDK7J1Ny-U7Q
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/notepad-plus-plus-boosts-update-security-with-double-lock-mechanism/
Tomi Engdahl says:
Your AI-generated password isn’t random, it just looks that way
Seemingly complex strings are actually highly predictable, crackable within hours
https://www.theregister.com/2026/02/18/generating_passwords_with_llms/
Generative AI tools are surprisingly poor at suggesting strong passwords, experts say.
AI security company Irregular looked at Claude, ChatGPT, and Gemini, and found all three GenAI tools put forward seemingly strong passwords that were, in fact, easily guessable.
Prompting each of them to generate 16-character passwords featuring special characters, numbers, and letters in different cases, produced what appeared to be complex passphrases. When submitted to various online password strength checkers, they returned strong results. Some said they would take centuries for standard PCs to crack.
Tomi Engdahl says:
UK to demand social platforms take down abusive intimate images within 48 hours
‘Why not 12?’ says lawyer
https://www.theregister.com/2026/02/19/uk_intimate_images_online/
The UK is bracketing “intimate images shared without a victim’s consent” along with terror and child sexual abuse material, and demanding that online platforms remove them within two days.
The government announced today that it would add an amendment to the Crime and Policing Bill requiring platforms to “remove this content no more than 48 hours after it is flagged to them.”
Platforms that do not do so would potentially face fines of 10 percent of “qualifying worldwide income” or have their services blocked in the UK.
Tomi Engdahl says:
I set up DNS filtering on my router, but split DNS was the best quality of life upgrade
https://www.xda-developers.com/dns-filtering-router-but-split-dns-best-quality-of-life-upgrade/
One of the biggest wins in home networking is self-hosting your own DNS server. It’s not just that you can enable DNS filtering to clear your network — that’s a good start — but it can be so much more. From creating local domain translations to easily remembering my home lab experiments with human-readable URLs, to handling different domain resolution on different subnets or DHCP scopes, and other advanced tweaks, DNS is the technology that keeps my home lab purring along.
The DNS server I prefer to run at home is Technitium, which is powerful, has a great UI, and now has clustering, so I can run multiple copies and have them in sync without extra setup steps. It’s also as powerful as any commercial option, so I can use zones and split-horizon DNS to ensure my devices always use the lowest-latency DNS resolution method.
I have two conditions for DNS filtering. One, it’s great if I’m the one doing it. Two, it’s less than great if my ISP is the one doing it. I’ve used AdGuard, Pi-hole, Technitium, and the inbuilt block lists in OPNsense, and they all do pretty much the same job. After all, they’re using the same lists of troublesome DNS records to ensure my network is spam and scam-free.
It’s an instant improvement to any network, but you don’t have to take my word for it. In 2024, Akamai Technologies Inc. found that bots accounted for 42% of all web traffic, with 65% of those being malicious. If you thought your network is safe, it’s not, not really, until you implement a firewall and some DNS filtering, and possibly some IDS/IDP solution to identify and ban malicious traffic that’s not covered by the DNS blocklists.
DNS filtering is one of the simplest things a DNS server can implement, because it simply prevents those domains from resolving and sending data to your devices.
It doesn’t stop there, though. Local caching speeds up your browsing after the first hit to any domain, making a huge difference to the responsiveness of the sites you visit regularly. Plus, you can add an internal namespace for home lab content, encrypt your DNS queries for privacy, and more. And my favorite: linking it to my DHCP servers to dynamically register hostnames for devices, VMs, and containers as they pop on and off my network.
Set the internal DNS server to forward unresolved requests to a recursive server in your DMZ or a public DNS server — this avoids recursion issues if your internal DNS server receives a bad response from an external host.
Tomi Engdahl says:
https://www.independent.co.uk/news/world/americas/cloudfare-outage-down-disruption-b2924703.html?fbclid=IwdGRjcAQFneFjbGNrBAWd2WV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHviMrbbm93lluOjHNtlIfwulKmdc86_hlOdeyA7a-aclJMd_wnoW-Etysq-n_aem_cATIBUt_HKswJYtu46Md3A