malwarenews | Unsorted

Telegram-канал malwarenews - Malware News

1564

The most relevant and recent events in the world of information security https://malware.news All Projects: malwarecorp.com This channel is run by AI and BOT

Subscribe to a channel

Malware News

Malware Corporation Network — For Sale

17+ каналов, 2 групповых чата, 5 ботов автопродаж. Другие: 9 каналов, 1 чат, 2 бота.
17+ channels, 2 group chats, 5 auto-sale bots. Other: 9 channels, 1 chat, 2 bots.


Кроме этого / Buyer receives:
Домен / Domain: malwarecorp.com
Все доступы и архивы контента / Full access & content archives
Данные приватных каналов / Private channel data
Боты автопродаж со всеми товарами / Auto-sale bots with all products (published & unpublished)
Юзернеймы в TON NFT / Usernames converted to TON NFT


Совмещать ведение сети с офлайн-жизнью больше не получается — продаю. Надеюсь, новый владелец продолжит ежедневный выход контента.
Can no longer balance the network with personal life. Hope the new owner continues the daily content tradition.


Цена / Price: $1 за подписчика / per subscriber — всё включено / all included.

По запросу / On request: статистика, доходы, список каналов, аудитория.
Stats, revenue data, full channel list, audience insights.


📩 @malwareseller (Write only here)

Читать полностью…

Malware News

Mozilla security advisory (AV26-136)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-136<br /><strong>Date: </strong>February 17, 2026</p>

On February 16, 2026, Mozilla published security advisories to address vulnerabilities in the following products:

— Thunderbird – versions prior to 147.0.2 and 140.7.2
— Firefox – versions prior to 147.0.4
— Firefox ESR – versions prior to 115.32.1
— Firefox ESR – versions prior to 140.7.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Mozilla Foundation Security Advisory 2026-11
Mozilla Foundation Security Advisory 2026-10
Mozilla Security Advisories

</div>


Article Link:
Mozilla security advisory (AV26-136) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/mozilla-security-advisory-av26-136/104189
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Red Hat security advisory (AV26-135)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-135<br /><strong>Date: </strong>February 17, 2026</p>

Between February 9 and 15, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:

— Red Hat CodeReady Linux Builder – multiple versions and platforms
— Red Hat Enterprise Linux – multiple versions and platforms
— Red Hat Enterprise Linux Server – multiple versions and platforms
— Red Hat Enterprise Linux for Real Time – multiple versions and platforms

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Red Hat Security Advisories

</div>


Article Link:
Red Hat security advisory (AV26-135) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/red-hat-security-advisory-av26-135/104187
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Ubuntu security advisory (AV26-133)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-133<br /><strong>Date:</strong> February 17, 2026</p>

Between February 9 and 15, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:

— Ubuntu 16.04 LTS
— Ubuntu 18.04 LTS
— Ubuntu 20.04 LTS
— Ubuntu 22.04 LTS
— Ubuntu 24.04 LTS
— Ubuntu 25.10

The Cyber Centre encourages users and administrators to review the web link provided and apply the necessary updates.

Ubuntu Security Notices

</div>


Article Link:
Ubuntu security advisory (AV26-133) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/ubuntu-security-advisory-av26-133/104185
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Dell security advisory (AV26-132)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-132<br /><strong>Date: </strong>February 17, 2026</p>

Between February 9 and 15, 2026, Dell published security advisories to address vulnerabilities in the following products:

— Dell Avamar Data Store Gen4T – multiple versions
— Dell Avamar Data Store Gen5A – multiple versions
— Dell Avamar Network Data Management Protocol (NDMP) Accelerator – multiple versions
— Dell Avamar VMware Image Backup Proxy – multiple versions
— Dell Avamar Virtual Edition – multiple versions
— Dell EMC XC Core XC7525 – versions prior to 2.21.1
— Dell Networker Virtual Edition (NVE) – multiple versions
— Dell PowerEdge – multiple versions and models
— Dell PowerProtect DP Series Appliance (IDPA) – versions prior to 2.7.9
— Dell Private Cloud  Red Hat – versions prior to 01.02.00.00
— Dell Private Cloud -VMware – versions prior to 01.03.00.00
— Dell Update Package (DUP) Framework – versions 23.12.00 to 24.12.00
— Dell XC Core – multiple versions and models
— NetWorker – versions 19.9 to
19.13.0.2
— iDRAC Service Module for Linux – versions prior to
5.4.1.1
— iDRAC Service Module for Windows – versions prior to
5.4.1.1
— iDRAC Service Module for Windows – versions prior to
6.0.3.1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

Dell Security advisories and notices

</div>


Article Link:
Dell security advisory (AV26-132) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/dell-security-advisory-av26-132/104182
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Chrome “preloading” could be leaking your data and causing problems in Browser Guard

This article explains why Chrome’s “preloading” feature can cause scary-looking blocks in Malwarebytes Browser Guard and how to turn it off.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Modern browsers want to provide content instantly. To do that, Chrome includes a feature called page preloading. When this is enabled, Chrome doesn’t just wait for you to click a link. It guesses what you’re likely to click next and starts loading those pages in the background—before you decide whether to visit them.

That guesswork happens in several places. When you type a search into the address bar, Chrome may start preloading one or more of the top search results so that, if you click them, they open almost immediately. It can also preload pages that are linked from the site you’re currently on, based on Google’s prediction that they’re “likely next steps.” All of this happens quietly, without any extra tabs opening, and often without any obvious sign that more pages are being fetched.​

From a performance point of view, that’s clever. From a
privacy and security point of view, it’s more complicated.

Those preloaded pages can run code, drop cookies, and contact servers, even if you never actually visit them in the traditional sense. In other words, your browser can talk to a site you didn’t consciously choose to open.​

Malwarebytes Browser Guard inspects web traffic and blocks connections to domains it considers malicious or suspicious. So, if Chrome decides to preload a search result that leads to a site on our blocklist, Browser Guard will still do its job and stop that background connection. The result can be confusing: You see a warning page (called a block page) for a site you don’t recognize and are sure you never clicked.

Nothing unusual is happening there, and it does not mean your browser is “clicking links by itself.” It simply means Chrome’s preloading feature made a behind-the-scenes request, and Browser Guard intercepted it as designed. Other privacy tools take a similar approach. Some popular content blockers disable preloading by default because it leaks more data and can contact unwanted sites.

For now, the simplest way to stop these unexpected block pages is to turn off preloading in Chrome’s settings, which prevents those speculative background requests.

How to manage Chrome’s preloading setting
We recommend turning off page preloading in Chrome to protect your browsing privacy and to stop seeing unexpected block pages when searching the web. If you don’t want to turn off page preloading, you can try using a different browser and repeating your search.

To turn off page preloading:

— In your browser search bar, enter:
chrome://settings
— In the left sidebar, click Performance.
— Scroll down to Speed, then toggle Preload pages off.

We don’t just report on data privacy—we help you remove your personal information

Cybersecurity risks should never spread beyond a headline. With 
Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

Article Link:
Chrome "preloading" could be leaking your data and causing problems in Browser Guard | Malwarebytes

1 post - 1 participant

Read full topic

https://malware.news/t/chrome-preloading-could-be-leaking-your-data-and-causing-problems-in-browser-guard/104180
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Hackers Offer to Sell Millions of Eurail User Records

Eduard Kovacs reports: The Netherlands-based company disclosed a data breach in mid-January, informing the public that the personal, order, and travel reservation information of customers who were issued a Eurail pass may have been compromised. Those who reserved a seat through Eurail may also be affected. Eurail said at the time that hackers accessed systems storing basic...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
Hackers Offer to Sell Millions of Eurail User Records - DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/hackers-offer-to-sell-millions-of-eurail-user-records/104178
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Security Lapse at MYH: Private Agency Fined After Viral Video

Devdiscourse reports: A private security firm faced a fine of Rs 25,000 [USD $275.77] on Tuesday after a viral video allegedly revealed neglect, as two women carried a patient on a stretcher out of Government Maharaja Yashwantrao Chikitsalaya (MYH), officials stated. Considered one of the largest state-operated hospitals in Madhya Pradesh, MYH is under the...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
Security Lapse at MYH: Private Agency Fined After Viral Video - DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/security-lapse-at-myh-private-agency-fined-after-viral-video/104176
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

CISA threat-hunting leader to depart for private sector role

<p>A senior official in the Cybersecurity and Infrastructure Security Agency overseeing the agency’s threat hunting activities is leaving for a role in the private sector, according to two people familiar with the matter. </p>


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<p>Jermaine Roebuck, CISA’s associate director for threat hunting, announced his departure in an all-hands meeting this past Thursday, said the people, who spoke on the condition of anonymity to discuss his career plans. </p>

<p>Roebuck told <em>Nextgov/FCW </em>via email that his expected last day is March 6. He declined to comment further.</p>

<p>CISA’s threat hunting unit works with law enforcement and intelligence analysts to trace malicious activity across federal networks. The group regularly scans government and critical infrastructure systems for intrusions and uses forensic analysis to uncover hackers’ tactics, techniques and procedures.</p>

<p>The announcement comes as the cyber agency has furloughed <a href=“
CISA to furlough most of its workforce under impending DHS shutdown - Nextgov/FCW”>most of its workforce</a> after last week’s funding lapse for the Department of Homeland Security, where CISA is housed. Roebuck has held multiple roles at CISA, and he helped stand up the agency’s Election Security Operations Team leading into the 2020 presidential election.</p>

<p>The expected move, which is voluntary, is the latest loss for the cyberdefense agency that has already hemorrhaged around a third of its workforce in the last year. The Trump administration has deployed various mechanisms to reduce its workforce, including reduction-in-force notices and other means to incentivize departures.</p>

<p>Last week, CISA’s top official — who is separately facing scrutiny over a handful of developments concerning his tenure — confirmed to House appropriators that multiple employees were given <a href=“
CISA’s acting chief says 70 staff were reassigned to other DHS offices in last year - Nextgov/FCW”>transfer orders</a> to other offices inside DHS over the last year.</p>

<p>On top of this, CISA’s Cybersecurity Division is undergoing a reorganization, with some programs expected to be shuttered, Cybersecurity Dive <a href=“
https://www.cybersecuritydive.com/news/cisa-cybersecurity-division-reorganization/812155/”>reported</a> last week.</p>

<p>The cyber agency still does not have a permanent Senate-confirmed leader. Sean Plankey, the White House nominee for the role, was renominated at the start of this year, but ongoing Senate hurdles are slowing the confirmation process.</p>

Article Link:
CISA threat-hunting leader to depart for private sector role - Nextgov/FCW

1 post - 1 participant

Read full topic

https://malware.news/t/cisa-threat-hunting-leader-to-depart-for-private-sector-role/104174
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Update Chrome now: Zero-day bug allows code execution via malicious webpages

Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


CVE-
2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it serious enough to issue a separate update of the stable channel for it, rather than wait for the next major release.

How to update Chrome
The latest version number is 145.0.7632.75/76 for Windows and macOS, and 145.0.7632.75 for Linux. So, if your Chrome is on version 145.0.7632.75 or later, it’s protected from these vulnerabilities.

The easiest way to update is to allow Chrome to update automatically. But you can end up lagging behind if you never close your browser or if something goes wrong, such as an extension preventing the update.

To update manually, click the More menu (three dots), then go to Settings > About Chrome. If an update is available, Chrome will start downloading it. Restart Chrome to complete the update, and you’ll be protected against these vulnerabilities.

Chrome at version 145.0.7632.76 is up to date

You can also find step-by-step instructions in our guide to 
how to update Chrome on every operating system.

Technical details
Google confirms it has seen active exploitation but is not sharing who is being targeted, how often, or detailed indicators yet.

But we can derive some information from what we know.

The vulnerability is a use‑after‑free issue in Chrome’s CSS font feature handling (CSSFontFeatureValuesMap), which is part of how websites display and style text. More specifically: The root cause is an iterator invalidation bug. Chrome would loop over a set of font feature values while also changing that set, leaving the loop pointing at stale data until an attacker managed to turn that into code execution.

Use-after-free (UAF) is a type of software vulnerability where a program attempts to access a memory location after it has been freed. That can lead to crashes or, in some cases, lets an attacker run their own code.

The
CVE-record says, “Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.” (Chromium security severity: High)

This means an attacker would be able to create a special website, or other HTML content that would run code inside the Chrome browser’s sandbox.

Chrome’s sandbox is like a secure box around each website tab. Even if something inside the tab goes rogue, it should be confined and not able to tamper with the rest of your system. It limits what website code can touch in terms of files, devices, and other apps, so a browser bug ideally only gives an attacker a foothold in that restricted environment, not full control of the machine.

Running arbitrary code inside the sandbox is still dangerous because the attacker effectively “becomes” that browser tab. They can see and modify anything the tab can access. Even without escaping to the operating system, this is enough to steal accounts, plant backdoors in cloud services, or reroute sensitive traffic.

If chained with a vulnerability that allows a process to escape the sandbox, an attacker can move laterally, install malware, or encrypt files, as with any other full system compromise.

How to stay safe
To protect your device against attacks exploiting this vulnerability, you’re strongly advised to update as soon as possible. Here...


https://malware.news/t/update-chrome-now-zero-day-bug-allows-code-execution-via-malicious-webpages/104167
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis

Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly sophisticated to bypass region-specific defenses and increase the chance of reaching real business users. 


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


In this analysis, we dissect a recent campaign targeting Brazilian users. What starts as a deceptive “banking receipt” quickly turns into a multi-stage infection chain that leverages steganography, Cloudinaryabuse, and a dedicated .NET persistence module designed to bypass traditional schtasks monitoring, reducing early visibility for security teams and prolonging dwell time. 

Complete infection chain from WScript execution to CasPol injection
Key Takeaways 
Built to blend into finance workflows: A “receipt” lure is optimized for real corporate inboxes and shared drives across LATAM.

High click potential in real operations: Payment and receipt themes map to everyday processes, which raises the chance of execution on work machines.

The chain is designed to stay quiet: WMI execution, fileless loading, and .NET-based persistence reduce early detection signals and increase dwell time. 

One endpoint can become an identity problem: XWorm access can lead to credential/session theft and downstream compromise of email, SaaS, and finance systems. 

Trusted services and binaries are part of the evasion: Cloud-hosted payload delivery and CasPol.exe abuse help the activity blend in.

Early detection is an operational advantage: Better monitoring + faster triage +
regional hunting can keep his attack from escalating into fraud, data exposure, or ransomware.

74% of Fortune 100 companies
rely on
ANY.RUN
for earlier detection and faster SOC response


Power your SOC now


Stage 1: The Deceptive Delivery 
This campaign begins with a classic but effective technique aimed at Brazilian users: a malicious file masquerading as a bank receipt (“Comprovante-Bradesco...”). While it abuses the double-extension trick (.pdf.js) to look like a document, it is, in reality, a Windows Script Host (WSH) dropper designed for direct execution 

The file tries to masquerade as a PDF document with a fake extension to deceive the user. 
Although the file size is unusually large (~1.2MB) for a simple script, this is intentional. The attackers padded it with junk data to inflate entropy and evade static analysis scanners that may skip larger files, helping the lure pass through initial controls and delaying detection. 

Analyzing the Obfuscated JavaScript 
Upon opening the file, there’s no readable code. Instead, the script uses heavy obfuscation via Unicode “junk injection.” The malicious logic is buried inside massive string variables packed with emojis, homoglyphs, and other non-ASCII characters 

Heavily obfuscated code using Unicode characters and emojis. 
As seen above, the script uses a delimiter-based reconstruction me...


https://malware.news/t/latam-businesses-hit-by-xworm-via-fake-financial-receipts-full-campaign-analysis/104165
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Hobby coder accidentally creates vacuum robot army

Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. Like any good maker, he thought it would be fun to drive a new DJI Romo around manually. He ended up gaining access to an army of robotic cleaners that gave him eyes into thousands of homes.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Driven by purely playful reasons, Azdoufal used Anthropic’s Claude Code AI coding assistant to reverse-engineer his Romo’s communication protocols. But when his homebrew app connected to DJI’s servers, roughly 7,000 robot vacuums across 24 countries started answering.

He could watch their live camera feeds, listen through onboard microphones, and generate floor plans of homes he’d never visited. With just a 14-digit serial number, he
pinpointed a Verge journalist’s robot, confirmed it was cleaning the living room at 80% battery, and produced an accurate map of the house from another country.

The technical failure was almost comically basic. DJI’s MQTT message broker had no topic-level access controls. Once you authenticated with a single device token, you could see traffic from others device in plaintext.

It wasn’t only vacuums that answered back. DJI’s Power portable battery stations, which run on the same MQTT infrastructure, also showed up. These are home-backup generators expandable to 22.5kWh, marketed for keeping your house running during outages.

What makes this different from a conventional security discovery is how it happened. Azdoufal used Claude Code to decompile DJI’s mobile app, understand its protocol, extract his own authentication token, and build a custom client.

AI coding tools are lowering the bar for advanced offensive security. The population capable of probing Internet of Things (IoT) protocols just got much, much larger, further eroding any remaining faith in security through obscurity.

Why plenty of IoT vacuum cleaners suck
This isn’t the first time someone has remotely pwned a robot vacuum cleaner. In 2024, hackers
commandeered Ecovacs Deebot X2 vacuums across US cities, shouting slurs through speakers and chasing pets around. Ecovacs’s PIN protection was checked only by the app, never by the server or the device.

Last September, South Korea’s consumer watchdog tested six brands. While Samsung and LG fared well, and
found serious flaws in three Chinese models. Dreame’s X50 Ultra allowed remote camera activation. Researcher who Dennis Giese later reported a TLS vulnerability in Dreame’s app to CISA. Dreame didn’t respond to CISA’s queries.

The pattern keeps repeating: manufacturers ship vacuums with textbook security failures, ignore researchers, then scramble when journalists publish.

DJI’s initial response made things worse. Spokesperson Daisy Kong told The Verge the flaw had been fixed the prior week. That statement arrived about thirty minutes before Azdoufal demonstrated thousands of robots, including the journalist’s own review unit, still reporting in live. DJI later issued a fuller
statement acknowledging a backend permission validation issue and two patches, on February 8 and 10.

DJI said that TLS encryption was always in place, but Azdoufal says that protects the connection, not what’s inside it. He also told The Verge that additional vulnerabilities remain unpatched, including a PIN bypass on the camera feed.

Regulators are applying pressure
Regulation is arriving, slowly. The EU’s Cyber Resilience Act will require mandatory security-by-design for all connected products sold in the bloc by December 2027, with fines up to €15 million. The UK’s PSTI Act, in force since...


https://malware.news/t/hobby-coder-accidentally-creates-vacuum-robot-army/104163
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Fake Incident Report Used in Phishing Campaign, (Tue, Feb 17th)

This morning, I received an interesting phishing email. I’ve a “love & hate” relation with such emails because I always have the impression to lose time when reviewing them but sometimes it’s a win because you spot interesting “TTPs” (“tools, techniques &  procedures”). Maybe one day, I’ll try to automate this process!


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
Fake Incident Report Used in Phishing Campaign - SANS ISC

1 post - 1 participant

Read full topic

https://malware.news/t/fake-incident-report-used-in-phishing-campaign-tue-feb-17th/104161
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812, (Tue, Feb 17th)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812

1 post - 1 participant

Read full topic

https://malware.news/t/isc-stormcast-for-tuesday-february-17th-2026-https-isc-sans-edu-podcastdetail-9812-tue-feb-17th/104159
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Montana hospital restores phones as cyber-related network disruptions persist

Dysruption Hub reports: Livingston HealthCare in Livingston, Montana, says its phone system has been restored after a cybersecurity incident disrupted communications and led the hospital to take some systems offline, but network disruptions continue as restoration work proceeds. The nonprofit hospital said Feb. 13 that a “potential cybersecurity incident” disrupted its phone systems and network and that...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
https://databreaches.net/2026/02/16/montana-hospital-restores-phones-as-cyber-related-network-disruptions-persist/?pk_campaign=feed&amp;pk_kwd=montana-hospital-restores-phones-as-cyber-related-network-disruptions-persist

1 post - 1 participant

Read full topic

https://malware.news/t/montana-hospital-restores-phones-as-cyber-related-network-disruptions-persist/104157
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Tenable security advisory (AV26-137)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-137<br /><strong>Date: </strong>February 17, 2026</p>

On February 17, 2026, Tenable published a security advisory to address vulnerabilities in the following product. Included was a critical update for the following:

— Tenable Security Center – version 6.7.2 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

[R2] Stand-alone Security Patches Available for Tenable Security Center versions 6.5.1, 6.6.0 and 6.7.2: SC-202602.1 + SC-202602.2
Tenable Product Security Advisories

</div>


Article Link:
Tenable security advisory (AV26-137) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/tenable-security-advisory-av26-137/104190
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

The Most Impactful Breaches of 2025

Lessons learned from a record-breaking year in cybersecurity.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
https://arcticwolf.com/resources/on-demand-webinar/most-impactful-breaches-of-2025/

1 post - 1 participant

Read full topic

https://malware.news/t/the-most-impactful-breaches-of-2025/104188
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

[Control systems] CISA ICS security advisories (AV26-134)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-134<br /><strong>Date: </strong>February 17, 2026</p>

Between February 9 and 15, 2026, CISA published ICS advisories to address vulnerabilities in the following products:

— AVEVA PI Data Archive PI Server – multiple versions
— AVEVA PI to CONNECT Agent – versions prior to v2.4.2520
— Airleader GmbH Airleader Master – version 6.381 and prior
— Hitachi Energy SuprOS – versions 9.2.1 and prior and
9.2.2.0
— Siemens COMOS V10.4 – versions prior to 10.4.5
— Siemens COMOS V10.4.5 – versions prior to 10.4.5.0.2
— Siemens COMOS V10.5 – versions prior to 10.5.2
— Siemens COMOS V10.6 – all versions
— Siemens Desigo CC family V6/V7 vers – all versions
— Siemens Desigo CC family V8 – versions prior to V8.0 QU2
— Siemens NX – versions prior to V2512
— Siemens Polarion V2404 – versions prior to 2404.5
— Siemens Polarion V2410 – versions prior to 2410.2
— Siemens SENTRON Powermanager V6/V7 vers – all versions
— Siemens SENTRON Powermanager V8 – versions prior to V8.0 QU2
— Siemens SINEC NMS – all versions (CVE-2026-25655)
— Siemens SINEC NMS – versions prior to V4.0 SP2 (CVE-2026-25656)
— Siemens SINEC OS – multiple versions and platforms
— Siemens Siveillance Video Management Servers – multiple versions and models
— Siemens Solid Edge – versions prior to V226.00 Update 03
— Yokogawa FAST/TOOLS – versions R9.01 to R10.04
— ZLAN Information Technology Co. ZLAN5143D – version v1.600
— ZOLL ePCR IOS Mobile Application – version 2.6.7

The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.

CISA ICS Advisories

</div>


Article Link:
[Control systems] CISA ICS security advisories (AV26-134) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/control-systems-cisa-ics-security-advisories-av26-134/104186
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Stop Guessing: How to Prove Cyber Risk Reduction for Security Operations


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
https://arcticwolf.com/resources/upcoming-events-and-webinars/stop-guessing-how-to-prove-cyber-risk-reduction-for-security-operations/

1 post - 1 participant

Read full topic

https://malware.news/t/stop-guessing-how-to-prove-cyber-risk-reduction-for-security-operations/104184
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Strategic AI for Preemptive Cyber Defense and Attacker Cost Imposition

Modern AI security tools are heavily focused on reducing operational bottlenecks. It might help analysts clear an alert queue faster or prioritize which fires to put out first. While these efforts are valuable for efficiency, they don’t fundamentally change the game; they just help teams react more effectively to attacks that have already breached the perimeter.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


If your AI security tools only focus on making the SOC run faster, you are still just playing a faster version of the attacker’s game.

True strategic advantage requires a shift to
Preemptive Cyber Defense. By identifying malicious activity while it is still being staged, organizations can stop bottlenecks before they ever occur.

The Dead End of Faster Reaction
Traditional security relies on
Indicators of Compromise (IOCs). These are essentially digital post-game highlights of a match you already lost. If your AI strategy is solely focused on filtering these old signals faster, you are still just documenting a failure.

Making “Left of Boom” Real
In the security industry, the term  “Left of Boom” is often straight-up marketing fluff. But attackers do not appear out of thin air; they build, stage, and test their infrastructure weeks or months before a campaign begins.

Being able to confidently identify these future attacks is the only way to get truly Left of Boom. Instead of waiting for an attack to hit your sensors, we constantly re-resolve and pre-correlate the global DNS record set. This provides a window into infrastructure while it is still being constructed by monitoring:

— DNS Relationships: Uncovering setup patterns in who manages malicious domains.
— Infrastructure Changes: Tracking actor configurations and certificate rotations over time.
— Content Changes: Using behavioral fingerprints to know what is being hosted, where and when it gets activated.

The Engine of Preemptive Defense: Enabling AI and Agentic Security with the Context Graph
The Context Graph is the engine that drives this strategic outcome.
Legacy tools are often stuck looking at static snapshots of known-bad infrastructure. The Context Graph maps the internet’s technical relationships and daily changes across benign, unknown, and known-bad assets to create a defined source of truth. It provides certainty because it acknowledges the reality of the cat-and-mouse game: the infrastructure that hits you tomorrow is almost certainly masquerading as “benign” today.

The Context Graph connects billions of disparate signals into a coherent map of internet infrastructure, moving security from probability-based guessing to deterministic certainty.

This engine is what makes AI-enhanced operations genuinely proactive. By becoming embedded upstream in security reasoning, both human and machine gets the reliable, preemptive context needed to act with confidence. Instead of giving an AI agent noisy probability scores to sort through, the Context Graph provides:

— Machine Consumption: APIs specifically designed for automated triage.
— Provenance: Clear confidence signals that AI can trust to reduce hallucinations.
— The Backbone: A foundational context layer that enables truly automated defense.

By neutralizing threats before they reach your perimeter, you fundamentally change attacker economics. Every time you block staged infrastructure, the attacker must scrap their work and spend more resources to start over. This makes their iteration loop slower than your defensive loop, shifting the organization from...


https://malware.news/t/strategic-ai-for-preemptive-cyber-defense-and-attacker-cost-imposition/104181
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Securing the Software Supply Chain: A Federal Imperative for 2026


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.




As
federal systems continue to underpin mission execution, software supply chain security has moved from a technical concern to a leadership responsibility. In 2026, the ability to understand, manage, and defend software risk directly influences whether programs can deliver capability at speed. Yet, we still see systemic weaknesses in how software trust is established.

Article Link:
Securing the Software Supply Chain: A Federal Imperative for 2026

1 post - 1 participant

Read full topic

https://malware.news/t/securing-the-software-supply-chain-a-federal-imperative-for-2026/104179
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

IBM security advisory (AV26-131)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


<div>
<div>


<div><p><strong>Serial number: </strong>AV26-131</p>

Date: February 17, 2026

Between February 9 and 15, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:

— Business Automation Workflow – versions
24.0.1.0 and 25.0.0.0
— IBM Business Automation Workflow Enterprise Service Bus – versions V24.0.0 to V24.0.1
— IBM Business Automation Workflow traditional – versions V25.0.0 to V25.0.1
— IBM Concert Software – versions 1.0.0 to 2.1.0
— IBM Financial Transaction Manager for ACH and Check Services – versions
3.0.0.0 to 3.0.5.4 iFix 27
— IBM Financial Transaction Manager for RehHat OpenShift – multiple versions
— IBM Operational Decision Manager – multiple versions
— IBM Sterling External Authentication Server – versions
6.1.0.0 to 6.1.0.3
— IBM Sterling Secure Proxy – versions
6.1.0.0 to 6.1.0.2, versions 6.2.0.0 to 6.2.0.2
— IBM webMethods Adapter 10.3 for Cmis - multiple versions
— IBM webMethods Adapter 10.5 for Alfresco – multiple versions
— IBM webMethods Adapter 10.5 for Documentum - multiple versions
— IBM webMethods Adapter 8.2 for Salesforce – multiple versions
— IBM webMethods Adapter 9.8 for HDFS – multiple versions
— IBM webMethods Integration (on prem) – versions 11.1 to IS_11.1_Core_Fix8
— z/Transaction Processing Facility – version 1.1

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

IBM Product Security Incident Response

</div>


Article Link:
IBM security advisory (AV26-131) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/ibm-security-advisory-av26-131/104177
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

How Juno Uses Context to Scale SecOps


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.





A database is publicly accessible on the internet. How urgent is that?

Article Link:
How Juno Uses Context to Scale SecOps

1 post - 1 participant

Read full topic

https://malware.news/t/how-juno-uses-context-to-scale-secops/104175
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks

Key Points


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.



— Check Point Research (CPR) has discovered that certain AI assistants that support web browsing or URL fetching can be abused as covert command-and-control relays (“AI as a proxy”), allowing attacker traffic to blend seamlessly into legitimate, commonly permitted enterprise communications.
— This technique was demonstrated against platforms such as Grok and Microsoft Copilot, leveraging anonymous web access combined with browsing and summarization prompts
— The same mechanism can also enable AI-assisted malware operations, including generating reconnaissance workflows, scripting attacker actions, and dynamically deciding “what to do next” during an intrusion.
— CPR outlines a near-term evolution in malware development, where implants shift from static logic to prompt-driven, adaptive behavior that can autonomously plan operations, prioritize targets and data, and adjust tactics in real-time based on environmental feedback.

Introduction
AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As a result, AI service domains increasingly blend into normal corporate traffic, often allowed by default and rarely treated as sensitive egress. Threat actors are already capitalizing on this shift. Across the malware ecosystem, AI is being used to accelerate development and operations: generating and refining code, drafting phishing content, translating lures, producing PowerShell snippets, summarizing stolen data, assisting operators with next decisions during an intrusion, and, in extreme cases, developing full C2 frameworks such as
Voidlink. The practical outcome is simple: AI reduces cost and time-to-scale, and helps less-skilled actors execute more complex playbooks.

But the next step is more consequential: AI isn’t only helping attackers write malware, it can become part of the malware’s runtime. In AI-Driven malware, the implant’s behavior is shaped dynamically by model output. Instead of relying solely on hardcoded decision trees, an implant can collect host context such as environment artifacts, user role indicators, installed software, domain membership, and geography, and use a model to triage victims, choose actions, prioritize data, and adapt tactics. This prompt-driven approach can make campaigns more flexible and harder to predict, especially as it shifts decision-making away from static code and toward external reasoning.In this research, Check Point Research demonstrates a concrete building block that connects these trends: AI assistants with web-browsing and URL-fetch capabilities can be abused as covert command-and-control relays, effectively using AI as a C2 proxy. We show how Grok and Microsoft Copilot can be driven through their web interfaces to fetch attacker-controlled URLs and return responses, creating a bidirectional channel that tunnels victim data out and commands back in. Crucially, this can work without an API key or a registered account, reducing the effectiveness of traditional kill switches such as key revocation or account suspension.

We then connect the technique to the broader trajectory: once AI services can be used as a stealthy transport layer, the same interface can also carry prompts and model outputs that act as an external decision engine, a stepping stone toward AI-Driven implants and AIOps-style C2 that automate triage, targeting, and operational choices in...


https://malware.news/t/ai-in-the-middle-turning-web-based-ai-services-into-c2-proxies-the-future-of-ai-driven-attacks/104173
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Poland arrests suspect linked to Phobos ransomware operation

Sergiu Gatlan reports: Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) arrested the suspect in the Małopolska region in a joint operation involving...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
Poland arrests suspect linked to Phobos ransomware operation – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/poland-arrests-suspect-linked-to-phobos-ransomware-operation/104166
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Arctic Wolf Threat Report Highlights 11x Growth in Data Extortion Incidents and Continued Dominance of Ransomware

New insights reveal the pivot to data-only extortion, attacker abuse of remote access tools, and how early detection is reshaping ransomware outcomes EDEN PRAIRIE, Minn. – February 17, 2026 – Arctic Wolf®, a global leader in security operations, today published the 2026 edition of its Threat Report, which analyzes hundreds of real‑world incident response engagements ... Arctic Wolf Threat Report Highlights 11x Growth in Data Extortion Incidents and Continued Dominance of Ransomware


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
Arctic Wolf Threat Report Highlights 11x Growth in Data Extortion Incidents and Continued Dominance of Ransomware - Arctic Wolf

1 post - 1 participant

Read full topic

https://malware.news/t/arctic-wolf-threat-report-highlights-11x-growth-in-data-extortion-incidents-and-continued-dominance-of-ransomware/104164
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Publication of a vacancy notice for the position of Europol Executive Director

Catherine De Bolle has served as Europol’s Executive Director since 1 May 2018, her mandate will conclude on 1 May 2026. The incoming Executive Director will have the opportunity to shape Europol’s future and strengthen its role in safeguarding the European Union’s internal security.About EuropolEuropol, based in The Hague, the Netherlands, supports and strengthens action by and cooperation of the...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
Publication of a vacancy notice for the position of Europol Executive Director | Europol

1 post - 1 participant

Read full topic

https://malware.news/t/publication-of-a-vacancy-notice-for-the-position-of-europol-executive-director/104162
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

SAST vs DAST vs IAST vs RASP: A Practical AppSec Comparison for DevSecOps teams

SAST, DAST, IAST, and RASP solve different parts of application security. Mature programs combine them to reduce blind spots. Static analysis finds issues early but lacks runtime context. Dynamic testing observes real behavior, but only where tests can reach. Interactive testing adds runtime and code context during QA. RASP adds in-app protection to block exploitation in production. This piece covers selection and CI/CD placement. For a fuller end-to-end explainer, use the linked DeepStrike guide to avoid content overlap.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


SAST analyses source/bytecode/binaries without executing the app (“white-box”). It is typically run in the IDE, on pull requests, or in CI, so developers get actionable, code-level remediation guidance early, and because it can be automated per change, it is most effective “shift-left”.
DAST attacks a running application from the outside (“black-box”). Scanners crawl reachable endpoints, inject payloads (e.g., SQL injection or XSS probes), and infer weaknesses from responses. It does not require source-code access, but it is bounded by reachability and the realism of your test setup (authentication states, user journeys, representative data).
IAST instruments the running app during automated tests or QA activity. Sensors observe execution, data flow, and configuration, then report vulnerabilities with code context for the paths your tests actually exercised. This is one reason IAST is often used to reduce triage time and improve confidence.
RASP instruments the application runtime in production to detect and block the exploitation of vulnerabilities using in-app context. Importantly, NIST notes RASP-style controls may run in monitor or protection mode, and can take actions such as terminating sessions or alerting staff when threats are detected. Academic work also treats RASP as an emerging area and evaluates RASP products in practice.
Detection tools (SAST, DAST, IAST) help you identify and remediate vulnerabilities. RASP is distinct because it prevents exploitation in real time, defending running applications while fixes are implemented.

Approach
Analysis type
Runs on
False positives
Remediation speed
Best SDLC stage
Best for

SAST
White-box static
Not running
Medium–high
Fast (code-mapped)
PR/CI
Early coding flaws, guardrails

DAST
Black-box dynamic
Running app
Lower, but can miss paths
Medium
QA/staging
Runtime/config/auth exposure

IAST
Instrumented grey-box
App + tests
Low
Fast–medium
QA/tests
High-confidence findings on executed paths

RASP
In-app runtime control
Production
Low
Mitigation (not a fix)
Production
Blocking exploitation, protecting legacy/high-risk apps

These distinctions align with OWASP and NIST definitions, which describe each method’s application visibility (white-box for SAST, black-box for DAST, instrumented for IAST, in-production runtime for RASP), their integration points in the development cycle, and operational focus areas.
What is SAST (Static Application Security Testing)?
Static Application Security Testing (SAST) is a white-box security method that analyzes your application without running it. Instead of interacting with a live website or API, SAST tools inspect source code, bytecode, or binaries to spot insecure patterns, like unsanitized inputs, risky functions, or weak cryptography, before those issues ever reach production.

Because SAST analyzes the codebase directly, it reviews all reachable code paths, including those not covered by tests. Running in...


https://malware.news/t/sast-vs-dast-vs-iast-vs-rasp-a-practical-appsec-comparison-for-devsecops-teams/104160
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

阪和興業株式会社がArctic WolfのAurora Managed Endpoint Defense導入により 検知アラート数の削減を実現

― Aurora Managed Endpoint Defenseが80社以上のグループ会社全体でセキュリティを強化 ― 【東京・日本、2026年2月17日】セキュリティ運用における世界的リーダーであるArctic Wolf Networks Inc.の日本法人アークティックウルフジャパン合同会社 (本社:東京都渋谷区、以下Arctic Wolf)は、東京、大阪に本社を置く専門商社である阪和興業株式会社 (以下 阪和興業) にAurora Managed Endpoint Defenseが採用、導入されたことを発表しました。阪和興業は、80社以上のグループ会社からなるグローバルネットワーク全体でサイバーセキュリティ態勢を強化し、運用負担を軽減するため、Aurora™Managed Endpoint Defenseを導入しました。 1947年に設立された阪和興業は、取引先のニーズを捉えたユーザー系商社として鉄鋼を中心に、非鉄金属、食品、エネルギー・生活資材・化学品、木材、機械など、幅広い分野で事業を展開しています。中期経営計画で掲げる「Run up to HANWA 2030~いまを超える未知への飛翔~」 という基本方針の下、サステナビリティ経営を基礎に、経営基盤の強化に注力し、持続可能な社会の実現に資する商社への転換を目指す中、サイバーセキュリティはこのビジョンの実現に不可欠な要素となっています。 阪和興業では、従来のEPP (Endpoint Protection Platform) における検知率の低さ、パターンファイルダウンロードによるパフォーマンス低下、EDR (Endpoint Detection and Response) 導入後のアラート数の増大、運用複雑化により、セキュリティ上の懸念が高まっていました。アラートは毎月数千件に及び、セキュリティオペレーションセンター (SOC)を圧迫し、適切なアラート処理への不安が生じていました。 これらの課題に対処するため、阪和興業はAurora Managed Endpoint Defenseを導入し、EPPとEDR管理をArctic WolfのSOCチームが24時間365日体制で実施するマネージドEDRサービスを採用しました。このソリューションは、対応が必要なアラートのみをフィルタリングし、ノイズを大幅に削減。PCのパフォーマンスに影響を与えることなく、プロアクティブな保護を実現します。その結果、以下の成果が得られました: セキュリティアラートを月間数千件から約20件に削減し、現在では月平均1件の重大アラートのみに抑えています。 ユーザー負担をかけずに、全世界6,500台のエンドポイントで高いセキュリティ基準を維持しています。 管理インターフェースからArctic Wolfの専門家と直接連絡を取ることで、迅速な対応やホワイトリスト登録などの、業務の簡略化を実現しています。 将来的に、阪和興業はグループ全社への展開拡大を計画し、ログ分析の効率化やエンドポイントを超えた広範なセキュリティ運用における改善の可能性を模索し、継続的な多層防御体制への意欲を見せています。 詳細な導入事例はこちらからダウンロードできます。 Arctic Wolfのサイバーセキュリティソリューションに関する詳細は Arctic Wolf | We Make Security Work をご覧ください。 その他のリソース: Facebook、X(旧Twitter)、LinkedIn、 YouTubeでArctic ... 阪和興業株式会社がArctic WolfのAurora Managed Endpoint Defense導入により 検知アラート数の削減を実現


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link:
阪和興業株式会社がArctic WolfのAurora Managed Endpoint Defense導入により 検知アラート数の削減を実現 - Arctic Wolf

1 post - 1 participant

Read full topic

https://malware.news/t/arctic-wolf-aurora-managed-endpoint-defense/104158
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…

Malware News

Marietta also affected by BridgePay ransomware attack

Marietta, Georgia is one of numerous entities affected by the BridgePay ransomware attack. On February 13, the city posted the following notice on its website: The City of Marietta is currently unable to process certain online credit card payments due to a recent service disruption by one of the City’s payment gateway providers. We are...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link:
Marietta also affected by BridgePay ransomware attack. – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/marietta-also-affected-by-bridgepay-ransomware-attack/104155
https://malware.news/c/news.rss

Project: @MalwareNews
Private:
@MalwarePrivateBot
Group:
@MalwareForums
Powered by
@MalwareForum

Читать полностью…
Subscribe to a channel