February 2026

Articles

DPRK FAMOUS CHOLLIMA OPSEC failure exposes npm publisher IPs through public disposable inboxes

Affected ecosystem: npm registry and developer tooling supply chainPrimary issue: OPSEC leakage from disposable email inbox exposure combined with npm publish notification metadataExploitation status: Observed in the wild (malicious npm…

Threat_Actor_Profiles

FAMOUS CHOLLIMA: DPRK employment fraud and developer-lure intrusion set

28 February 2026 Threat Analyst

Metadata Executive Summary FAMOUS CHOLLIMA is a DPRK-aligned activity cluster that multiple vendors associate with job-themed social engineering, developer targeting, and monetisation that can include cryptocurrency theft and credential collection.…

Vulnerabilities_Exploits

Akamai SIRT Identifies Zerobot Botnet Exploiting n8n and Tenda Vulnerabilities

28 February 2026 Threat Analyst

Akamai SIRT identifies Mirai variant campaign actively targeting critical RCE flaws in automation platforms and routers Mirai #Zerobot #Botnet #n8n #Tenda #CVE-2025-68613 #CVE-2025-7544 Affected productsn8n workflow automation platform (versions 0.211.0…

Articles

AirSnitch: Client isolation in Wi-Fi is not delivering the security most defenders expect

27 February 2026 Threat Analyst

NDSS 2026 research shows practical injection and machine-in-the-middle paths across WPA2/WPA3, guest SSIDs, and enterprise multi-AP deployments Network security | Wi-Fi | WPA2 | WPA3 | Passpoint | MitM |…

Articles

Vshell (VShell): a Mandarin-language C2 framework surfacing alongside Cobalt Strike on exposed infrastructure

27 February 2026 Threat Analyst

Censys has reported on Vshell (often stylised “VShell”), a Go-based command-and-control (C2) platform used for post-compromise host management, pivoting, and proxying, and increasingly visible on internet-facing infrastructure, sometimes alongside Cobalt…

Articles

Preventing the Access That Powers Ransomware Lateral Movement (Part 2/2)

27 February 2026 Threat Analyst

Designing upstream controls that cut off access brokers, endpoint breakout, and perimeter device exploitation before T1021 starts Download MITRE ATT&CK Navigator TTPs as as JSON Layer / Excel Executive Summary…

Articles

Ransomware Lateral Movement in 2026: Detection Opportunities (Part 1/2)

27 February 2026 Threat Analyst

TLP:CLEAR | 27 February 2026 Ransomware lateral movement techniques in 2026 are increasingly identity-led, cloud-aware, and executed through legitimate admin channels, forcing defenders to prioritise high-fidelity telemetry, behavioural analytics, and…

Industry_News

Security debt surges as legacy vulnerabilities accumulate

27 February 2026 Threat Analyst

Veracode’s 2026 State of Software Security finds remediation capacity falling behind development velocity, with third-party components driving the longest-lived high-risk exposure. Enterprise application portfolios are carrying record levels of long-standing…

Articles

Scattered Lapsus$ Hunters recruits women for paid helpdesk vishing

26 February 2026 Threat Analyst

Executive Summary Scattered Lapsus$ Hunters (SLH, also styled SLSH in some reporting) is advertising for female callers to conduct vishing against IT helpdesks, offering $500 to $1,000 per call and…

Threat_Actor_Profiles

Scattered Spider threat actor profile

26 February 2026 Threat Analyst

Scattered Spider is a financially motivated eCrime collective best known for high-success social engineering against enterprise IT help desks, often enabling account takeover in SSO and hybrid environments and progressing…

DPRK FAMOUS CHOLLIMA OPSEC failure exposes npm publisher IPs through public disposable inboxes

FAMOUS CHOLLIMA: DPRK employment fraud and developer-lure intrusion set

Akamai SIRT Identifies Zerobot Botnet Exploiting n8n and Tenda Vulnerabilities

AirSnitch: Client isolation in Wi-Fi is not delivering the security most defenders expect

Vshell (VShell): a Mandarin-language C2 framework surfacing alongside Cobalt Strike on exposed infrastructure

Preventing the Access That Powers Ransomware Lateral Movement (Part 2/2)

Ransomware Lateral Movement in 2026: Detection Opportunities (Part 1/2)

Security debt surges as legacy vulnerabilities accumulate

Scattered Lapsus$ Hunters recruits women for paid helpdesk vishing

Scattered Spider threat actor profile

You missed

OpenClaw lures fuel ClickFix infostealer infections as agentic AI ecosystems become a new credential target

Storm-2561 pushes fake VPN installers via SEO poisoning to steal enterprise credentials

Hudson Rock ties Polyfill.io supply-chain compromise to DPRK operator via Lumma Stealer telemetry

Stryker ‘Handala’ incident: global Microsoft environment disruption and reported remote device wipes

Month: February 2026

You missed