Best of CybersecurityFebruary 2026

  1. 1
    Article
    Avatar of techleaddigestTech Lead Digest·10w

    North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location [Updated]

    Amazon detected a North Korean infiltrator working as a contract system developer by monitoring keystroke input lag. The imposter's 110ms keystroke delay revealed they were remotely controlling a laptop located in Arizona from North Korea. Amazon has blocked over 1,800 DPRK infiltration attempts since April 2024, with attempts increasing 27% quarter-over-quarter. The company's Chief Security Officer emphasizes that active monitoring is essential, as these infiltrators would go undetected without proactive security measures. A woman facilitating this fraud was sentenced to prison earlier this year.

  2. 2
    Article
    Avatar of newstackThe New Stack·9w

    HackerOS is what a Linux enthusiast’s OS should be

    HackerOS is a Debian-based Linux distribution with seven specialized editions targeting regular users, gamers, and cybersecurity enthusiasts. It ships with KDE Plasma 6.5.4, Wayland, and ZSH shell, offering features like case-insensitive command completion and custom hacker-themed terminal commands. The distribution includes gaming support via Steam and GOverlay, optional performance kernels (XanMod, Liquorix), and variants for different desktop environments (KDE, GNOME, Xfce) and use cases (NVIDIA GPUs, cybersecurity tools, LTS). Despite some localization issues mixing English and Polish, plus occasional broken scripts, it provides a user-friendly experience with interesting developer-focused additions.

  3. 3
    Article
    Avatar of securityboulevardSecurity Boulevard·8w

    Anthropic Didn’t Kill Cybersecurity. It Just Reminded Us There Are Two Doors.

    Anthropic's Claude Code Security announcement triggered a sharp selloff in cybersecurity stocks, with companies like Okta, SailPoint, and CrowdStrike dropping significantly. The panic was misplaced: AI-powered code scanning addresses only one of two primary attack vectors — software vulnerabilities. The second and equally significant vector — identity theft, credential abuse, phishing, and social engineering — remains entirely untouched by code scanning tools. Identity-focused companies like Okta and SailPoint don't compete with Claude Code Security at all; they solve a structurally different problem. The identity attack surface is durable because it stems from architectural patterns and human behavior, not patchable bugs. Analysts from Barclays and Jefferies called the selloff illogical, and the security industry's own data (Verizon DBIR, MITRE ATT&CK) consistently shows credentials and human manipulation as dominant breach vectors.

  4. 4
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·8w

    Unpatchable? How Chinese Hackers Hid in Dell VMs for 2 Years Using "Magic Packets"

    CVE-2026-22769 (CVSS 10.0) exposes a critical flaw in Dell RecoverPoint for Virtual Machines appliances, exploited by Chinese state-sponsored group UNC6201 for nearly two years. The attack chain begins with hardcoded Apache Tomcat credentials, enabling deployment of the SLAYSTYLE web shell for root access. Attackers then pivot to advanced persistence techniques: 'Ghost NICs' (hot-plugged virtual network adapters bridged to separate VLANs to bypass firewalls) and 'Magic Packets' (Single Packet Authorization via iptables manipulation to hide backdoor ports from scanners). A new backdoor, GRIMBOLT, written in C# with Native AOT compilation, evades EDR tools by eliminating the JIT translation layer that security tools typically inspect. IOCs, remediation steps, and behavioral hunting queries are provided for defenders.

  5. 5
    Video
    Avatar of johnhammondJohn Hammond·8w

    Russia is hacking zero-days again

    Russian hacking group APT28 was observed exploiting a zero-day vulnerability in Microsoft Office (CVE-2026-21509) just one day after its disclosure, targeting Ukrainian government officials via malicious Word documents. The exploit leverages OLE object linking and embedding to trigger a WebDAV connection that downloads a shortcut file, executes shellcode hidden in a PNG file, performs COM hijacking, establishes persistence via scheduled tasks, and deploys Covenant C2 infrastructure using filen.io for command and control. A hands-on walkthrough demonstrates analyzing the malicious RTF file using REMnux, grep, xxd, strings, and a Python OLE scanning script to identify the WebDAV reference and matching CLS ID. Mitigation involves patching to Office 2021 or later, or applying registry key blocks for the relevant COM class IDs.

  6. 6
    Article
    Avatar of csoonlineCSO Online·10w

    SSHStalker botnet brute-forces its way onto 7,000 Linux machines

    A newly discovered botnet called SSHStalker has compromised at least 7,000 Linux servers by brute-forcing weak SSH password authentication. The botnet uses IRC-based command and control, exploits Linux kernel vulnerabilities dating back to 2009, and maintains persistence through backdoors and rootkits. While it hasn't yet monetized access through DDoS or cryptomining, researchers warn it could activate at any time. The primary defense is disabling SSH password authentication in favor of key-based authentication, implementing rate limiting, and removing legacy Linux systems with kernel 2.6 versions. Security experts emphasize this incident highlights the continued importance of basic security fundamentals over chasing advanced threats.

  7. 7
    Video
    Avatar of fireshipFireship·10w

    How to become a degenerate hacker... a beginner's guide

    An introductory overview of ethical hacking covers 10 open-source security tools available in Kali Linux, including Nmap for network mapping, Wireshark for packet inspection, Metasploit for exploit frameworks, Aircrack for WiFi security testing, Hashcat for password cracking, and tools for web vulnerability scanning, forensics, and SQL injection testing. The guide emphasizes legal and ethical use with proper authorization, explaining basic concepts like port scanning, packet analysis, hash cracking, and common attack vectors while warning about the legal consequences of unauthorized penetration testing.

See all Cybersecurity archives