Latest news as of 2/18/2026, 8:41:22 PM
Krebs on Security
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
Graham Cluley
Luxury fashion group Kering - owner of the prestigious Gucci, Balenciaga, and Alexander McQueen brands, amongst others - has confirmed that hackers stole customer data from its systems in June 2025. Read more in my article on the Hot for Security blog.
Graham Cluley
In episode 68 of The AI Fix, our hosts open the show by launching the thing nobody asked for but everybody wanted: our shiny new merch store - yes, including the “Would YOU trust a pigeon???” t-shirt for when you need fashion alongside health and safety. Meanwhile, AI hoaxers send Manila firefighters racing to an imaginary blaze, Albania appoints an AI as a minister, and the godfather of AI gets dumped... by ChatGPT. Plus Mark shows off his ventriloquism skills, while Graham describes a near-telepathic wearable that lets you “talk” without moving your lips, and we look into how humanity and AI has joined forces to fight for AI rights. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.
Bleeping Computer
Jaguar Land Rover (JLR) announced today that it will extend the production shutdown for another week, following a devastating cyberattack that impacted its systems at the end of August. [...]
The Hacker News
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection," Acronis security researcher Eliad
Check Point Research
Research by: Antonis Terefos (@Tera0017) Key Points Introduction The Pure malware family is a suite of malicious tools developed and sold by the author known as PureCoder. This suite includes PureHVNC RAT (a remote administration tool and predecessor to PureRAT), PureCrypter (a malware obfuscator), PureLogs (a stealer/logger), and several other tools. The malicious software is advertised and distributed through underground forums, Telegram channels, and dedicated websites. […] The post appeared first on . Under the Pure Curtain: From RAT to Builder to Coder Check Point Research
Bleeping Computer
The web browser has quietly become one of the most critical components of enterprise infrastructure—and one of the most dangerous. Join BleepingComputer, SC Media, and Push Security on September 29 at 12:00 PM ET for a live webinar on how attackers are targeting the browser to hijack sessions, steal data, and bypass security. [...]
Bleeping Computer
A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. [...]
Bleeping Computer
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks. [...]
Dark Reading
The company acquired HyperComply to help enterprises automate vendor security reviews and gain a real-time picture of the security of their entire supply chain.