BuzzSec

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active since May 2025. " from The Hacker News https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA). The victim is directed to the legitimate Microsoft domain ( microsoft.com/devicelogin ) portal to enter an attack-supplied device code. This action authenticates the victim and issues a valid OAuth access token to the attacker’s application. The real-time theft of these tokens grants the attacker persistent access to the victim’s Microsoft 365 accounts and corporate data. from Human Risk Management Blog https://blog.knowbe4.com/uncovering-the-sophisticated-phishing-campaign-bypassing-m365-mfa

New York is contemplating a bill that adds surveillance to 3D printers: New York’s 2026­2027 executive budget bill (S.9005 / A.10005) includes language that should alarm every maker, educator, and small manufacturer in the state. Buried in Part C is a provision requiring all 3D printers sold or delivered in New York to include “blocking technology.” This is defined as software or firmware that scans every print file through a “firearms blueprint detection algorithm” and refuses to print anything it flags as a potential firearm or firearm component. I get the policy goals here, but the solution just won’t work. It’s the same problem as DRM: trying to prevent general-purpose computers from doing specific things. Cory Doctorow wrote about it in 2018 and—more generally— spoke about it in 2011. from Schneier on Security https://www.schneier.com/blog/archives/2026/02/3d-printer-surveillance.html

In this blog post I am collecting the campaigns that show evidence of being AI-generated, or make use of AI tools to increase their impact. As always I will continue to update the list as soon as new campaigns emerge. from HACKMAGEDDON https://www.hackmageddon.com/2026/02/12/malicious-campaigns-using-ai-generated-malware-in-2026/

A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point from The Hacker News https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346 from The Hacker News https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html