BuzzSec

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less from The Hacker News https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html

Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users. Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until September 2. Even then, the attackers maintained credentials to the internal services until December 2, a capability that allowed them to continue redirecting selected update traffic to malicious servers. The threat actor “specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.” Event logs indicate that the hackers tried to re-exploit one of the weaknesses after it was fixed but that the attempt failed. Make sure you’re running at least version 8.9.1. from Schneier on Security https://www.schneier.com/blog/archives/2026/02/backdoor-in-notepad.html

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of the month. "The threat actor stopped maintaining its C2 servers on January 8 for the first time since we from The Hacker News https://thehackernews.com/2026/02/infy-hackers-resume-operations-with-new.html

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that from The Hacker News https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html

Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it through the attacker's infrastructure. Datadog Security Labs said it observed threat actors associated with the recent React2Shell (CVE-2025-55182, CVSS score: 10.0) exploitation using malicious NGINX from The Hacker News https://thehackernews.com/2026/02/hackers-exploit-react2shell-to-hijack.html

In the relentless growth of the phishing landscape, technical advances like AI have made attack methods two-pronged. They target technical weaknesses and use identity-based attacks to bypass defenses that land directly in end user inboxes. from Human Risk Management Blog https://blog.knowbe4.com/14.1-million-reasons-your-seg-and-email-security-tech-is-failing