1. Security News – 2026-02-13
Fri Feb 13 2026 00:00:00 GMT+0000 (Coordinated Universal Time)
SecurityWeek
Latest cybersecurity news
How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development - February 12, 2026
Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable.
The post How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development appeared first on SecurityWeek.
ApolloMD Data Breach Impacts 626,000 Individuals - February 12, 2026
The company says hackers stole the personal information of patients of affiliated physicians and practices.
The post ApolloMD Data Breach Impacts 626,000 Individuals appeared first on SecurityWeek.
The Hacker News
Cybersecurity news and insights
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories - February 12, 2026
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise
SecurityWeek
Latest cybersecurity news
Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards - February 12, 2026
Windows will have runtime safeguards enabled by default, ensuring that only properly signed software runs.
The post Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards appeared first on SecurityWeek.
The Hacker News
Cybersecurity news and insights
The CTEM Divide: Why 84% of Security Programs Are Falling Behind - February 12, 2026
A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point
SecurityWeek
Latest cybersecurity news
Nucleus Raises $20 Million for Exposure Management - February 12, 2026
The company will use the investment to scale operations and deepen intelligence and automation.
The post Nucleus Raises $20 Million for Exposure Management appeared first on SecurityWeek.
Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’ - February 12, 2026
Impacting the ‘dyld’ system component, the memory corruption issue can be exploited for arbitrary code execution.
The post Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’ appeared first on SecurityWeek.
The Hacker News
Cybersecurity news and insights
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure - February 12, 2026
A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices - February 12, 2026
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could allow an
SecurityWeek
Latest cybersecurity news
Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack - February 11, 2026
Officials said data will now be classified as one of four categories: “public,” “sensitive,” “confidential” or “restricted.”
The post Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack appeared first on SecurityWeek.
The Hacker News
Cybersecurity news and insights
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials - February 11, 2026
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been
SecurityWeek
Latest cybersecurity news
Webinar Today: Identity Under Attack – Strengthen Your Identity Defenses - February 11, 2026
Gain practical insights on balancing security, user experience, and operational efficiency while staying ahead of increasingly sophisticated threats.
The post Webinar Today: Identity Under Attack – Strengthen Your Identity Defenses appeared first on SecurityWeek.
The Hacker News
Cybersecurity news and insights
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities - February 11, 2026
Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often
Schneier on Security
Security news and analysis by Bruce Schneier
Rewiring Democracy Ebook is on Sale - February 11, 2026
I just noticed that the ebook version of Rewriring Democracy is on sale for $5 on Amazon, Apple Books, Barnes & Noble, Books A Million, Google Play, Kobo, and presumably everywhere else in the US. I have no idea how long this will last.
Also, Amazon has a coupon that brings the hardcover price down to $20. You’ll see the discount at checkout.
SecurityWeek
Latest cybersecurity news
GitGuardian Raises $50 Million for Secrets and Non-Human Identity Security - February 11, 2026
The secrets security company has raised more than $100 million since its creation in 2017.
The post GitGuardian Raises $50 Million for Secrets and Non-Human Identity Security appeared first on SecurityWeek.
Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed - February 11, 2026
The Conduent data breach affects at least 25 million individuals, up from 10 million estimated a few months ago.
The post Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed appeared first on SecurityWeek.
The Hacker News
Cybersecurity news and insights
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms - February 11, 2026
It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere
Schneier on Security
Security news and analysis by Bruce Schneier
Prompt Injection Via Road Signs - February 11, 2026
Interesting research: “CHAI: Command Hijacking Against Embodied AI.”
Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. These capabilities, however, also create new security risks. In this paper, we introduce CHAI (Command Hijacking against embodied AI), a new class of prompt-based attacks that exploit the multimodal language interpretation abilities of Large Visual-Language Models (LVLMs). CHAI embeds deceptive natural language instructions, such as misleading signs, in visual input, systematically searches the token space, builds a dictionary of prompts, and guides an attacker model to generate Visual Attack Prompts. We evaluate CHAI on four LVLM agents; drone emergency landing, autonomous driving, and aerial object tracking, and on a real robotic vehicle. Our experiments show that CHAI consistently outperforms state-of-the-art attacks. By exploiting the semantic and multimodal reasoning strengths of next-generation embodied AI systems, CHAI underscores the urgent need for defenses that extend beyond traditional adversarial robustness...
The Hacker News
Cybersecurity news and insights
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments - February 11, 2026
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often
Schneier on Security
Security news and analysis by Bruce Schneier
AI-Generated Text and the Detection Arms Race - February 10, 2026
In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by artificial intelligence. Near as the editors could tell, many submitters pasted the magazine’s detailed story guidelines into an AI and sent in the results. And they weren’t alone. Other fiction magazines have also reported a high number of AI-generated submissions.
This is only one example of a ubiquitous trend. A legacy system relied on the difficulty of writing and cognition to limit volume. Generative AI overwhelms the system because the humans on the receiving end can’t keep up...