Author: V Diwahar

For years, security researchers have warned that generative AI would eventually move beyond phishing emails and scripted scams and become embedded directly inside live malware. That shift no longer feels theoretical. A newly discovered strain called PromptSpy Android malware is the first documented example of Android malware using generative AI during runtime execution. Rather than relying entirely on hardcoded logic, it consults Google’s Gemini model mid-operation to determine how to stay persistent on an infected device. It’s not cinematic. It’s not dramatic. But it is meaningful. Discovered in February 2026 by researchers at ESET, PromptSpy integrates AI in a focused…

When critical infrastructure software is exposed to the internet, attackers rarely wait. That pattern has repeated itself with the recent SmarterMail vulnerabilities, which were weaponized within days of disclosure and are now tied to real-world ransomware activity. Security researchers monitoring underground Telegram channels and cybercrime forums observed threat actors rapidly sharing proof-of-concept (PoC) exploit code, offensive tooling, and even stolen administrator credentials linked to CVE-2026-24423 and CVE-2026-23760. What stands out isn’t just the severity of the flaws it’s the speed at which they were operationalized. Email servers have quietly become one of the most strategic entry points into corporate networks.…

When more than $100 billion in digital assets rely on smart contracts, security isn’t abstract. It’s immediate. A single overlooked bug can move markets, freeze funds, or drain liquidity in minutes. That’s the backdrop against which EVMbench arrives. EVMbench is a newly released AI blockchain security benchmark designed to evaluate how well AI systems handle AI smart contract security challenges including smart contract vulnerability detection, patch validation, and full exploit execution. Built by OpenAI in collaboration with Paradigm, the benchmark doesn’t just measure coding ability. It tests whether AI can operate responsibly inside environments where mistakes carry real financial consequences.And…

For many IT teams, backup systems are the quiet workhorses of the environment. They sit in the background, replicating virtual machines and preparing for worst-case scenarios that hopefully never arrive. But over the past 18 months, one of those trusted systems became a silent entry point.A critical Dell RecoverPoint zero-day vulnerability, tracked as CVE-2026-22769, has been exploited by a China-linked threat group since at least mid-2024.The flaw allowed attackers to authenticate using hardcoded credentials and gain full root-level control over affected appliances. From there, they deployed custom malware, established long-term persistence, and pivoted deeper into VMware infrastructure.The affected product, Dell…

CVE-2026-1731 has quickly become one of the most urgent enterprise vulnerabilities of 2026. The flaw affects BeyondTrust Remote Support (RS) and BeyondTrust Privileged Remote Access (PRA) appliances and carries a CVSS v4 score of 9.9 about as severe as it gets. Disclosed on February 6, 2026, and added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog just a week later, CVE-2026-1731 is not theoretical. It’s being exploited in the wild. And because it’s a pre-authentication remote code execution vulnerability, attackers don’t need credentials, MFA tokens, or user interaction to gain a foothold.For organizations that…

The UK Cyber Essentials campaign, launched on February 16, 2026, carries a message that feels both simple and urgent: if you wouldn’t leave your office unlocked overnight, don’t leave your business exposed online. Led by the UK Government, the campaign focuses on helping small and medium-sized businesses (SMEs) take practical, affordable steps to protect themselves from cyber criminals. It avoids technical overwhelm and instead promotes straightforward security habits that dramatically reduce risk. The timing matters. Cyber crime is costing UK businesses an estimated £14.7 billion annually. Half of small businesses experienced a breach or attack in the past 12 months.…