A newly documented Linux botnet named SSHStalker is using the IRC (Internet Relay Chat) communication protocol for command-and-control (C2) operations.
The protocol was invented in 1988, and its adoption peaked during the 1990s, becoming the main text-based instant messaging solution for group and private communication.
Technical communities still appreciate it for its implementation simplicity, interoperability, low bandwidth requirements, and no need for a GUI.
The SSHStalker botnet relies on classic IRC mechanics such as multiple C-based bots and multi-server/channel redundancy instead of modern C2 frameworks, prioritizing resilience, scale, and low cost over stealth and technical novelty.
According to researchers at threat intelligence company Flare, this approach extends to other characteristics of SSHStalker’s operation, like using noisy SSH scans, one-minute cron jobs, and a large back-catalog of 15-year old CVEs.
Advertisement
“What we actually found was a loud, stitched-together botnet kit that mixes old-school IRC control, compiling binaries on hosts, mass SSH compromise, and cron-based persistence. In other words scale-first operation that favors reliability over stealth,” Flare says.
The ‘infected machines’ IRC channel Source: Flare
SSHStalker achieves initial access through automated SSH scanning and brute forcing, using a Go binary that masquerades as the popular open-source network discovery utility nmap.
Compromised hosts are then used to scan for additional SSH targets, which resembles a worm-like propagation mechanism for the botnet.
Flare found a file with results from nearly 7,000 bot scans, all from January, and focused mostly on cloud hosting providers in Oracle Cloud infrastructure.
Once SSHStalker infects a host, it downloads the GCC tool for compiling payloads on the victim device for better portability and evasion.
Advertisement
The first payloads are C-based IRC bots with hard-coded C2 servers and channels, which enroll the new victim in the botnet’s IRC infrastructure.
Next, the malware fetches archives named GS and bootbou, which contain bot variants for orchestration and execution sequencing.
Persistence is achieved via cron jobs that run every 60 seconds, invoking a watchdog-style update mechanism that checks whether the main bot process is running and relaunches it if it is terminated.
The botnet also contains exploits for 16 CVEs targeting Linux kernel versions from the 2009-2010 era. This is used to escalate privileges after the earlier brute-forcing step grants access to a low-privileged user.
Advertisement
Attack chain overview Source: Flare
Regarding monetization, Flare noticed that the botnet performs AWS key harvesting and website scanning. It also includes cryptomining kits such as the high-performance Ethereum miner PhoenixMiner.
Distributed denial-of-service (DDoS) capabilities are also present, though the researchers noted they have not yet observed any such attacks. In fact, SSHStalker’s bots currently just connect to the C2 and then enter an idle state, suggesting testing or access hoarding for now.
Flare has not attributed SSHStalker to a particular threat group, though it noted similarities with the Outlaw/Maxlas botnet ecosystem and various Romanian indicators.
The threat intelligence company suggests placing monitoring solutions for compiler installation and execution on production servers, and alerts for IRC-style outbound connections. Cron jobs with short execution cycles from unusual paths are also big red flags.
Mitigation recommendations include disabling SSH password authentication, removing compilers from production images, enforcing egress filtering, and restricting execution from ‘/dev/shm.’
Advertisement
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
The door sensor in its new enclosures. (Credit: Dillan Stock)
A common sight in ‘smart homes’, door sensors allow you to detect whether a door is closed or open, enabling the triggering of specific events. Unfortunately, most solutions for these sensors are relatively bulky and hard to miss, making them a bit of a eyesore. This was the case for [Dillan Stock] as well, who decided that he could definitely have a smart home, yet not have warts sticking out on every single doorframe and door. There’s also a video version of the linked blog post.
These door sensors tend to be very simple devices, usually just a magnet and a reed relay, the latter signaling a status change to the wireless transmitter or transceiver. Although [Dillan] had come across recessed door sensors before, like a Z-wave-based unit from Aeotec, this was a very poorly designed product with serious reliability issues.
That’s when [Dillan] realized that he could simply take the PCB from one of the Aqara T1 door sensors that he already had and stuff them into a similar 20 mm diameter form factor as that dodgy sensor unit. Basically this just stuffs the magnet and PCB from an existing wart-style sensor into a recessed form factor, making it a very straightforward hack, that only requires printing the housings for the Aqara T1 sensor and some intimate time between the door and a drill.
Apple has acknowledged that users may be encountering issues with iCloud services, Photos sync, or an outright outage with Find My on Tuesday afternoon.
Another services outage has affected users
Everything you do on an iPhone touches some kind of service, which can experience an outage from time to time. If you noticed that a file just won’t sync, or you can’t see your friend’s location, it’s because of an ongoing issue. According to Apple’s System Status page, various iCloud services began facing issues around 2:02 p.m. ET and Find My saw a full outage that began at 3:04 p.m. ET. Users attempting to utilize those features could encounter errors or endless loading. Continue Reading on AppleInsider | Discuss on our Forums
Discord is relying on algorithmic data analysis and third-party vendors to handle age verification, but it has clarified that not everyone will be met with explicit age checks.
Everyone is treated as a child on Discord until they try to access adult content
The latest update from Discord’s safety team seems to be a big step back from its earlier promise, though not much has actually changed. The controversial move will have everyone’s account set to teen by default, and while some will need to do age verification via face or ID scan, not everyone will. This “clarification” was issued after mass pushback about the moderation changes taking place on the social platform. Discord says it has used this system in the UK and Australia since the end of 2025 and is now rolling it out globally to meet regulatory requirements for online services. Continue Reading on AppleInsider | Discuss on our Forums
A team at the University of California, San Diego has redesigned how RRAM operates in an effort to accelerate the execution of neural network models. According to UCSD electrical engineer Duygu Kuzum, the approach could eventually enable a new class of local AI applications, assuming the technology’s remaining challenges can… Read Entire Article Source link
Google Search can make information easy to find, but it can also make your personal data surface in ways that feel invasive or even dangerous. This is why Google is rolling out new tools that give people more control over what shows up about them online.
The company says it is expanding its Search removal features to make it simpler to take down sensitive personal information and explicit images that never should have been public in the first place.
How to remove personal information from Search
Google’s “Results about you hub” can now help you find and remove search results that contain sensitive government-issued identification numbers. This includes things like passport numbers, driver’s license numbers, and other official ID info that could be misused if they appear online.
Google
To use this feature, you sign in to your Google account and select ‘Results about you,’ where you can fill out the information you want to track. Google will proactively scan Search for results that match your personal information and alert you if it finds something.
From there, you can review each result and request removal directly within the tool. You can also manually submit a removal request if you come across sensitive information yourself. Google says it will review these requests and remove results that violate its policies.
Advertisement
How to remove explicit images from Search
Google
Google is also simplifying the process for removing explicit images, especially those shared without consent. You can now request the removal of explicit images more easily, including submitting multiple images at once rather than filing separate requests.
Once an image is removed, Google will also offer an option to proactively filter out similar explicit images from future Search results, to prevent similar content from resurfacing.
Google
You can now track all your removal requests in one place through the Results about you hub, with email updates to keep you informed whenever the status changes.
Google also points out that removing information from Search does not erase it from the internet altogether, but it can still go a long way in protecting your privacy.
The update also comes as Google shuts down its dark web reports, which previously alerted users when their name, phone number, or email surfaced online in a data breach.
Google says those alerts did not always help people take meaningful action, something the new removal tools are designed to address.
Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates.
If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’
Windows 10 KB5075912 update Source: BleepingComputer
After installing this update, Windows 10 will be updated to build 19045.6937, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6937.
What’s new in Windows 10 KB5075912
Microsoft is no longer releasing new features for Windows 10, and the KB5075912 update contains only security fixes and bug fixes introduced by previous security updates.
With today’s February 2026 Patch Tuesday, Microsoft has fixed 58 vulnerabilities, including six actively exploited zero-day flaws.
[Fonts] This update includes changes to Chinese fonts to meet GB18030-2022A compliance.
[OS Security (known issue)] Fixed: After installing the Windows security update released on or after January 13, 2026, some Secure Launch-capable PCs with Virtual Secure Mode (VSM) enabled are unable to shut down or enter hibernation. Instead, the device restarts.
[Folders] Fixed: This update fixes an issue that affects folder renaming with desktop.ini files in File Explorer. The LocalizedResourceName setting was ignored, so custom folder names did not show. Now, custom folder names appear as expected.
[Graphics] Fixed: A stability issue affecting certain graphics processing units (GPUs) configurations.
[Secure Boot] With this update, Windows quality updates include a broad set of targeting data that identifies devices and their ability to receive new Secure Boot certificates. Devices will receive the new certificates only after they show sufficient successful update signals, which helps ensure a safe and phased rollout.
Since June 2025, Microsoft has warned that multiple Windows Secure Boot certificates from 2011 are expiring in June 2026, and warned that if they are not updated, it would breach Secure Boot protections.
These certificates are used to validate Windows boot components, third-party bootloaders, and Secure Boot revocation updates, and if expired, could allow threat actors to bypass security protections.
Microsoft states that there are no known issues with this update.
Advertisement
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
An anonymous reader shares a report: In 1966, a beach-ball-size robot bounced across the moon. Once it rolled to a stop, its four petal-like covers opened, exposing a camera that sent back the first picture taken on the surface of another world. This was Luna 9, the Soviet lander that was the earliest spacecraft to safely touchdown on the moon. While it paved the way toward interplanetary exploration, Luna 9’s precise whereabouts have remained a mystery ever since.
That may soon change. Two research teams think they might have tracked down the long-lost remains of Luna 9. But there’s a catch: The teams do not agree on the location. “One of them is wrong,” said Anatoly Zak, a space journalist and author who runs RussianSpaceWeb.com and reported on the story last week. The dueling finds highlight a strange fact of the early moon race: The precise resting places of a number of spacecraft that crashed or landed on the moon in the run up to NASA’s Apollo missions are lost to obscurity. A newer generation of spacecraft may at last resolve these mysteries.
Luna 9 launched to the moon on Jan. 31, 1966. While a number of spacecraft had crashed into the lunar surface at that stage of the moon race, it was among the earliest to try what rocket engineers call a soft landing. Its core unit, a spherical suite of scientific instruments, was about two feet across. That size makes it difficult to spot from orbit. “Luna 9 is a very, very small vehicle,” said Mark Robinson, a geologist at the company Intuitive Machines, which has twice landed spacecraft on the moon.
Rivian’s R2 Prototype has hit road with early reviews, and it’s a capable electric SUV that truly delivers on the adventure promise without breaking the bank like its larger siblings do. The test rides were place on California highways, curvy back roads, and rocky off-road trails near Rivian’s Irvine headquarters. Most reviewers agree that the R2 retains the adventurous spirit of the larger R1 models while also making it more fun and approachable for daily driving.
The power comes from two motors, and this all-wheel drive configuration generates a 656 horsepower and 609 pound-feet of torque. It accelerates from 0 to 60 mph in around 3.6 seconds and feels robust even at highway speeds. In normal mode, the R2 runs largely on rear-wheel drive for improved fuel efficiency, but when necessary, it uses the front motor. Sport mode engages full all-wheel drive for a faster reaction.
✅【 Powerful Performance】Equipped with a 350W brushless motor, this adult electric scooter reaches 19MPH and handles 15° inclines with ease…
✅【Long-Lasting Battery】This e scooter has 19 miles max long range on a single 4-5 hours fast charge, making it ideal for everyday commutes…
✅ 【Safety First】Scooter stay protected with a drum brake + EABS electronic brake system for quick, stable stopping. The bright LED headlight…
The R2 handles quite well and stays grounded in corners. The steering feels natural and connected, with plenty of feedback that increases as you request more. Body control is outstanding, especially given the high ground clearance and all-terrain tyres with tall sidewalls. Roll remains well under control, and the chassis responds quickly and without drama. The R2 feels lighter on its feet because to its unibody structure, lower weight (about 4,850 to 5,000 pounds), and lower center of gravity. When cruising, the ride is nice, but when you push harder, it tightens up. Steel coil springs and semi-active dampers handle uneven roads with ease, providing an excellent balance between pavement and dirt.
Advertisement
Off-road performance stands up well on the trails it was tested on, with 9.6 inches of ground clearance and angles that allow you to tackle tough terrain with confidence. The long-travel suspension articulates well, and torque vectoring maintains traction without the use of typical locking differentials. When the wheels begin to spin, the brakes come into action, but there is some initial slip before they fully intervene.
Inside, the room is surprisingly generous for a tiny SUV. Tall adults may comfortably sit into the back seats, which provide 40.4 inches of legroom and headroom. The inside remains clutter-free, featuring a large central touchscreen and a smaller driver display. The haptic steering wheel on the column controls climate, drive modes, and other settings via rolling, tilting, and pushing actions, and the feedback is satisfactory, but they are currently working on adjusting the prototypes. There is plenty of storage space, ranging from dual gloveboxes to a flat-folding rear section that can accommodate a fitted mattress for overnight use. The low beltline and upright windows provide excellent visibility.
The EPA cycle shows a range of more than 300 miles, thanks to a compact battery pack and a well-designed interior. Filling up is also much faster than you’d think, with the R2 going from 10 to 80 percent in less than half an hour at a fast charging station, and with a native NACS port, it’s virtually ready to go at any Tesla Supercharger.
The price starts about $45,000, with dual-motor variants costing $50,000 or $55,000, depending on how specced out you want to get. The truth is, that puts the R2 in a really good position in the market; it’s like a true alternative to the more mainstream electric crossovers (Tesla Model Y), but with one significant bonus: you can actually take it off the beaten track and get a real rush of performance.
North Korean hackers are running tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector.
The threat actor’s goal is financial, as suggested by the role of the tools used in an attack on a fintech company investigated by Google’s Mandiant researchers.
During the response engagement, the researchers found seven distinct macOS malware families and attributed the attack to UNC1069, a threat group they’ve been tracking since 2018.
Infection chain
The attack had a strong social engineering component as the victim was contacted over the Telegram messaging service from a compromised account of an executive at a cryptocurrency company.
After building a rapport, the hackers shared a Calendly link that took the victim to a spoofed Zoom meeting page on the attacker’s infrastructure.
Advertisement
According to the target, the hackers showed a deepfake video of a CEO at another cryptocurrency company.
“Once in the ‘meeting,’ the fake video call facilitated a ruse that gave the impression to the end user that they were experiencing audio issues,” Mandiant researchers say.
Under this pretext, the attacker instructed the victim to troubleshoot the problems using commands present on a webpage. Mandiant found commands on the page for both Windows and macOS that would start the infection chain.
Huntress researchers documented a similar attack method in mid-2025 and attributed it to the BlueNoroff group, another North Korean adversary also known as Sapphire Sleet and TA44, that targeted macOS systems using a different set of payloads.
Advertisement
macOS malware
Mandiant researcher found evidence of AppleScript execution once the infection chain started, but could not recover the contents of the payload, followed by deploying a malicious Mach-O binary. In the next stage, the attacker executed seven distinct malware families:
WAVESHAPER – C++ backdoor that runs as a background daemon, collects host system information, communicates with C2 over HTTP/HTTPS using curl, and downloads and executes follow-on payloads.
HYPERCALL – Golang-based downloader that reads an RC4-encrypted configuration file, connects to C2 over WebSockets on TCP 443, downloads malicious dynamic libraries, and reflectively loads them into memory.
HIDDENCALL – Golang-based backdoor reflectively injected by HYPERCALL that provides hands-on keyboard access, supports command execution and file operations, and deploys additional malware.
SILENCELIFT – Minimal C/C++ backdoor that beacons host information and lock screen status to a hard-coded C2 server and can interrupt Telegram communications when executed with root privileges.
DEEPBREATH – Swift-based data miner deployed via HIDDENCALL that bypasses macOS TCC protections by modifying the TCC database to gain broad filesystem access and steals keychain credentials, browser data, Telegram data, and Apple Notes data.
SUGARLOADER – C++ downloader that uses an RC4-encrypted configuration to retrieve next-stage payloads and was made persistent via a manually created launch daemon.
CHROMEPUSH – C++ browser data miner deployed by SUGARLOADER that installs as a Chromium native messaging host masquerading as a Google Docs Offline extension and collects keystrokes, credentials, cookies, and optionally screenshots.
Overview of the attack chain Source: Mandiant
Of the malware found, SUGARLOADER has the most detections on the VirusTotal scanning platform, followed by WAVESHAPER, which is flagged by just two products. The rest are not present in the platform’s malware database.
Mandiant says that SILENCELIFT, DEEPBREATH, and CHROMEPUSH represent a new set of tooling for the threat actor.
The researchers describe as unusual the volume of malware deployed on a host against a single individual.
This confirms a targeted attack focused on collecting as much data as possible for two reasons: “cryptocurrency theft and fueling future social engineering campaigns by leveraging victim’s identity and data,” Mandiant says.
Advertisement
Since 2018, UNC1069 has demonstrated its ability to evolve by adopting new techniques and tools. In 2023, the bad actor switched to targets in the Web3 industry (centralized exchanges, developers, venture capital funds).
Last year, the threat actor changed its target to financial services and the cryptocurrency industry in verticals such as payments, brokerage, and wallet infrastructure.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
A star almost identical to our sun is nearing the end of its life in the Cygnus constellation, about 1000 light years away. Astronomers call this spectacle the Egg Nebula, or CRL 2688 for short. Hubble’s most recent image provides a magnificent view of this particular object in unprecedented detail, thanks to the combination of new data and previously captured images. What we get is a stunning display of light cutting through the dust.
A star almost identical to our sun is nearing the end of its life in the Cygnus constellation, about 1000 light years away. Astronomers call this spectacle the Egg Nebula, or CRL 2688 for short. Hubble’s most recent image provides a magnificent view of this particular object in unprecedented detail, thanks to the combination of new data and previously captured photographs. What we get is a stunning display of light cutting through the dust.
INSPIRE CURIOSITY – The NASA Lunar Telescope allows your child to see the moon in incredible detail; the perfect gift for girls and boys interested…
HIGH-QUALITY OPTICAL GLASS AND FINDER SCOPE – This easy-to-use telescope comes with a finder scope, low power, and high-power eyepieces; when used…
TABLETOP TRIPOD & SMOOTH MOUNT SYSTEM – Use the included tripod to steady your Lunar Telescope for optimal viewing, with a smooth mounting system…
The core star is hidden deep in the center, enveloped by a thick cloud of gas and dust that allows very little light to pass through. What does pass through is compressed into two narrow beams of light that sweep outward, revealing the fast-moving clouds of material being ejected from the star. Those clouds glow orange in infrared, adding some color to the image. You can also observe faster-moving clouds of heated molecular hydrogen that light brightly in the infrared, adding depth to the scene.
Over the previous 5000 years, the star has lost its outer layers in large concentric rings of gas. These rings are made up of tiny arcs of gas that accumulate every few hundred years. Now, these rings reflect the star’s light in a fashion that resembles ripples on water – and the dust produced by these outbursts is what shapes the nebula that bears its name, since the dense core is like the yolk of an egg wrapped up in darker, dustier layers.
Advertisement
This is only transient; it will only last a few thousand years. The star has depleted all of its hydrogen and helium fuel, and what remains of its outer layers are floating away, while the center is becoming increasingly hot. Eventually, that center will cause the surrounding gas to glow, similar to the Helix Nebula or Butterfly Nebula. As of now, the Egg Nebula is in its pre-planetary phase, a brief period before winds and radiation begin to obscure the picture.
Hubble first observed the Egg Nebula in 1997, when a picture revealed the hidden light source. In 2003, we were able to get a full picture of the ripple patterns surrounding the nebula, and in 2012, we got an even closer look at the central cloud and outflows. Today’s image combines all of that data with some new frames to provide the sharpest look yet, courtesy of the Wide Field Camera 3.
.jpg)
