Threat Intelligence , Malware Android, iOS device compromise threatened by new ZeroDayRAT spyware February 11, 2026 By SC Staff SecurityWeek reports that novel commercial spyware toolkit ZeroDayRAT could be leveraged to enable total remote compromise of both Android and iOS devices. Installation of ZeroDayRAT, which has been distributed on Telegram since Feb. 2, not only facilitates victim and device profiling, location tracking, and app usage monitoring but also live camera streaming and microphone and screen recording, an analysis from iVerify showed. In addition to a keylogger obtaining gestures and biometric unlocks, ZeroDayRAT also features a cryptocurrency stealer that enables continuous clipboard injections and a bank stealer that targets banking credentials. Disrupting ZeroDayRAT was regarded as a significant challenge due to difficulties in identifying its creator and its lack of a central server. "Every operator runs their own instance, so you're playing whack-a-mole against individual infrastructures. The Telegram sales channel is the most visible chokepoint, but Telegram takedowns are slow, and even if it happens, the developers just spin up a new channel," said iVerify research fellow Daniel Kelley. SC Staff Ransomware Sophisticated RustyRocket malware added to WorldLeaks ransomware’s arsenal SC Staff February 13, 2026 Infosecurity Magazine reports that more clandestine and persistent intrusions have been conducted by the WorldLeaks ransomware operation through the new advanced RustyRocket malware. Threat Intelligence Attribution of sprawling cyberespionage campaign allegedly held back amid China retaliation fears SC Staff February 13, 2026 Attacks part of a global cyberespionage campaign by the TGR-STA-1030 hacking operation were noted by sources to have been attributed by Palo Alto Networks Unit 42 researchers to an Asian state-aligned group rather than to China due to possible retribution to the cybersecurity provider or its customers, Reuters reports. AI/ML Google Gemini weaponized in state-sponsored attacks SC Staff February 13, 2026 The Hacker News reports that multiple state-sponsored threat operations have been exploiting Google Gemini to facilitate accelerated cyber intrusions. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Related Terms Corruption Darknet Data Mining Deauthentication Attack Dictionary Attack Drive-by Download DumpSec Google Hacking Hybrid Attack Password Cracking You can skip this ad in 5 seconds