Star Citizen game dev discloses breach affecting user data
Cloud Imperium Games (CIG), the game developer behind Star Citizen and Squadron 42, says attackers breached systems containing some users' personal information in January. [...]
Intelligence Feed
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Items
200
Last update
Mar 3, 10:58 AM
No matching results
Try a different keyword, or switch the source filter back to “All sources”.
Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise
Improper input sanitization in the framework can be exploited through the Shell tool, allowing attackers to modify system files and steal data. The post Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise appeared first on SecurityWeek.
Iranian Cyber Threat Actor Targets Iraqi Government Officials in AI-Powered Campaign
Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack
UH Cancer Center data breach affects nearly 1.2 million people
The University of Hawaii confirmed that a ransomware gang stole the data of nearly 1.2 million individuals in August 2025 after breaching its Cancer Center's Epidemiology Division. [...]
Researchers Uncover Method to Track Cars via Tire Sensors
Using low-cost receivers deployed along roads, academic researchers tracked drivers and their movement patterns. The post Researchers Uncover Method to Track Cars via Tire Sensors appeared first on SecurityWeek.
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector o…
Android gets patches for Qualcomm zero-day exploited in attacks
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component. [...]
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graph…
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and…
CyberStrikeAI tool adopted by hackers for AI-powered attacks
Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. [...]
Fake Google Security site uses PWA app to steal credentials, MFA codes
A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers. [...]
Alabama man pleads guilty to hacking, extorting hundreds of women
A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors). [...]
Florida woman imprisoned for massive Microsoft license fraud scheme
A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. [...]
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8…
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditiona…
Chrome Unveils Plan For Quantum-Safe HTTPS Certificates
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS
UK warns of Iranian cyberattack risks amid Middle-East conflict
The United Kingdom's National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East. [...]
Expect Iran to Launch Cyber-Attacks Globally, Warns Google Head of Threat Intel
John Hultquist suggests “aggressive” Iranian cyber attackers will target the US and its Gulf allies with plausibly deniable ransomware attacks, hacktivist campaigns and more
Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant
Malicious extensions could hijack the Gemini Live in Chrome feature to spy on users and steal their files. The post Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant appeared first on SecurityWeek.
How Deepfakes and Injection Attacks Are Breaking Identity Verification
Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device integrity, and behavior—to stop synthetic and injected attacks in rea…
Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity
Military strikes in the Middle East escalate cyber ops, raising spillover risks globally for firms
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Malicious websites could open a WebSocket connection to localhost on the OpenClaw gateway port, brute force passwords, and take control of the agent. The post OpenClaw Vulnerability Allowed Websites to Hijack AI Agents appeared first on SecurityWeek.
Madison Square Garden Data Breach Confirmed Months After Hacker Attack
The company is one of the many victims of the 2025 Oracle E-Business Suite (EBS) hacking campaign. The post Madison Square Garden Data Breach Confirmed Months After Hacker Attack appeared first on SecurityWeek.
Software Supply Chain Risk: The Growing Threat Landscape
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 2, 2026 – Read the full story from Ox Security Cybersecurity Ventures predicted that global damage costs resulting from software supply chain attacks would reach $60 bi…
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry poi…
Nick Andersen Appointed Acting Director of CISA
Madhu Gottumukkala has been assigned to a new role within the Department of Homeland Security. The post Nick Andersen Appointed Acting Director of CISA appeared first on SecurityWeek.
AWS Expands Security Hub Into a Cross-Domain Security Platform
The AWS Security Hub Extended plan aims to reduce security tool sprawl by correlating findings across multiple security domains. The post AWS Expands Security Hub Into a Cross-Domain Security Platform appeared first on SecurityWeek.
Anthropic confirms Claude is down in a worldwide outage
Claude appears to be having a major outage right now, with elevated errors reported across all platforms. [...]
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, bu…
North Korean APT Targets Air-Gapped Systems in Recent Campaign
Using Windows shortcut files, the APT deployed a new implant, a loader, a propagation tool, and two backdoors. The post North Korean APT Targets Air-Gapped Systems in Recent Campaign appeared first on SecurityWeek.
Google Working Towards Quantum-Safe Chrome HTTPS Certificates
The internet giant is developing an evolution of the certificates based on Merkle Tree Certificates (MTCs). The post Google Working Towards Quantum-Safe Chrome HTTPS Certificates appeared first on SecurityWeek.
ClawJacked Bug Enables Covert AI Agent Hijacking
Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent
US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates
Both sides conduct hacking and other attacks, including the deployment of wiper malware, DDoS, and disruptions to critical infrastructure. The post US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates appeared first on Se…
Ransomware Payments Decline 8% as Attacks Surge 50%
Chainalysis reveals a big surge in median ransomware payment size in 2025 despite overall drop in criminal revenue
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-s…
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry. The packages masquerade as developer tools, but conta…
ClawJacked attack let malicious websites hijack OpenClaw to steal data
Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. [...]
Samsung TVs to stop collecting Texans’ data without express consent
Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs [...]
QuickLens Chrome extension steals crypto, shows ClickFix attack
A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users. [...]
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control. "Our vulnerability lives in the core system itse…
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
South Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency. [...]
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort"…
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private data. The findings come from Truffle Security, which discovere…
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute
Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a "supply chain risk." "This action follows months of negotiations that reached an impasse over two excepti…
Microsoft testing Windows 11 batch file security improvements
Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. [...]
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly associated with bogus cryptocurrency schemes known as pig butchering. The confiscated funds were traced to cryptocurrency addresses used for…
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S…
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Cybersecurity researchers have disclosed details of a malicious Go module that's designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe. The Go module, github[.]com/xinfeisoft/crypto, impersonates the legiti…
North Korea's APT37 Expands Toolkit to Breach Air-Gapped Networks
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group
WebcamGate 2009: A High School’s Laptop Initiative Turned Into A National Spying Scandal
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 27, 2026 – Watch the YouTube Short Cybercrime Magazine’s latest YouTube Short video, produced by Taylor Fox, looks back at a riveting privacy and surveillance story tha…
ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay com…
UK Vulnerability Monitoring Service Cuts Unresolved Security Flaws by 75%
The UK government says its new Vulnerability Monitoring Service has cut unresolved security flaws by 75% and reduced cyber-attack fix times from nearly two months to just over a week
‘Project Compass’ Cracks Down on ‘The Com’: 30 Members of Notorious Cybercrime Gang Arrested
International law enforcement operation led by Europol targets network of teenagers and young adults involved in ransomware attacks, extortion and other crimes
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan (RAT). "A malicious downloader staged a portable Java runtime and executed a maliciou…
Meta Files Lawsuits Against Brazil, China, Vietnam Advertisers Over Celeb-Bait Scams
Meta on Thursday said it's taking legal action to tackle scams on its platforms by filing lawsuits against what it calls deceptive advertisers based in Brazil, China, and Vietnam. As part of the effort, the advertisers' methods of payment have been suspended,…
Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown
Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for…
Aeternum Botnet Shifts Command Control to Polygon Blockchain
New botnet Aeternum shifted C2 operations to Polygon blockchain, complicating takedown efforts
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027…
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks Intensify
2025 saw 32M phishing emails, with identity threats surpassing vulnerabilities
The Cascading Economic Ripple Effects Of Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 26, 2026 – Read the full story in BitGuardian The staggering prediction by Cybersecurity Ventures that global cybercrime damages would reach $10.5 trillion USD annually…
ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories
Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is establis…
Exploitable Vulnerabilities Present in 87% of Organizations
Datadog report reveals two-fifths of services are affected by exploitable bugs
UK's Data Watchdog Gets a Makeover to Match Growing Demands
The UK’s Information Commissioner's Office is about to ditch single-leader model for CEO and board in a major shake-up
Google Disrupts ‘Prolific’ and ‘Elusive’ China-Linked Global Hacking Campaign
UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation
Expert Recommends: Prepare for PQC Right Now
Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extort…
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines. "The activity aligns w…
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempt…
Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vuln…
Google Disrupts UNC2814 GRIDTIDE Campaign After 53 Breaches Across 42 Countries
Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus cyber espionage group tracked as UNC2814 that breached at least 53 organizations across 42 countries. "This prolific, elusive actor has…
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials. "The vulnerabilities explo…
SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks,…
Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It
Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate it” calls. That cost doesn’t stay inside the SOC; it shows up…
44% Surge in App Exploits as AI Speeds Up Cyber-Attacks, IBM Finds
IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws
CISO Confidential Launches On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 25, 2026 – Listen to the podcast “CISO Confidential” is a new series on the Cybercrime Magazine Podcast, brought to our listeners by Doppel, a cybersecurity company on…
Malicious NuGet Package Targets Stripe Developers
Malicious NuGet package mimicking Stripe's library targeted developers
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to steal sensitive data. The campaign, discovered by Socket, exfiltrates ASP.NET Identity data, including user accounts, role…
Manual Processes Are Putting National Security at Risk
Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The CYBER360: Defending the Digital Battlespace report. This sh…
Former Defense Contractor Boss Gets 7+ Years for Selling Zero Days
A former general manager of a US defense contractor has been sentenced after selling zero days to Russia
ICO’s £14m Reddit Fine Highlights Age Check Privacy Concerns
The UK’s ICO has fined Reddit over £14m for failing to use children’s personal information lawfully
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of…
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution. The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below…
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026…
RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by…
Cost of Insider Incidents Surges 20% to Nearly $20m
DTEX claims insider incidents cost $19.5m in 2025, with employee negligence most expensive
Multifaceted Phishing Scheme Deceives Bitpanda Customers
Phishing attack mimicking Bitpanda targets users, harvesting credentials and personal information
North Korean Lazarus Group Expands Ransomware Activity With Medusa
Ransomware Medusa linked to North Korean hackers targets US healthcare amid ongoing attacks
UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware
A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting bey…
AI Accelerates Attacker Breakout Time to Just Four Minutes
ReliaQuest claims AI has reduced breakout and exfiltration time to under 10 minutes
Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem
Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, ident…
Lazarus Group Uses Medusa Ransomware in Middle East and U.S. Healthcare Attacks
The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack targeting an unnamed entity in the Middle East, according to a new report by the Symantec and Carbon Black Threat Hunter Team. Broadcom…
Chinese AI Firms Hit Claude with Distillation Attacks, Anthropic Warns
Anthropic accused DeepSeek, Moonshot and MiniMax of illicitly using Claude to steal some of the AI model’s capabilities
AI-powered Cyber-Attacks Up Significantly in the Last Year, Warns CrowdStrike
CrowdStrike Global Threat Report warns how adversaries are leveraging AI to make campaigns more efficient and more effective
UnsolicitedBooker Targets Central Asian Telecoms With LuciDoor and MarsSnake Backdoors
The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian entities. The attacks involve the deployment of two distinct…
Anthropic Says Chinese AI Firms Used 16 Million Claude Queries to Copy Model
Anthropic on Monday said it identified "industrial-scale campaigns" mounted by three artificial intelligence (AI) companies, DeepSeek, Moonshot AI, and MiniMax, to illegally extract Claude's capabilities to improve their own models. The distillation attacks ge…
APT28 Targeted European Entities Using Webhook-Based Macro Malware
The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe. The activity, per S2 Grupo's LAB52 threat intelligence team, was active between September 2025 and…
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payl…
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers
Fraud Investigation Reveals Sophisticated Python Malware
Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure
Long Island Medium Star Theresa Caputo Meets Cybercrime Magazine – Live!
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 23, 2026 In 2024, Long Island Medium star Theresa Caputo slammed online scammers and begged fans not to send money to them. The reality star warned fans about many soci…
⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More
Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices,…
Russian Cyber Threat Actor Uses GenAI to Compromise Fortinet Firewalls
A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances
How Exposed Endpoints Increase Risk Across LLM Infrastructure
As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application Programming Interfaces (APIs) to support those models. Modern security risks are being introduced less from the models themselves a…
Leading Semiconductor Supplier Advantest Hit by Ransomware Attack
Advantest, a Japanese specialist in testing computer chips for major semiconductor manufacturers, has deployed incident response protocols following a cybersecurity incident
Jackpotting Surge Costs Banks Over $20m, Warns FBI
A new FBI Flash alert claims $20m was lost to ATM jackpotting attacks in 2025 alone
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has b…
University of Mississippi Medical Center Still Offline After Ransomware Attack
University of Mississippi Medical Center is still scrambling to respond to a ransomware attack last Thursday
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operat…
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Ama…
Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in…
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in questi…
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethi…
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sideste…
Cybercrime Magazine Releases Its First YouTube Short, More On The Way
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 20, 2026 –Watch the YouTube video The award-winning Cybercrime Magazine YouTube Channel released its first Short last month and the video has more than 720,000 Views. I…
Dramatic Escalation in Frequency and Power of DDoS Attacks
DDoS attack frequency has risen to ‘alarming levels,’ warns Radware report
Android Malware Hijacks Google Gemini to Stay Hidden
A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET
Remcos RAT Expands Real-Time Surveillance Capabilities
New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Fraud campaign exploiting Indonesia’s Coretax resulted in $1.5m to $2m in losses via malicious apps
Why Small Businesses Can’t Afford To Ignore Cyberinsurance
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 19, 2026 –Read the full story in Charter Capital Three out of five small-to-midsized businesses (SMBs) permanently shuttered their doors within six months of being hit…
Industrial Control System Vulnerabilities Hit Record Highs
Forescout paper reveals ICS advisories hit a record 508 in 2025
Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA
A new cybercriminal toolkit uses proxies to mimic popular online services and represents a “significant escalation in phishing infrastructure,” warn researchers at Abnormal
Flaws in Popular Software Development App Extensions Allow Data Exfiltration
Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched
Researchers Reveal Six New OpenClaw Vulnerabilities
Endor Labs has published details of six new vulnerabilities in popular AI assistant OpenClaw
Cryptojacking Campaign Exploits Driver to Boost Monero Mining
Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics
AI Assistants Used as Covert Command-and-Control Relays
AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication
The Playbook For Organized Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 18, 2026 –Read the full report in GlobeNewswire Cybercrime has become the world’s third-largest economy, with costs projected to reach $12.2 trillion annually by 2031,…
Record Number of Ransomware Victims and Groups in 2025
Searchlight Cyber reports a 30% annual increase in ransomware victim numbers in 2025
Chinese APT Group Exploits Dell Zero-Day for Two Years
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines
Android 17 Beta Introduces Secure-By-Default Architecture
Android 17 Beta introduces privacy, security updates and a new Canary channel for improved development
Apple Expands RCS Encryption and Memory Protections in iOS 26.4
iOS 26.4 Beta adds end-to-end encryption for RCS messaging and enhanced Memory Integrity Enforcement
Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
Ransom Man: A Shocking Data Breach At A Psychotherapy Service. Jenny Kleeman Investigates.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 17, 2026 –Listen to the podcast What if your deepest secrets were held to ransom? Author and presenter Jenny Kleeman explores the shocking true story of thousands of pr…
Over-Privileged AI Drives 4.5 Times Higher Incident Rates
Teleport study reveals that organizations running over-privileged AI have a 76% incident rate
Significant Rise in Ransomware Attacks Targeting Industrial Operations
Dragos annual report warns of a surge in ransomware attacks causing increased operational disruption in industrial environments
Infostealer Targets OpenClaw to Loot Victim’s Digital Life
Hudson Rock has warned OpenClaw users that infostealers are targeting their configuration files
Vulnerabilities in Password Managers Allow Hackers to View and Change Passwords
Security researchers have challenged end-to-end encryption claims from popular commercial password managers
SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns
NCSC’s Richard Horne has warned that cybercriminals do not care about business size and called for SMEs to act now to secure their organizations
OysterLoader Evolves With New C2 Infrastructure and Obfuscation
OysterLoader malware evolves into 2026, refining C2 infrastructure, obfuscation & infection stages
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
New phishing campaign dubbed Operation DoppelBrand targeted major financial firms like Wells Fargo
Ransomware Threatens SMBs. Cyberinsurance Isn’t Always A Financial Backstop.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 16, 2026 –Read the full story in Forbes Cybercriminals are no longer concentrating their efforts on large enterprises; they’re increasingly directing attacks toward sma…
Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day
A high severity vulnerability in Google Chrome and allows remote attackers to execute code
Crypto Payments to Human Traffickers Surges 85%
Chainalysis warns that online fraud is fuelling sophisticated human trafficking operations
Odido Breach Impacts Millions of Dutch Telco Users
Dutch telco Odido has revealed a major data breach impacting over six million customers
Munich Security Conference: Cyber Threats Lead G7 Risk Index, Disinformation Ranks Third
G7 countries ranked cyber-attacks as the top risk, while BICS members placed cyber threats only as the eighth most pressing risk
Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX
World Leaks Ransomware Group Adds Stealthy, Custom Malware ‘RustyRocket’ to Attacks
Accenture Cybersecurity warns over difficult to detect, “sophisticated toolset” being deployed as part of extortion campaigns
Nation-State Hackers Embrace Gemini AI for Malicious Campaigns, Google Finds
Google researchers found that government-backed hackers now use AI throughout the whole attack lifecycle
AI Skills Represent Dangerous New Attack Surface, Says TrendAI
New TrendAI report warns that most security tools can’t protect against attacks on AI skills artifacts
Time to Exploit Plummets as N-Day Flaws Dominate
Flashpoint warns of a dramatic drop in the average time between vulnerability disclosure and exploitation
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users…
US Court Hands Crypto Scammer 20 Years in $73m Case
A federal court has sentenced crypto-scammer Daren Li to 20 years in absentia
FIRST Forecasts Record-Breaking 50,000+ CVEs in 2026
This year should break all the records in terms of vulnerability disclosed, reaching or even surpassing 50,000 new CVEs disclosed
Microsoft Fixes Six Zero Day Vulnerability in February Patch Tuesday
Six actively exploited zero-day bug have been patched by Microsoft
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files
“Digital Parasite” Warning as Attackers Favor Stealth for Extortion
Picus Security warns of the increasingly sophisticated ways malicious activity is staying hidden
New Mobile Spyware ZeroDayRAT Targets Android and iOS
ZeroDayRAT is a new mobile spyware targeting Android and iOS, offering attackers persistent access
Singapore Takes Down Chinese Hackers Targeting Telco Networks
Operation Cyber Guardian was Singapore’s largest and longest running anti-cyber threat law enforcement operation
NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting Critical National Infrastructure
NCSC call firms to ‘act now’ following disruptive malware attacks targeting Polish energy providers
European Governments Breached in Zero-Day Attacks Targeting Ivanti
The European Commission and government agencies in Finland and the Netherlands have suffered potentially related breaches
New Zero-Click Flaw in Claude Desktop Extensions, Anthropic Declines Fix
Security researchers from LayerX identified a new flaw in 50 Claude Desktop Extensions that could lead to unauthorized remote code execution
Two Connecticut Men Charged In Alleged $3m Gambling Fraud Scheme
Two Connecticut men face federal charges for a $3m scheme targeting online gambling platforms
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds
BridgePay Confirms Ransomware Attack, No Card Data Compromised
The services of Florida-based payments platform BridgePay are offline due to a ransomware attack
Social Media Platforms Earn Billions from Scam Ads
Revolut claims social media sites make £3.8bn annually from scam ads targeting European users
Researchers Find 40,000+ Exposed OpenClaw Instances
SecurityScorecard has identified over 40,000 OpenClaw deployments exposed to potential attack
US Agencies Told to Scrap End of Support Edge Devices
CISA has issued a new directive requiring federal agencies to decommission all end of support edge devices within 12 months to reduce ongoing exploitation risks
Chinese-Made Malware Kit Targets Chinese-Based Routers and Edge Devices
DKnife is a Chinese made malware framework that targets Chinese-based users
Substack Confirms Data Breach, "Limited User Data" Compromised
Substack did not specify the number of users affected by the data breach
New Cyber Startup Programme to Debut at Infosecurity Europe 2026
Infosecurity Europe 2026 will debut a new Cyber Startup Programme, featuring a dedicated show-floor zone for early-stage cybersecurity companies to showcase innovations, connect with investors and highlight emerging technologies
Malicious Commands in GitHub Codespaces Enable RCE
Flaws in GitHub Codespaces allow RCE via crafted repositories or pull requests
Smartphones Now Involved in Nearly Every Police Investigation
Cellebrite data confirms digital evidence is now central to almost all cases
New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation
AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+
Pindrop warns of 1210% increase in AI-powered fraud last year
Global SystemBC Botnet Found Active Across 10,000 Infected Systems
SystemBC malware linked to 10,000 infected IPs, posing risks to sensitive government infrastructure
New Technical Markers Reveal Expanding ShadowSyndicate Cybercriminal Infrastructure
ShadowSyndicate cluster expands with new SSH fingerprints connecting servers to other ransomware ops
AI Drives Doubling of Phishing Attacks in a Year
Cofense claims AI is making phishing emails more personalized and sophisticated
Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks
SolarWinds Web Help Desk Vulnerability Actively Exploited
CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw
A security researcher found 386 malicious ‘skills’ published on ClawHub, a skill repository for the popular OpenClaw AI assistant project
SQL Injection Flaw Affects 40,000 WordPress Sites
40,000 WordPress sites are vulnerable to SQL injection in Quiz and Survey Master plugin
DockerDash Exposes AI Supply Chain Weakness In Docker's Ask Gordon
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
UK ICO Launches Investigation into X Over AI Generated Non-Consensual Sexual Imagery
UK Data Protection Watchdog has “serious concerns” over data privacy on Elon Musk’s social platform
Researchers Warn of New “Vect” RaaS Variant
A new ransomware-as-a-service operation dubbed “Vect” features custom malware
Cybercrime Unit of Paris Prosecutors Raid Elon Musk’s X Offices in France
Elon Musk and X’s former CEO were summoned for voluntary interviews in Paris on April 20, 2026
New Password-Stealing Phishing Campaign Targets Corporate Dropbox Credentials
Multi-stage attack begins with fake message relating to business requests and evades detection with link hidden in a PDF
Vibe-Coded Moltbook Exposes User Data, API Keys and More
Wiz Security claims Moltbook misconfiguration allowed full read and write access
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journal…
NSA Publishes New Zero Trust Implementation Guidelines
NSA released new guidelines to help organizations achieve target-level Zero Trust maturity
Notepad++ Update Hijacking Linked to Hosting Provider Compromise
A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says
Android RAT Uses Hugging Face to Host Malware
Bitdefender has discovered a new Android malware campaign that uses Hugging Face
Former Google Engineer Found Guilty of Stealing AI Secrets
Linwei Ding, a former Google engineer, has been found guilty of stealing trade secrets for China
Labyrinth Chollima Evolves into Three North Korean Hacking Groups
CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers
New AI-Developed Malware Campaign Targets Iranian Protests
The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran
National Crime Agency and NatWest Issue Joint Warning Over Invoice Fraud Threat
Cyber fraudsters targeting corporate finance departments costs businesses millions a year
Google Disrupts Extensive Residential Proxy Networks
Google has taken coordinated action against the massive IPIDEA residential proxy network, enhancing customer protections and disrupting cybercrime operations
Operation Winter SHIELD: FBI Issues Call to Arms for Organizations to Improve Cybersecurity
The FBI outlines ten actions which organizations can take to defend networks against cybercriminal and nation-state threats
France Fines National Employment Agency €5m Over 2024 Data Breach
The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR