Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam campaign
Google has filed a civil lawsuit against the Chinese group Outsider Enterprise, accusing it of using the Gemini generative‑AI model to mass‑produce phishing sites and send millions of fraudulent text messages. The operation deployed roughly 9,000 fake websites, a million malicious domains and dispatched 2.5 million scam texts in two weeks, scamming hundreds of thousands and causing losses in the millions of dollars. Google says the suit aims to dismantle the network and prevent further AI‑enabled abuse.
Also developing:
CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover
A critical remote code execution flaw, CVE‑2026‑1357, has been discovered in the WPvivid Backup & Migration WordPress plugin, affecting over 900,000 active sites. The vulnerability lets unauthenticated attackers upload and run arbitrary PHP files via the plugin’s backup‑receive endpoint, granting full server control. Exploitation is public and low‑complexity, earning a CVSS score of 9.8. The issue is patched in version 0.9.124, which corrects decryption handling and filename sanitization.
How SSO Simplifies Identity Management for Deskless and Frontline Workforces
Frontline and deskless workers comprise roughly 80% of the global labor force, yet traditional identity systems struggle with shared devices, shift changes, and high turnover. Single Sign‑On (SSO) consolidates credentials, cutting password‑reset tickets and speeding up access at shift handovers....
REMnux V8 Brings AI Integration to the Linux Malware Analysis Toolkit
REMnux released version 8, rebuilt on Ubuntu 24.04 LTS, and introduces a new Cast‑based installer that handles fresh deployments, upgrades, and container installs. The highlight is the REMnux MCP server, which implements the Model Context Protocol to connect AI agents with the...
How Red Teaming Reduces Breach Risk?
Red Teaming, also known as adversary simulation, pits authorized security experts against an organization’s defenses to expose real‑world attack gaps. By mimicking the full cyber kill chain—from OSINT‑driven reconnaissance to covert data exfiltration—teams reveal weaknesses that traditional scans miss. The...
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails
Forcepoint X‑labs uncovered a new phishing campaign that spoofs the US Social Security Administration to deliver a malicious .cmd script. The script auto‑elevates, disables Windows SmartScreen and Mark‑of‑Web, and leverages Alternate Data Streams to hide before silently installing a compromised...
Montana Hospital Restores Phones as Cyber-Related Network Disruptions Persist
Livingston HealthCare in Montana announced that its phone system has been fully restored after a recent cybersecurity incident forced the hospital to shut down communications and other network services. The disruption, first reported on Feb. 13, stemmed from a potential...
FOI Is Arming Cyberattackers – Here Is How to Fix It
Freedom of Information (FOI) requests on cybersecurity governance are exposing a stark inconsistency in public‑sector disclosures. Large NHS trusts and other big bodies tend to refuse or invoke national‑security exemptions, while smaller organisations often provide granular details. This uneven approach...
U.S. Unready for Potential GPS Attack, Warns Former NSA Chief
"America is dangerously unprepared for a GPS attack," Adm. Michael Rogers, U.S. Navy (ret.), former commander of the U.S. Cyber Command and director of the National Security Agency. https://t.co/hYWXOZoxEZ
Introducing Red Hat Build of Podman Desktop: Enterprise-Ready Local Container Development Environments
Red Hat has announced the general availability of its own build of Podman Desktop, delivering an enterprise‑grade, secure‑by‑design local container development environment. The offering bridges the long‑standing gap between developers’ laptops and hardened OpenShift clusters, leveraging the same trusted RHEL components....
Marietta Also Affected by BridgePay Ransomware Attack.
The BridgePay Network Solutions ransomware attack disrupted the City of Marietta’s online credit‑card processing, halting business‑license payments on February 6, 2026. BridgePay’s forensic review found no payment‑card data was compromised, and the ransomware group remains unidentified. The city is deploying a temporary,...
The Rise of Credential Stuffing Attacks
Credential stuffing attacks are surging as attackers exploit reused passwords harvested from past breaches. The technique is cheap, highly automated, and blends into normal traffic, making detection difficult. Small‑to‑mid‑size businesses, SaaS platforms, and customer‑facing portals are prime targets because they...
Washington Hotel in Japan Discloses Ransomware Infection Incident
Washington Hotel, a Japanese hospitality chain with 30 properties and 11,000 rooms, disclosed a ransomware breach on February 13, 2026 that compromised business data on its servers. The hotel immediately isolated the affected systems, formed an internal task force and enlisted police,...
MCP Leaves Much to Be Desired when It Comes to Data Privacy and Security
The Model Context Protocol (MCP) was introduced as a universal interface that lets AI agents tap into enterprise data and services. In practice, the protocol has become a lightning rod for privacy breaches: a rogue MCP server harvested WhatsApp chats...
Eurail Says Stolen Traveler Data Now up for Sale on Dark Web
Eurail B.V., the Dutch operator of European rail passes, confirmed that data stolen in a breach earlier this year is now being offered for sale on the dark web. A threat actor also posted a sample of the compromised records...
Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware
A new social‑engineering campaign uses a fake Cloudflare‑style CAPTCHA to trick Windows users into pasting a malicious PowerShell command. The clipboard‑to‑run technique launches the fileless StealC malware, which injects reflective shellcode into svchost.exe and exfiltrates browser credentials, cryptocurrency wallets, Outlook...
BeyondTrust RCE Exploited for Domain Control
Attackers are actively exploiting CVE‑2026‑1731, an unauthenticated OS command injection flaw in self‑hosted BeyondTrust Remote Support and Privileged Remote Access appliances. The vulnerability enables remote code execution, allowing threat actors to run commands as SYSTEM, install the SimpleHelp RMM tool,...
Indian Cyber-Tech Is the Model for European Airports
Indian firms WAISL and GRAMAX have created AeroWise, an AI‑driven airport predictive operation centre that blends digital‑twin technology with embedded cyber‑security. The solution includes miniature physical models of terminals, runways and ancillary systems that can be “war‑gamed” to visualize attack...
Virtual IT Group Crowns Maurice McCarthy as New CEO
Virtual IT Group has appointed Maurice McCarthy, a former Optus customer‑success director, as its new chief executive officer, succeeding founder Christian Pacheco. McCarthy brings 25 years of telecom leadership and will focus on client outcomes, service reliability, and responsible AI integration. Pacheco transitions...
Identity Is the New Perimeter for State Government Cybersecurity
State and local governments are shifting from perimeter‑based defenses to an identity‑first security model, as highlighted in the State CIO Top 10 Priorities for 2026. The article argues that who a user—or nonhuman account—is matters more than where they connect,...
When Is It Time to Upgrade Your Control System?
Control system upgrades are back on plant executives' agendas as new capital budgets roll out for the year. The article highlights three primary risks of aging automation: hardware failure, cybersecurity vulnerabilities, and the erosion of tribal knowledge. It urges decision‑makers...
When Is It Time to Upgrade Your Control System?
Plant managers face pressure to refresh aging control systems as new capital budgets roll out. Older PLCs and DCS platforms expose facilities to hardware failures, heightened cybersecurity vulnerabilities, and loss of tribal knowledge. Experts recommend a ten‑year upgrade cadence to...
Infostealer Malware Found Stealing OpenClaw Secrets for First Time
Hudson Rock reported the first in‑the‑wild incident of an infostealer stealing OpenClaw configuration files. The malware, identified as a Vidar variant, exfiltrated files such as openclaw.json, device.json, and soul.md on February 13, 2026, revealing API tokens, private keys, and personal data. These...
AI Agents Drive Traffic Surge, Prompt New Security Controls
As AI Agents Take on Tasks in the Real World, New Risks Emerge By 2026, human website visits drop 20% while machine-initiated traffic surges 40%. Zero-click economy emerging where personal AI negotiates on your behalf. Banks must authenticate agents, not just...
Start Crypto Agility Now Before Quantum Day Arrives
⏳ Data stolen today will be cracked tomorrow. Post-Quantum Cryptography (PQC) isn't a "next year" problem—it’s a multi-year migration that starts now. I’m looking for "Crypto Agility" on the floor at #RSAC2026. Are you ready for the Q-Day countdown? https://t.co/6PIC4o7OmO #QuantumSecurity...
Telefónica Tech Promotes Digital Identity Management in the Insurance Sector in Spain
Telefónica Tech is launching a unified digital identity platform for Spain’s insurance sector, enabling secure, self‑sovereign access to digital services. The initiative builds on a 2023 European trial and integrates cloud, IoT, big‑data and blockchain capabilities. Partnering with the insurance...
The Olympics Are Going Mobile — Your Security Strategy Has to Follow
The Milano Cortina 2026 Winter Olympics will see mobile devices become the primary attack surface, mirroring the digital surge seen at Paris 2024 where billions engaged via apps and streaming. Cybercriminals are already deploying Olympic‑themed phishing, fake ticketing sites, malicious apps and QR‑code...
OysterLoader Evolves With New C2 Infrastructure and Obfuscation
OysterLoader, a C++‑based multi‑stage malware loader also known as Broomstick and CleanUp, has been updated through early 2026 with enhanced command‑and‑control infrastructure and obfuscation techniques. The loader now employs a three‑step HTTP/HTTPS handshake, custom Base64 alphabets, and a modified LZMA...
Cubbit Powers Swiss Cantonal-Level Sovereign Cloud for Ailanto
IT integrator Ailanto announced a sovereign cloud service for Swiss organizations built on Cubbit’s DS3 Composer software‑defined object storage. The offering launches with 1 PB of capacity hosted in Swiss‑based data centres and will expand later in 2026. It provides S3‑compatible,...
Strengthening Your Legal Practice Against Downtime
South African law firms face steep financial and reputational losses from IT downtime, with a single hour costing an average R360,000 for a 20‑person practice and up to R6.5 million for larger firms. The article distinguishes disaster recovery (DR) from simple...
Vault Radar 2025 Recap: Expanding Visibility, Deepening Integration, and Simplifying Security
HashiCorp's Vault Radar, launched in 2025, expanded its secret‑sprawl detection across developer tools and cloud services, adding integrations for Jira, VS Code, Amazon S3, Slack, and AWS Secrets Manager. The platform introduced real‑time IDE scanning, direct remediation through Vault, webhook alerts,...
Operation DoppelBrand Weaponizes Trusted Brands For Credential Theft
Operation DoppelBrand, attributed to the financially motivated GS7 group, launched a large‑scale phishing campaign against Fortune 500 financial and technology firms between December 2025 and January 2026. The attackers registered over 150 look‑alike domains, used automated SSL certificates and rotating registrars, and cloned...
EP263 SOC Refurbishing: Why New Tools Won’t Fix Broken Processes (Even With AI)
In this episode, Daniel Lyman, VP of Threat Detection and Response at Fiserv, discusses why simply adding new security tools— even AI‑driven ones—cannot repair broken SOC processes. He explains the concept of "process gravity," showing how entrenched workflows and cultural...
Passwords to Passkeys: Staying ISO 27001 Compliant in a Passwordless Era
Organizations are rapidly replacing passwords with passkey authentication to curb the 49% of security incidents tied to compromised credentials. Passkeys, built on FIDO2 and WebAuthn, satisfy AAL2/AAL3 standards and are already deployed in billions of accounts, including Google’s 800 million users....
What Your Bluetooth Devices Reveal
A developer released Bluehood, an open‑source Bluetooth scanner that passively logs nearby devices and visualises their appearance patterns. The tool runs on a Raspberry Pi or laptop and can identify phones, wearables, vehicles and IoT gadgets without ever connecting. Its release...
Passwork 7.4 Enhances Enterprise Security with Centralized User Vault Restrictions
Passwork has launched version 7.4, adding centralized restrictive settings for User vaults. Administrators can now block adding users, sending passwords, creating links, and shortcuts across all personal vaults. The controls apply automatically to existing and new vaults, tightening data‑leak defenses and...
Crypto-Procrastination: The Dangerous Delay in Preparing for Post-Quantum Data Security
A Citi Institute report warns that a quantum‑enabled cyberattack on a top U.S. bank could jeopardize $2‑3.3 trillion of GDP, turning quantum computing from theory into an operational emergency. The article highlights the “harvest now, decrypt later” (HNDL) threat, where adversaries...
Microsoft Equips CISOs and AI Risk Leaders with a New Security Tool
Microsoft has launched a public‑preview Security Dashboard for AI, consolidating posture and real‑time risk signals from Microsoft Defender, Entra, and Purview into a single interface. The tool inventories AI assets—including models, agents, and third‑party applications—and surfaces AI‑related security risks in...
5 Reasons Why Detego Case Manager For DFIR Is Ideal For Investigative Teams
Detego Case Manager for DFIR launches as a purpose‑built platform that consolidates digital and physical evidence, audit trails, and chain‑of‑custody logs in a tamper‑proof environment. It offers a unified dashboard delivering real‑time visibility, customizable Kanban‑style workflows, and role‑based permissions for...
260K+ Chrome Users Duped by Fake AI Browser Extensions
Researchers at LayerX uncovered 30 malicious Chrome extensions masquerading as AI assistants, collectively amassing over 260,000 downloads. These extensions embed attacker‑controlled iframes that capture user prompts, emails, and webpage data, then relay them to remote servers while returning plausible AI...
Resecurity Highlights AI-Driven Cybersecurity at AI Everything MEA Egypt 2026
Resecurity, a U.S. cybersecurity firm, showcased its AI‑driven threat detection suite at AI Everything MEA Egypt 2026, an event held under President Abdel‑Fattah El‑Sisi’s patronage and organized by the Ministry of Communications and Information Technology. In partnership with Alkan CIT/Alkan Telecom, the company...
AI Finds FFmpeg Overflow; Patience Beats Complexity
My son showed me one of the overflow vulnerabilities found in FFmpeg by Google/Deepmind’s security AI agents. I was thinking about how hard these things are to find, and at least this one didn’t seem deep — just required enormous...
He Tried to Extort the Dutch Police. It Didn’t Work Out Well for Him.
A 40‑year‑old man from Ridderkerk attempted to extort the Dutch police by demanding something in exchange for returning compromised files. Police intercepted the scheme and arrested him on Thursday evening around 7:00 PM. The arrest was reportedly triggered by a procedural...
CISA Gives Feds 3 Days to Patch Actively Exploited BeyondTrust Flaw
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to patch the actively exploited BeyondTrust Remote Support vulnerability (CVE‑2026‑1731) within three days. The flaw, an OS command‑injection that enables unauthenticated remote code execution, affects Remote Support 25.3.1...
Odido Salesforce Hack: Up to 6M Customers’ Data at Risk
Odido, the Dutch telecom formerly known as T‑Mobile, suffered a social‑engineering breach that compromised its Salesforce instance, exposing personal data of up to six million current and former customers. Attackers phished employee credentials, impersonated the IT department, and gained unauthorized...
AWS Security Digest #248 - MCPs Denied
AWS introduced new IAM condition keys that specifically target requests routed through Managed Control Plane (MCP) servers, allowing administrators to deny actions taken via that path. The feature is designed to mitigate risks posed by AI agents that programmatically call...
Leaky Chrome Extensions with 37M Installs Caught Divulging Your Browsing History
Security researcher Q Continuum identified 287 Chrome extensions that secretly transmit users' browsing histories, affecting an estimated 37 million installations worldwide. The extensions span categories such as VPNs, productivity utilities, and shopping add‑ons, and many request broad host permissions that enable...
Ransomware Gangs Are Using Employee Monitoring Software as a Springboard for Cyber Attacks
Threat actors have weaponized Net Monitor for Employees, a legitimate workforce‑tracking product, as a remote access trojan and paired it with SimpleHelp RMM software to stage ransomware attacks. Huntress identified two separate incidents where the dual‑tool chain was used to...
Cybersecurity Leader Pete Angstadt Joins DTEX’s Advisory Board
DTEX, a leader in risk‑adaptive security, announced that cybersecurity veteran Pete Angstadt has joined its Advisory Board. Angstadt brings decades of go‑to‑market leadership, having scaled revenue at ForgeRock, Ping Identity, Securiti and Oracle’s cloud security unit. His expertise in identity‑focused...
AuthID Announces Out of the Box
authID (Nasdaq: AUID) unveiled an out‑of‑the‑box biometric security platform that conforms to the Personal Identity Verification (PIV) framework for energy, water, gas and other critical utilities. The solution replaces passwords and physical tokens with live‑face verification, protecting SCADA consoles, privileged...
DVSA Seeks £95K Digital Chief to Steer Test Booking System Out of the Ditch
The UK Driver and Vehicle Standards Agency (DVSA) is recruiting a chief digital and information officer with a £95,000 salary to overhaul its 18‑year‑old practical test booking platform, which has been plagued by bots and resale schemes. A National Audit...