Star Citizen Game Dev Discloses Breach Affecting User Data
Cloud Imperium Games disclosed a security breach on January 21, 2026 that exposed basic account information of an undisclosed number of Star Citizen users. The compromised data included usernames, email addresses, dates of birth and names, but no passwords, financial details, or read‑write access. CIG emphasized that the breach was read‑only and that no evidence of public data leakage exists. The studio is monitoring the situation and taking steps to detect any future exposure.
Fake Google Security Site Uses PWA App to Steal Credentials, MFA Codes
A phishing campaign masquerading as a Google Account security page deploys a malicious Progressive Web App (PWA) to harvest one‑time passwords, cryptocurrency wallet addresses, and device data. The PWA, hosted on google‑prism.com, requests clipboard, notification, and location permissions, uses the...
Alabama Man Pleads Guilty to Hacking, Extorting Hundreds of Women
A 22‑year‑old Alabama man, Jamarcus Mosley, pleaded guilty to extortion, cyberstalking, and computer fraud after hijacking the social‑media accounts of hundreds of young women between 2022 and 2025. He used social‑engineering tactics to obtain recovery codes, seized control of Snapchat,...
QuickLens Chrome Extension Steals Crypto, Shows ClickFix Attack
A Chrome extension called QuickLens – Search Screen with Google Lens was removed after a malicious version 5.8 compromised thousands of users. The update introduced a ClickFix attack, stripped security headers, and connected to a command‑and‑control server that delivered malicious JavaScript...
Microsoft Testing Windows 11 Batch File Security Improvements
Microsoft released Windows 11 Insider Preview builds that add a new batch‑file security mode, letting administrators lock batch files in use via the LockBatchFilesInUse registry key or the LockBatchFilesWhenInUse manifest control. The change reduces the need for per‑statement signature validation, boosting script...
CISA Warns that RESURGE Malware Can Be Dormant on Ivanti Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has detailed how the RESURGE implant silently resides on Ivanti Connect Secure appliances, exploiting the zero‑day CVE‑2025‑0282. The 32‑bit Linux shared object libdsupgrade.so remains dormant until it detects a specific inbound TLS...
Ukrainian Man Pleads Guilty to Running AI-Powered Fake ID Site
Ukrainian national Yurii Nazarenko pleaded guilty to operating OnlyFake, an AI‑powered subscription service that sold more than 10,000 counterfeit passports, driver’s licenses and Social Security cards to customers worldwide. The site accepted only cryptocurrency, allowed customization of documents, and marketed...
European DYI Chain ManoMano Data Breach Impacts 38 Million Customers
ManoMano, a leading European DIY e‑commerce platform, disclosed a data breach affecting roughly 38 million customers after hackers compromised a Tunis‑based third‑party customer support provider. The breach exposed personal details such as names, email addresses, phone numbers, and support ticket communications,...
Critical Juniper Networks PTX Flaw Allows Full Router Takeover
Juniper Networks disclosed a critical CVE‑2026‑21902 vulnerability in the On‑Box Anomaly Detection framework of its Junos OS Evolved running on PTX Series routers. The flaw lets an unauthenticated attacker reach a root‑level service over an external port, enabling full device...
Olympique Marseille Confirms 'Attempted' Cyberattack After Data Leak
Olympique de Marseille confirmed it was the target of an attempted cyberattack after a threat actor claimed to have breached its servers and leaked a sample of a database containing staff and supporter information. The club said its technical teams...
Ransomware Payment Rate Drops to Record Low as Attacks Surge
Chainalysis reports ransomware victims paid only 28% of demanded sums in 2025, the lowest rate on record despite a 50% surge in attacks. Total on‑chain ransomware payments are near $820 million and could exceed $900 million as attribution improves. While the number...
Microsoft Expands Windows Restore to More Enterprise Devices
Microsoft has broadened its first‑sign‑in restore experience, part of Windows Backup for Organizations, to include hybrid‑managed devices, multi‑user setups, and Windows 365 Cloud PCs. The feature lets users who sign in with a Microsoft Entra ID account restore personal settings and...
Medical Device Maker UFP Technologies Warns of Data Stolen in Cyberattack
UFP Technologies, a $600 million medical‑device maker, disclosed a cyberattack detected on February 14 that compromised several IT systems. The company isolated the breach, removed the threat and engaged external advisors, but confirmed that data was stolen and some functions, such as...
The OpenClaw Hype: Analysis of Chatter From Open-Source Deep and Dark Web
OpenClaw, an AI‑driven automation framework with a modular skill marketplace, has sparked intense discussion across developer forums and security‑research channels. Critical flaws—including CVE‑2026‑25253, which enables one‑click remote code execution, and a lack of skill sandboxing—expose users to credential theft and...
Zyxel Warns of Critical RCE Flaw Affecting over a Dozen Routers
Zyxel has issued security updates to fix a critical remote code execution flaw (CVE‑2025‑13942) affecting more than a dozen of its router, CPE and extender models. The vulnerability exploits the UPnP function and requires both UPnP and WAN access to...
Phishing Campaign Targets Freight and Logistics Orgs in the US, Europe
A financially motivated group called Diesel Vortex has been running a phishing campaign against freight and logistics operators in the U.S. and Europe since September 2025. Using 52 domains and Cyrillic homoglyph tricks, the actors stole 1,649 unique credentials from...
North Korean Lazarus Group Linked to Medusa Ransomware Attacks
North Korean state‑backed Lazarus group has been linked to recent Medusa ransomware attacks targeting U.S. healthcare providers. Symantec’s report identifies a Lazarus sub‑unit, possibly Andariel/Stonefly, using the Medusa RaaS platform, which has affected more than 380 organizations since its 2021...
Android Mental Health Apps with 14.7M Installs Filled with Security Flaws
Security firm Oversecured scanned ten Android mental‑health apps with more than 14.7 million combined installs and uncovered 1,575 vulnerabilities. The flaws include 54 high‑severity and 538 medium‑severity issues such as insecure intent handling, plaintext API keys, and weak random number generation....
Spain Arrests Suspected Hacktivists for DDoSing Govt Sites
Spanish Civil Guard arrested four alleged members of the hacktivist group Anonymous Fénix, accused of orchestrating DDoS attacks on government ministries, political parties, and public institutions in Spain and South America. The campaign intensified after the October 2024 Valencia floods, with...
Ad Tech Firm Optimizely Confirms Data Breach After Vishing Attack
Optimizely, a New York‑based ad‑tech firm, disclosed a data breach after a sophisticated voice‑phishing (vishing) attack on February 11. Threat actors accessed the company’s CRM and other internal business systems, extracting only basic contact information and not sensitive customer data. The...
Predator Spyware Hooks iOS SpringBoard to Hide Mic, Camera Activity
Intellexa’s Predator spyware can silently record iPhone camera and microphone feeds by hijacking iOS 14’s SpringBoard UI layer. Using a kernel‑level hook called HiddenDot::setupHook, the malware nullifies the SBSensorActivityDataProvider, preventing the green and orange privacy dots from ever lighting up. Jamf’s...
Amazon: AI-Assisted Hacker Breached 600 Fortinet Firewalls in 5 Weeks
Amazon’s Integrated Security team warned that a Russian‑speaking threat actor leveraged generative AI services to automate a campaign that compromised more than 600 FortiGate firewalls in 55 countries between Jan 11 and Feb 18, 2026. The attackers scanned for internet‑exposed management ports,...
Why the Shift Left Dream Has Become a Nightmare for Security and Developers
The article argues that the long‑standing "shift‑left" mantra has backfired, overloading developers with security tasks while business demands prioritize speed. Qualys analyzed 34,000 public container images and found 7.3% malicious, many containing cryptomining code or exposed secrets. This risk stems...
PayPal Discloses Data Breach that Exposed User Info for 6 Months
PayPal disclosed a data breach affecting its Working Capital loan application, where personal information—including Social Security numbers—was exposed from July 1 to December 13, 2025. The company identified the issue on December 12, 2025, rolled back the faulty code, and halted unauthorized access within a...
Flaw in Grandstream VoIP Phones Allows Stealthy Eavesdropping
A critical stack‑buffer overflow (CVE‑2026‑2329) was discovered in six Grandstream GXP1600 series VoIP phones, receiving a CVSS score of 9.3. The flaw resides in an unauthenticated web API endpoint that lets attackers overflow a 64‑byte buffer, gain root privileges, and...
Google Blocked over 1.75 Million Play Store App Submissions in 2025
Google reported that in 2025 it blocked more than 1.75 million app submissions and denied 255,000 apps access to sensitive user data on the Play Store. The company also banned over 80,000 developer accounts and added 10,000 new safety checks powered...
Flaws in Popular VSCode Extensions Expose Developers to Attacks
Security researchers at Ox Security uncovered critical and high‑severity vulnerabilities in four widely used Visual Studio Code extensions, collectively downloaded over 128 million times. The flaws—affecting Code Runner, Markdown Preview Enhanced, Live Server, and Microsoft Live Preview—allow attackers to execute remote...
What 5 Million Apps Revealed About Secrets in JavaScript
Intruder scanned five million JavaScript bundles and uncovered more than 42,000 exposed secrets, including active GitHub, GitLab, and SaaS API tokens. The research revealed 688 repository tokens that granted full access to private code and CI/CD pipelines. Traditional static and...
New Keenadu Backdoor Found in Android Firmware, Google Play Apps
Kaspersky has uncovered a sophisticated Android backdoor named Keenadu, embedded in firmware of multiple device brands and distributed through compromised OTA updates, system apps, and even Google Play applications. The malware can infiltrate every installed app, grant attackers unrestricted control,...
Poland Arrests Suspect Linked to Phobos Ransomware Operation
Polish authorities detained a 47‑year‑old man suspected of collaborating with the Phobos ransomware group during a joint operation in the Małopolska region. The arrest, part of Europol‑coordinated Operation Aether, yielded computers and phones loaded with stolen credentials, credit‑card data, and server‑access...
Washington Hotel in Japan Discloses Ransomware Infection Incident
Washington Hotel, a Japanese hospitality chain with 30 properties and 11,000 rooms, disclosed a ransomware breach on February 13, 2026 that compromised business data on its servers. The hotel immediately isolated the affected systems, formed an internal task force and enlisted police,...
Eurail Says Stolen Traveler Data Now up for Sale on Dark Web
Eurail B.V., the Dutch operator of European rail passes, confirmed that data stolen in a breach earlier this year is now being offered for sale on the dark web. A threat actor also posted a sample of the compromised records...
Infostealer Malware Found Stealing OpenClaw Secrets for First Time
Hudson Rock reported the first in‑the‑wild incident of an infostealer stealing OpenClaw configuration files. The malware, identified as a Vidar variant, exfiltrated files such as openclaw.json, device.json, and soul.md on February 13, 2026, revealing API tokens, private keys, and personal data. These...
Passwords to Passkeys: Staying ISO 27001 Compliant in a Passwordless Era
Organizations are rapidly replacing passwords with passkey authentication to curb the 49% of security incidents tied to compromised credentials. Passkeys, built on FIDO2 and WebAuthn, satisfy AAL2/AAL3 standards and are already deployed in billions of accounts, including Google’s 800 million users....
CISA Gives Feds 3 Days to Patch Actively Exploited BeyondTrust Flaw
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered all federal agencies to patch the actively exploited BeyondTrust Remote Support vulnerability (CVE‑2026‑1731) within three days. The flaw, an OS command‑injection that enables unauthenticated remote code execution, affects Remote Support 25.3.1...
Google Patches First Chrome Zero-Day Exploited in Attacks This Year
Google has issued emergency updates to patch CVE‑2026‑2441, a high‑severity use‑after‑free flaw in Chrome’s CSSFontFeatureValuesMap implementation. The vulnerability, confirmed to be exploited in the wild, can cause crashes, rendering issues, or data corruption. Google back‑ported the fix to stable desktop...
Canada Goose Investigating as Hackers Leak 600K Customer Records
Canada Goose disclosed that a 1.67 GB dataset containing over 600,000 customer records was posted by the ShinyHunters extortion group. The leak includes personal identifiers, shipping details, IP addresses and partial payment‑card information, but the company says it found no evidence...
Windows 11 KB5077181 Fixes Boot Failures Linked to Failed Updates
Microsoft has released Windows 11 update KB5077181, fully fixing the UNMOUNTABLE_BOOT_VOLUME boot failure that struck some enterprise machines after recent security patches. The bug, linked to a failed December 2025 update and exacerbated by the January 13, 2026 KB5074109 rollout, affected devices running 25H2...
CTM360: Lumma Stealer and Ninja Browser Malware Campaign Abusing Google Groups
CTM360 uncovered an active campaign that hijacks more than 4,000 Google Groups and 3,500 Google‑hosted URLs to distribute credential‑stealing malware. The threat actors deliver Lumma Info‑Stealer to Windows devices and a trojanized “Ninja Browser” to Linux systems, embedding organization‑specific keywords to boost...
Snail Mail Letters Target Trezor and Ledger Users in Crypto-Theft Attacks
Physical letters masquerading as official communications from Trezor and Ledger are being used to lure hardware‑wallet owners into scanning QR codes that lead to counterfeit setup sites. The sites prompt victims to enter their 12‑, 20‑, or 24‑word recovery phrases...
Volvo Group North America Customer Data Exposed in Conduent Hack
Volvo Group North America announced that an indirect data breach exposed personal information of about 17,000 customers and staff. The breach stemmed from Conduent, a U.S. business‑process‑outsourcing firm, whose systems were compromised between October 21, 2024 and January 13, 2025. Threat actors accessed names,...
Microsoft Rolls Out New Secure Boot Certificates Before June Expiration
Microsoft has begun distributing updated Secure Boot certificates through the regular monthly Windows updates, replacing the original 2011 certificates that will expire in late June 2026. The refresh targets Windows 11 24H2 and 25H2 devices, with many newer PCs already shipping the...
Microsoft 365 Outage Takes Down Admin Center in North America
Microsoft confirmed a service outage affecting the Microsoft 365 admin center for some business and enterprise administrators in North America. The disruption also extends to the M365 app, with users experiencing degraded functionality and inability to raise support tickets. Thousands...
How to Automate AWS Incident Investigation with Tines and AI
The article details a pre‑built Tines workflow that automates AWS incident investigation by running CLI commands through secure Tines agents. Instead of analysts manually logging into the AWS console and crafting commands, the workflow pulls the required data directly into...
Microsoft Announces New Mobile-Style Windows Security Controls
Microsoft announced that Windows 11 will adopt smartphone‑style permission prompts, requiring user consent before apps can access files, cameras, microphones or install software. The rollout introduces a Baseline Security Mode that enforces runtime integrity by allowing only signed code to run,...
Fugitive Behind $73M 'Pig Butchering' Scheme Gets 20 Years in Prison
A dual Chinese‑St. Kitts and Nevis national, Daren Li, was sentenced in absentia to 20 years in prison for his role in an international cryptocurrency pig‑butchering scheme that stole over $73 million from U.S. victims. The fraud operated through a network of 74...
Password Guessing without AI: How Attackers Build Targeted Wordlists
Password attacks increasingly rely on targeted wordlists harvested from an organization’s public‑facing content rather than generic dictionaries or AI models. Tools like the open‑source CeWL crawler extract company‑specific terminology, which attackers mutate with common patterns to generate plausible passwords that...
Men Charged in FanDuel Scheme Fueled by Thousands of Stolen Identities
Two Connecticut men, Amitoj Kapoor and Siddharth Lillaney, were indicted on 45 federal counts for a multi‑year scheme that used roughly 3,000 stolen identities to open fraudulent accounts on FanDuel, DraftKings, BetMGM and other online gambling platforms. They purchased personal...
Microsoft: Exchange Online Flags Legitimate Emails as Phishing
Microsoft is investigating a fault in Exchange Online that began on February 5, causing legitimate emails to be flagged as phishing and quarantined. The problem stems from a newly deployed URL rule that incorrectly labels benign links as malicious. The issue...
European Commission Discloses Breach that Exposed Staff Data
The European Commission disclosed a cyber‑attack on its mobile‑device‑management platform on 30 January, where attackers accessed staff names and phone numbers but did not compromise the devices themselves. The breach was contained within nine hours after detection and traced to two...