Sensor Intel Series: February 2026 CVE Trends
( 76
min )
TL;DR OFAC designated six individuals and two entities for facilitating North Korean IT worker schemes that generated nearly $800 million…
The post OFAC Targets North Korean IT Worker Networks Using Cryptocurrency to Fund WMD Programs appeared first on Chainalysis.
( 11
min )
Senior researcher Wolfie Christl spoke with Forbes about OpenAI's deal with the Pentagon that permits the gathering of bulk data from users.
The post OpenAI Blurs Its Mass Surveillance Red Line With New Pentagon Contract appeared first on The Citizen Lab.
( 5
min )
Senior researcher and co-author of the report, Noura Aljizawi, speaks to the Fuller Project about the concerning ways gender is still being weaponized to silence women.
The post The Market for Spyware is Growing: It’s Used Differently Against Women appeared first on The Citizen Lab.
( 6
min )
Apple issued security updates for older iOS and iPadOS versions to close vulnerabilities exploited by the Coruna exploit kit.
( 21
min )
Researchers showed how attackers could pull encryption keys, recover the PIN, and access sensitive data from affected devices.
( 21
min )
A bug in Microsoft Authenticator on Android and iOS could allow malicious apps on the same device to intercept authentication codes or sign-in links.
( 22
min )
New AI-powered protections aim to detect impersonation attempts, suspicious friend requests, and scam messages.
( 22
min )
The hours of videos provide fascinating, or perhaps horrifying, insight into the thinking of someone inside DOGE.
( 4
min )
Kenyan workers are still the underpaid labor behind AI training, moderation, and sex chatbots. The Data Labelers Association is fighting back.
( 6
min )
Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This post reviews TTPs, IOCs, and mitigation guidance.
The post Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft appeared first on Microsoft Security Blog.
( 25
min )
The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors.
The post From transparency to action: What the latest Microsoft email security benchmark reveals appeared first on Microsoft Security Blog.
( 21
min )
Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a structured response playbook.
The post Detecting and analyzing prompt abuse in AI tools appeared first on Microsoft Security Blog.
( 23
min )
As organizations scale their cloud infrastructure, maintaining proper lifecycle management of Amazon Machine Images (AMIs) is a critical component of their security and risk management goals. AMIs provide the essential information required to launch Amazon Elastic Compute Cloud (Amazon EC2) instances, however; they present security and compliance challenges if not tracked and managed throughout their […]
( 117
min )
The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and FlexibleFerret through fake coding assessments. The malware then steals API tokens, cloud credentials, crypto wallets, and source code.
The post Contagious Interview: Malware delivered through fake developer job interviews appeared first on Microsoft Security Blog.
( 26
min )
United Healthcare impersonators are using an IPv6 trick to hide the real destination of phishing links in emails promising free Oral-B toothbrushes.
( 21
min )
“You pervert, I recorded you!” sextortion emails include real passwords harvested from public temporary email inboxes.
( 22
min )
Scammers are targeting Americans with robocalls during tax season. Here’s how to spot the scam.
( 23
min )
Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services.
( 22
min )
TL;DR The 84% reality: Stablecoins now account for the vast majority of illicit crypto transaction volume. This shift — aligned…
The post Assessing the FATF Targeted Report: The Shift Toward Secondary Market Monitoring for Stablecoins appeared first on Chainalysis.
( 12
min )
These are the top threats you should know about this week.
( 101
min )
Copilot “can help with routine Senate work, including drafting and editing documents, summarizing information, preparing talking points and briefing material, and conducting research and analysis,” the memo says.
( 4
min )
What experts say about AI psychosis, how ProtonMail data helped the FBI identify a protester, and a viral app that exposed incredibly personal data of hundreds of thousands of people.
( 4
min )
To better understand what exactly we’re looking at in this dystopian surveillance hellscape, 404 Media’s Jason Koebler and Joseph Cox joined Reddit's r/technology for an Ask Me Anything session.
( 4
min )
‘Elon Musk is an aggressive and irresponsible salesman, who has a long history of making dangerous design choices, and over-promising the features of his products.’
( 3
min )
“I think we often underestimate their capabilities,” said one of the researchers who uncovered a pre-Inca trade route linking the Amazon rainforest to the Pacific coast.
( 4
min )
A couple of 20-year-old developers make $500,000 a month promising to help men to stop watching porn, but exposed their private porn watching habits.
( 4
min )
In January 2026, we announced the general availability of the AWS European Sovereign Cloud, a new, independent cloud for Europe entirely located within the European Union (EU), and physically and logically separate from all other AWS Regions. The unique approach of the AWS European Sovereign Cloud provides the only fully featured, independently operated sovereign cloud […]
( 109
min )
The RSAC 2026 Conference brings together thousands of professionals, practitioners, vendors, and associations to discuss issues covering the entire spectrum of cybersecurity—a place where innovation meets collaboration and the industry’s brightest minds converge to shape its future. This March, Amazon Web Services (AWS) returns to the annual RSAC Conference in San Francisco to share how […]
( 108
min )
After talking with many customers, one thing is clear: the security challenge has not gotten easier. Enterprises today operate across a complex mix of environments, including on-premises infrastructure, private data centers, and multiple clouds, often with tools that were never designed to work together. The result is enterprise security teams spend more time managing tools […]
( 107
min )
Google knows a lot about you. Here's how to check your Google Search history and how to prevent future tracking.
( 23
min )
Dutch intelligence warns that attackers are hijacking Signal and WhatsApp accounts by tricking users into sharing verification codes or linking a malicious device.
( 23
min )
A suspected breach of the FBI’s wiretap network has investigators asking whether a nation-state was involved.
( 22
min )
Cecilia D’Anstasio on Roblox’s efforts to protect children from pedophiles.
( 4
min )
Mental health experts say identifying when someone is in need of help is the first step — and approaching them with careful compassion is the hardest, most essential part that follows.
( 5
min )
The 'Freedom Trucks' will haul AI slop George Washington on a tour across 48 American states.
( 6
min )
Researchers uncovered fake Claude Code install pages spreading infostealers that steal passwords and browser sessions.
( 22
min )
The quiz is just bait. The real goal is to win permission to send browser notifications that can later be used for ads, scams, or shady promotions.
( 24
min )
A list of topics we covered in the week of March 2 to March 8 of 2026
( 20
min )
FortiClient EMS 7.4.4 contains a pre-authentication SQL injection vulnerability (CVSS 9.1) in its multi-tenant site routing middleware. An unauthenticated attacker can inject arbitrary SQL by sending a crafted Site HTTP header to any pre-auth endpoint.
( 14
min )
This week on the Lock and Code podcast, we speak with Matthew Guariglia about Ring smart doorbells and the surveillance network they create.
( 22
min )
📖 [The CloudSecList] Issue 328 was originally published by Marco Lancini at CloudSecList on March 08, 2026.
( 5
min )
A NASA spacecraft into a small asteroid in 2022 moved its orbit around the Sun, according to a study that presents the “first-ever measurement of human-caused change in the heliocentric orbit of a celestial body.”
( 7
min )
We found a fake Google Meet update that enrolls the victim's Windows PC in an attacker's device management system.
( 22
min )
Bing search results pointed victims to GitHub repositories claiming to host OpenClaw installers, but in reality they installed malware.
( 23
min )
We uncovered a fake CleanMyMac site delivering SHub Stealer, a macOS infostealer that steals credentials and silently backdoors crypto wallets.
( 28
min )
Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877).
The post AI as tradecraft: How threat actors operationalize AI appeared first on Microsoft Security Blog.
( 36
min )
This week, we discuss a PC repair battle, a revealing comment from an FBI official, and a dangerous narrative.
( 4
min )
A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.
( 4
min )
"As part of our commitment to supporting ICE, we will be adding a ‘Support ICE’ donation button to the footer of every email sent through our platform."
( 5
min )
A Greek court sentenced four Intellexa executives to prison for their role in a 2022 scandal that involved the use of Predator spyware against more than 90 public figures in the country. Citizen Lab researchers first published evidence of Predator spyware in Greece in late 2021. The Lab later analyzed the phones of journalist Thanasis […]
The post Intellexa Founder, Three Others Sentenced to 8 Years in Prison Over Greek Spyware Scandal appeared first on The Citizen Lab.
( 6
min )
AI Security Insights – March 2026
( 65
min )
We’re excited to announce that Amazon Web Services (AWS) has completed the annual Dubai Electronic Security Centre (DESC) certification audit to operate as a Tier 1 Cloud Service Provider (CSP) for the AWS Middle East (UAE) Region. This alignment with DESC requirements demonstrates our continued commitment to adhere to the heightened expectations for CSPs. Government […]
( 106
min )
Amazon Web Services (AWS) successfully completed the annual recertification audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. The objective of the audit was to enable AWS to expand their ISO and CSA STAR certifications to include one new AWS […]
( 106
min )
This Women’s History Month, we explore ways to support the next generation of female defenders at every career stage.
The post Women’s History Month: Encouraging women in cybersecurity at every career stage appeared first on Microsoft Security Blog.
( 21
min )
Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise tenants, the campaign highlights the growing risk of data exposure through browser extensions.
The post Malicious AI Assistant Extensions Harvest LLM Chat Histories appeared first on Microsoft Security Blog.
( 23
min )
TL;DR The value received by sanctioned entities surged 694% in 2025, driving total illicit transaction volume to a record $154…
The post Crypto Crime in 2025 Was Primarily Driven by 694% Surge in State-Driven Sanctions Evasion Volume appeared first on Chainalysis.
( 20
min )
File Shredder for Windows from Malwarebytes lets you truly, actually, really delete a file or folder from your hard drive or USB drive.
( 21
min )
Google has urged the justices to strike down the controversial warrants, which can sweep up location data from hundreds of phones near a crime scene.
( 24
min )
On March 10, Citizen Lab senior researcher Noura Aljizawi will participate in an OSCE panel titled “From Harm to Justice: Ending Violence Against Women in the Public Sphere in the OSCE Region.” Women who stand at the forefront of efforts to advance gender equality often face severe backlash for their public engagement, impacting individual rights […]
The post From Harm to Justice: Ending Violence Against Women in the Public Sphere in the OSCE Region appeared first on The Citizen Lab.
( 5
min )
To help you troubleshoot access denied errors, we recently added the Amazon Resource Name (ARN) of the denying policy to access denied error messages. This builds on our 2021 enhancement that added the type of the policy denying the access to access denied error messages. The ARN of the denying policy is only provided in […]
( 107
min )
Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with Europol and industry partners to facilitate a disruption of Tycoon2FA’s infrastructure and operations.
The post Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale appeared first on Microsoft Security Blog.
( 30
min )
Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise environments. Organizations must harden certificate controls and monitor RMM activity to reduce exposure.
The post Signed malware impersonating workplace apps deploys RMM backdoors appeared first on Microsoft Security Blog.
( 25
min )
Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report with 183 services in scope. The Swiss Financial Market Supervisory Authority (FINMA) has published several requirements and guidelines about engaging with outsourced services for the regulated financial services customers in Switzerland. An independent […]
( 106
min )
Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) Type II attestation report with 183 services in scope. The Finnish Transport and Communications Agency (Traficom) Cyber Security Centre published PiTuKri, which consists of 52 criteria that provide guidance across 11 domains for […]
( 106
min )
These are the top threats you should know about this week.
( 89
min )
Tauri promises a lighter, security-first future beyond Electron—but does it actually reduce risk? Carlos Yanez uncovers how XSS and permissive configs can still be chained into RCE, walking through real-world exploitation techniques every appsec team should understand.
( 12
min )
Update, 3/5/26 Earlier this week, we published an initial analysis of crypto outflows from Iranian exchanges in the immediate aftermath…
The post Iranian Crypto Outflows Spike After Airstrikes Amid a Year of Rising On-Chain Activity appeared first on Chainalysis.
( 13
min )
As AI agents become part of your development workflows on Amazon Web Services (AWS), you want them to work with your existing AWS Identity and Access Management (IAM) permissions, not force you to build a separate permissions model. At the same time, you need the flexibility to apply different governance controls when an AI agent […]
( 110
min )
Citizen Lab research fellow Wolfie Christl spoke with Der Standard about the Austrian Interior Ministry’s €900K investment in Tangles, a surveillance software that gathers and analyzes data from across social media and the web. Christl and a Citizen Lab colleague discovered that the tool was purchased by the Austrian ministry last summer. Experts are concerned […]
The post Austrian Interior Ministry Using Cobwebs Surveillance Software appeared first on The Citizen Lab.
( 6
min )
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.
( 2
min )
📖 [The CloudSecList] Issue 327 was originally published by Marco Lancini at CloudSecList on March 01, 2026.
( 6
min )
In November 2024, Amazon Web Services (AWS) was the first major cloud service provider to announce the ISO/IEC 42001 accredited certification for AI services, covering: Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe. In November 2025, AWS successfully completed its first surveillance audit for ISO 42001:2023, Artificial Intelligence Management System with no findings. […]
( 105
min )
AI agents have traditionally faced three core limitations: they can’t retain learned information or operate autonomously beyond short periods, and they require constant supervision. AWS addresses these limitations with frontier agents—a new category of AI that performs complex reasoning, multi-step planning, and autonomous execution for hours or days. Multi-agent collaboration has emerged as a powerful […]
( 111
min )
OKX and Chainalysis today announced an expansion of their relationship focused on proactive fraud and scam prevention. Building on OKX’s…
The post OKX Adopts Chainalysis Alterya to Stop Fraud Before It Happens appeared first on Chainalysis.
( 9
min )
TL;DR Ransomware payments stagnated despite record attacks claimed. Total on-chain ransomware payments fell by approximately 8% to $820 million in…
The post Total Ransomware Payments Stagnate for Second Consecutive Year, While Attacks Escalate appeared first on Chainalysis.
( 18
min )
Meet CloudFox GCP, an offensive security tool built to map identities, enumerate resources, and uncover real attack paths in Google Cloud. Designed for practitioners, it exposes privilege escalation, lateral movement, and data exfiltration risks so you can secure GCP before attackers exploit it.
( 12
min )
AI Security Insights – February 2026
( 63
min )
Autonomous AI agents blur security boundaries, enabling data exfiltration, privilege abuse, and insider‑level risk in enterprises.
( 55
min )
Bishop Fox identified a low-risk command injection flaw in Samsung Tizen OS (through 9.0) that allows OS-level code execution on smart TVs with developer mode enabled. Exploitation requires local access and the configured developer IP. Organizations should disable developer mode or use kiosk mode.
( 10
min )
📖 [The CloudSecList] Issue 326 was originally published by Marco Lancini at CloudSecList on February 22, 2026.
( 5
min )
Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates this shift: Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries […]
( 112
min )
Citizen Lab researchers have co-authored two submissions to the Committee on Enforced Disappearances and UN Working Group on Enforced and Involuntary Disappearances. One submission focuses on digital tools that enable disappearances, calling on host states to protect against rights violations caused by digital transnational repression. The authors argue that enforced disappearances have been facilitated by […]
The post Submissions to the Committee on Enforced Disappearances: And the UN Working Group on Enforced and Involuntary Disappearances appeared first on The Citizen Lab.
( 5
min )
Moving fast with AI is easy. Governing it isn’t. In this discussion, security and AI leaders share real-world lessons on inventory, least privilege, measurable outcomes, and building guardrails before scaling adoption.
( 8
min )
TL;DR Darknet market activity remains resilient, with aggregate DNM flows reaching nearly $2.6 billion in 2025, underscoring the persistence of…
The post From Fentanyl to Fraud: On-Chain Activity Highlights Illicit Market Evolution appeared first on Chainalysis.
( 18
min )
These are the top threats you should know about this week.
( 99
min )
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
( 2
min )
March 10, 2026: This post has been updated to note that Amazon Q Detector Library describes the detectors used during code reviews to identify security and quality issues in code. Enterprise customers face an unprecedented security landscape where sophisticated cyber threats use artificial intelligence to identify vulnerabilities, automate attacks, and evade detection at machine speed. […]
( 113
min )
📖 [The CloudSecList] Issue 325 was originally published by Marco Lancini at CloudSecList on February 15, 2026.
( 5
min )
