Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

In the beginning of April, three attacks detected in the Guardicore Global Sensor Network (GGSN) caught our attention. All three had source IP addresses originating in South-Africa and hosted by VolumeDrive ISP (see IoCs).

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.

Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.

In this Akamai FLAME Trailblazer blog post, Rachel Bayley encourages women to step into the unknown and to be their authentic selves.

No content preview

Cecilia D’Anstasio on Roblox’s efforts to protect children from pedophiles.

Mental health experts say identifying when someone is in need of help is the first step — and approaching them with careful compassion is the hardest, most essential part that follows.

The 'Freedom Trucks' will haul AI slop George Washington on a tour across 48 American states.

No content preview

Researchers uncovered fake Claude Code install pages spreading infostealers that steal passwords and browser sessions.

The quiz is just bait. The real goal is to win permission to send browser notifications that can later be used for ads, scams, or shady promotions.

A list of topics we covered in the week of March 2 to March 8 of 2026

No content preview

FortiClient EMS 7.4.4 contains a pre-authentication SQL injection vulnerability (CVSS 9.1) in its multi-tenant site routing middleware. An unauthenticated attacker can inject arbitrary SQL by sending a crafted Site HTTP header to any pre-auth endpoint.  ( 14 min )

Learn how Microsoft Agent 365 and Microsoft 365 E7 can help secure your Frontier Transformation. The post Secure agentic AI for your Frontier Transformation appeared first on Microsoft Security Blog.

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure Palo Alto Networks Unit 42 has published a detailed investigation into a previously undocumented Chinese threat actor cluster — designated CL-UNK-1068 — that has been quietly compromising high-value organizations across South, Southeast, and East Asia since at least 2020 with little to no […] The post InfoSec News Nuggets 03/09/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

This week on the Lock and Code podcast, we speak with Matthew Guariglia about Ring smart doorbells and the surveillance network they create.

No content preview

No content preview

📖 [The CloudSecList] Issue 328 was originally published by Marco Lancini at CloudSecList on March 08, 2026.

No content preview

No content preview

A NASA spacecraft into a small asteroid in 2022 moved its orbit around the Sun, according to a study that presents the “first-ever measurement of human-caused change in the heliocentric orbit of a celestial body.”

No content preview

No content preview

No content preview

We found a fake Google Meet update that enrolls the victim's Windows PC in an attacker's device management system.

Bing search results pointed victims to GitHub repositories claiming to host OpenClaw installers, but in reality they installed malware.

We uncovered a fake CleanMyMac site delivering SHub Stealer, a macOS infostealer that steals credentials and silently backdoors crypto wallets.

Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877). The post AI as tradecraft: How threat actors operationalize AI appeared first on Microsoft Security Blog.

This week, we discuss a PC repair battle, a revealing comment from an FBI official, and a dangerous narrative.

No content preview

TL;DR: The Key Takeaways Continue reading on InfoSec Write-ups »

No content preview

Phobos Ransomware Leader Facing 20 Years in Prison After Pleading Guilty to Hacking Charges Evgenii Ptitsyn, the 43-year-old Russian national identified as the key developer and administrator behind the Phobos ransomware-as-a-service operation, pleaded guilty to wire fraud charges on Wednesday and is now facing up to 20 years in prison, with sentencing scheduled for July […] The post InfoSec News Nuggets 03/06/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.

"As part of our commitment to supporting ICE, we will be adding a ‘Support ICE’ donation button to the footer of every email sent through our platform."

A Greek court sentenced four Intellexa executives to prison for their role in a 2022 scandal that involved the use of Predator spyware against more than 90 public figures in the country. Citizen Lab researchers first published evidence of Predator spyware in Greece in late 2021. The Lab later analyzed the phones of journalist Thanasis […] The post Intellexa Founder, Three Others Sentenced to 8 Years in Prison Over Greek Spyware Scandal appeared first on The Citizen Lab.

AI Security Insights – March 2026

We’re excited to announce that Amazon Web Services (AWS) has completed the annual Dubai Electronic Security Centre (DESC) certification audit to operate as a Tier 1 Cloud Service Provider (CSP) for the AWS Middle East (UAE) Region. This alignment with DESC requirements demonstrates our continued commitment to adhere to the heightened expectations for CSPs. Government […]  ( 106 min )

Amazon Web Services (AWS) successfully completed the annual recertification audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. The objective of the audit was to enable AWS to expand their ISO and CSA STAR certifications to include one new AWS […]  ( 106 min )

This Women’s History Month, we explore ways to support the next generation of female defenders at every career stage. The post Women’s History Month: Encouraging women in cybersecurity at every career stage appeared first on Microsoft Security Blog.

Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise tenants, the campaign highlights the growing risk of data exposure through browser extensions. The post Malicious AI Assistant Extensions Harvest LLM Chat Histories appeared first on Microsoft Security Blog.

No content preview

No content preview

Find out how Harmonic achieved high-performance AI inference on Akamai Cloud with NVIDIA Blackwell GPUs, optimizing for speed and efficiency.

Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a third facility in Bahrain, disrupting approximately 60 AWS services across the Gulf region as Iran launched retaliatory strikes following a U.S. and […] The post InfoSec News Nuggets 03/05/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

TL;DR The value received by sanctioned entities surged 694% in 2025, driving total illicit transaction volume to a record $154… The post Crypto Crime in 2025 Was Primarily Driven by 694% Surge in State-Driven Sanctions Evasion Volume appeared first on Chainalysis.  ( 20 min )

File Shredder for Windows from Malwarebytes lets you truly, actually, really delete a file or folder from your hard drive or USB drive.

Google has urged the justices to strike down the controversial warrants, which can sweep up location data from hundreds of phones near a crime scene.

This blogpost explains how we bypassed the 16-byte password protection of the debug on several variants of the RH850 family using voltage fault injection.

On March 10, Citizen Lab senior researcher Noura Aljizawi will participate in an OSCE panel titled “From Harm to Justice: Ending Violence Against Women in the Public Sphere in the OSCE Region.”  Women who stand at the forefront of efforts to advance gender equality often face severe backlash for their public engagement, impacting individual rights […] The post From Harm to Justice: Ending Violence Against Women in the Public Sphere in the OSCE Region appeared first on The Citizen Lab.

No content preview

No content preview

To help you troubleshoot access denied errors, we recently added the Amazon Resource Name (ARN) of the denying policy to access denied error messages. This builds on our 2021 enhancement that added the type of the policy denying the access to access denied error messages. The ARN of the denying policy is only provided in […]  ( 107 min )

How Polymarket and Kalshi bet on Iran; AI translations are impacting Wikipedia; and an Amazon change impacting wishlists.

‘How ghoulish.’ The depravity economy moves into the nuclear war business.

AI translated articles swapped sources or added unsourced sentences with no explanation, while others added paragraphs sourced from completely unrelated material.

Scientists studied tiny, abnormal vibrations—called “glitches”—to discover what happens inside the Sun while it undergoes phases of low activity.

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with Europol and industry partners to facilitate a disruption of Tycoon2FA’s infrastructure and operations. The post Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale appeared first on Microsoft Security Blog.

No content preview

Reports of a "Great British Firewall" are exaggerated. And even if they wanted to, here's why it would be virtually impossible.

Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads.

Google has patched 129 Android vulnerabilities, including an actively exploited flaw in a widely used Qualcomm component.

Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services Iranian drone strikes directly hit two Amazon Web Services data centers in the UAE this week and caused damage to a third facility in Bahrain, disrupting approximately 60 AWS services across the Gulf region as Iran launched retaliatory strikes following a U.S. and […] The post InfoSec News Nuggets 03/04/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise environments. Organizations must harden certificate controls and monitor RMM activity to reduce exposure. The post Signed malware impersonating workplace apps deploys RMM backdoors appeared first on Microsoft Security Blog.

AI is a “game changer” for what the FBI calls remote access operations, an FBI official said in response to a 404 Media question on Tuesday.

Fake war footage is a problem as old as social media. AI has just supercharged it.

In a new series by CBC Podcasts, hosted by 404 Media's Sam Cole, join journalists, investigators, and targets of non-consensual intimate images on the hunt for the worlds’ most prolific deepfake mastermind.

An internal DHS document obtained by 404 Media shows for the first time CBP used location data sourced from the online advertising industry to track phone locations. ICE has bought access to similar tools.

Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report with 183 services in scope. The Swiss Financial Market Supervisory Authority (FINMA) has published several requirements and guidelines about engaging with outsourced services for the regulated financial services customers in Switzerland. An independent […]  ( 106 min )

Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) Type II attestation report with 183 services in scope. The Finnish Transport and Communications Agency (Traficom) Cyber Security Centre published PiTuKri, which consists of 52 criteria that provide guidance across 11 domains for […]  ( 106 min )

No content preview

No content preview

At the center of the dispute is how far AI models should be allowed to go inside military systems.

Researchers found a now-patched vulnerability in "Live in Chrome" that allowed a Chrome extension to inherit Gemini’s permissions.

These are the top threats you should know about this week.

Stay ahead with NVIDIA RTX PRO™ 6000 Blackwell Server Edition GPUs in the Akamai Inference Cloud. Discover the right GPU shape for your AI needs.

No content preview

Tauri promises a lighter, security-first future beyond Electron—but does it actually reduce risk? Carlos Yanez uncovers how XSS and permissive configs can still be chained into RCE, walking through real-world exploitation techniques every appsec team should understand.  ( 12 min )

CISA Replaces Acting Director After a Bumbling Year on the Job The Trump administration has ousted Madhu Gottumukkala as acting director of the Cybersecurity and Infrastructure Security Agency, replacing him with Nick Andersen, the agency’s former top cybersecurity official, after a turbulent tenure marked by reports of Gottumukkala uploading sensitive government documents to a public […] The post InfoSec News Nuggets 03/03/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed. Provecho has been notified and is aware of the claims surrounding the incident.

Update, 3/5/26 Earlier this week, we published an initial analysis of crypto outflows from Iranian exchanges in the immediate aftermath… The post Iranian Crypto Outflows Spike After Airstrikes Amid a Year of Rising On-Chain Activity appeared first on Chainalysis.  ( 13 min )

No content preview

No content preview

No content preview

No content preview

No content preview

No content preview

Authentication Bypass Continue reading on InfoSec Write-ups »

This is an easy room. So, so very easy… Continue reading on InfoSec Write-ups »

Three vulnerabilities in Avira Internet Security, from an arbitrary file delete primitive to two distinct paths to SYSTEM privileges.

No content preview

No content preview

South Korea’s National Tax Service Accidentally Exposes Crypto Wallet Seed Phrase, $4.8M Stolen Twice South Korea’s National Tax Service inadvertently published an unredacted photo of a seized Ledger hardware wallet’s mnemonic recovery phrase in a press release touting a successful tax enforcement action against 124 high-value delinquents. Within hours, an attacker funded the wallet with […] The post InfoSec News Nuggets 03/02/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure. The post OAuth redirection abuse enables phishing and malware delivery appeared first on Microsoft Security Blog.

As AI agents become part of your development workflows on Amazon Web Services (AWS), you want them to work with your existing AWS Identity and Access Management (IAM) permissions, not force you to build a separate permissions model. At the same time, you need the flexibility to apply different governance controls when an AI agent […]  ( 110 min )

Citizen Lab research fellow Wolfie Christl spoke with Der Standard about the Austrian Interior Ministry’s €900K investment in Tangles, a surveillance software that gathers and analyzes data from across social media and the web. Christl and a Citizen Lab colleague discovered that the tool was purchased by the Austrian ministry last summer. Experts are concerned […] The post Austrian Interior Ministry Using Cobwebs Surveillance Software appeared first on The Citizen Lab.

No content preview

As Samsung settles a lawsuit over how its smart TVs collect and monetize viewing data using ACR, here's how the rest of us can limit the data we're sharing.

A tampered copy of FileZilla quietly contacts attacker-controlled servers using encrypted DNS traffic that can slip past traditional monitoring.

A fake purchase order attachment turned out to be a phishing page designed to harvest your login details.

A list of topics we covered in the week of February 23 to March 1 of 2026

No content preview

In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the app. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.

In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.

In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.

No content preview

📖 [The CloudSecList] Issue 327 was originally published by Marco Lancini at CloudSecList on March 01, 2026.

No content preview

No content preview

The use of Mirai continues. Read how the Akamai SIRT identified active exploitation of vulnerabilities in the n8n automation platform and Tenda AC1206 routers.

Posted by Chrome Secure Web and Networking Team Today we're announcing a new program in Chrome to make HTTPS certificates secure against quantum computers. The Internet Engineering Task Force (IETF) recently created a working group, PKI, Logs, And Tree Signatures (“PLANTS”), aiming to address the performance and bandwidth challenges that the increased size of quantum-resistant cryptography introduces into TLS connections requiring Certificate Transparency (CT). We recently shared our call to action to secure quantum computing and have written about challenges introduced by quantum-resistant cryptography and some of the steps we’ve taken to address them in earlier blog posts. To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509…

No content preview

Cisco SD-WAN Zero-Day CVE-2026-20127 Has Been Actively Exploited Since 2023 — CISA Patch Deadline Is Today Cisco disclosed a maximum-severity (CVSS 10.0) authentication bypass flaw in its Catalyst SD-WAN Controller and Manager products, tracked as CVE-2026-20127, confirming the vulnerability has been actively exploited in the wild since at least 2023 — a three-year blind spot […] The post InfoSec News Nuggets 02/27/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

Researchers found that Google API keys long treated as harmless can now unlock access to Gemini.

Disguised as a security check, this fake Google alert uses browser permissions to harvest contacts, location data, and more.

This week, we look at how familiar API security failures — authentication bypasses, missing input validation allowing old school attacks like SQL injections — continue to surface across enterprise platforms and critical infrastructure. From exposed supply-chain APIs to identity-layer weaknesses and unauthenticated RCEs, the pattern is clear: basic API controls still break in production. We [...] Read More... The post Issue 289: SolarWinds RCE, Supply-Chain API Exposure, SQL Injection, and Identity for APIs in the Age of Agentic AI appeared first on API Security News.

In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, driver’s licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers.

In November 2024, Amazon Web Services (AWS) was the first major cloud service provider to announce the ISO/IEC 42001 accredited certification for AI services, covering: Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe. In November 2025, AWS successfully completed its first surveillance audit for ISO 42001:2023, Artificial Intelligence Management System with no findings. […]  ( 105 min )

AI agents have traditionally faced three core limitations: they can’t retain learned information or operate autonomously beyond short periods, and they require constant supervision. AWS addresses these limitations with frontier agents—a new category of AI that performs complex reasoning, multi-step planning, and autonomous execution for hours or days. Multi-agent collaboration has emerged as a powerful […]  ( 111 min )

AI threat modeling helps teams identify misuse, emergent risk, and failure modes in probabilistic and agentic AI systems. The post Threat modeling AI applications appeared first on Microsoft Security Blog.

No content preview

OKX and Chainalysis today announced an expansion of their relationship focused on proactive fraud and scam prevention. Building on OKX’s… The post OKX Adopts Chainalysis Alterya to Stop Fraud Before It Happens appeared first on Chainalysis.  ( 9 min )

TL;DR Ransomware payments stagnated despite record attacks claimed. Total on-chain ransomware payments fell by approximately 8% to $820 million in… The post Total Ransomware Payments Stagnate for Second Consecutive Year, While Attacks Escalate appeared first on Chainalysis.  ( 18 min )

L3Harris Exec Sentenced to 7 Years for Selling Eight Zero-Days to Russian Broker Operation Zero  Peter Williams, 39, the former general manager of Trenchant — a specialized L3Harris division that develops zero-day exploits exclusively for the U.S. government and Five Eyes allies — was sentenced Tuesday to 87 months in federal prison for stealing and […] The post InfoSec News Nuggets 02/26/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

Meet CloudFox GCP, an offensive security tool built to map identities, enumerate resources, and uncover real attack paths in Google Cloud. Designed for practitioners, it exposes privilege escalation, lateral movement, and data exfiltration risks so you can secure GCP before attackers exploit it.  ( 12 min )

AI Security Insights – February 2026

No content preview

This blog post dives into the most common classes of macOS Local Privilege Escalation vulnerabilities, from time-of-check to time-of-use (TOCTOU) Race Conditions and insecure XPC communications to a range of implementation and configuration oversights. We will explore how attackers can exploit these weaknesses to escalate privileges, and highlight real-world examples to illustrate recurring patterns.

These are the top threats you should know about this week.

No content preview

No content preview

Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse shared how Android’s proactive, multi-layered scam defenses utilize Google AI to protect users around the world from over 10 billion suspected malicious calls and messages every month1. While that scale is significant, the true impact of these protections is best understood through the stories of the individuals they help keep safe every day. This includes people like Majik B., an IT professional in Sunnyvale, California. Despite his technical background, Majik recently found himself on a call that felt dangerously legitimate. While using his Pixel, he received a call that appeared to be from his bank. The number looked correct, the caller knew…

In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.

Autonomous AI agents blur security boundaries, enabling data exfiltration, privilege abuse, and insider‑level risk in enterprises.

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard build workflows. The activity demonstrates how staged command-and-control can hide inside routine development tasks. The post Developer-targeting campaign using malicious Next.js repositories appeared first on Microsoft Security Blog.

AI-powered cyberattacks outpace aging SOC tools, and this new guide explains why manual defense fails and how autonomous, expert-led security transforms modern protection. The post Scaling security operations with Microsoft Defender autonomous defense and expert-led services appeared first on Microsoft Security Blog.

Bishop Fox identified a low-risk command injection flaw in Samsung Tizen OS (through 9.0) that allows OS-level code execution on smart TVs with developer mode enabled. Exploitation requires local access and the configured developer IP. Organizations should disable developer mode or use kiosk mode.  ( 10 min )

AI-Augmented Threat Actor Compromises 600+ FortiGate Devices Across 55 Countries  Amazon Threat Intelligence published findings detailing a Russian-speaking, financially motivated threat actor that used commercial generative AI tools to compromise more than 600 FortiGate devices spread across 55 countries between January 11 and February 18, 2026. Notably, the attackers exploited no FortiGate vulnerabilities — the […] The post InfoSec News Nuggets 02/24/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

No content preview

Ransomware Attack Forces Mississippi’s Largest Health System to Shut Down Statewide Clinics The University of Mississippi Medical Center (UMMC), the state’s only academic medical center, was hit by a ransomware attack in the early hours of February 19th that knocked out its entire IT network — including the Epic electronic health records platform, phone systems, […] The post InfoSec News Nuggets 02/23/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.

📖 [The CloudSecList] Issue 326 was originally published by Marco Lancini at CloudSecList on February 22, 2026.

Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates this shift: Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries […]  ( 112 min )

No content preview

No content preview

No content preview

Read how PatchDiff-AI uncovered the root cause of CVE-2026-21513 — an actively exploited MSHTML vulnerability — and how APT28 leveraged it in real-world attacks.

No content preview

In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.

In this excerpt of a TrendAI Research Services vulnerability report, Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team detail a recently patched command injection vulnerability in the Windows Notepad application. This bug was originally discovered by Cristian Papa and Alasdair Gorniak of Delta Obscura. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim's account. The following is a portion of their write-up covering CVE-2026-20841, with a few minimal modifications. A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links in Markdown files. A remote attacker could exploit this vulnerability by enticing the vic…

Citizen Lab researchers have co-authored two submissions to the Committee on Enforced Disappearances and UN Working Group on Enforced and Involuntary Disappearances.  One submission focuses on digital tools that enable disappearances, calling on host states to protect against rights violations caused by digital transnational repression. The authors argue  that enforced disappearances have been facilitated by […] The post Submissions to the Committee on Enforced Disappearances: And the UN Working Group on Enforced and Involuntary Disappearances appeared first on The Citizen Lab.

Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust Upgrading Google Play’s AI-powered, multi-layered user protections we prevented over 1.75 million policy-violating apps from being published on Google Play and banned more than 80,000 bad developer accounts that attempted to publish harmful apps. These figures demonstrate how our proactive protections and push for a more accountable ecosystem are discouraging bad actors from publishing malicious apps, while our new tools help honest developers build compliant apps more easily. Initiatives like developer verification, mandatory pre-review checks, and testing requirements have raised the bar for the Google Play ecosystem, significantly reducing the paths for bad actors to enter. parental controls to data safety transparency and app…

No content preview

Moving fast with AI is easy. Governing it isn’t. In this discussion, security and AI leaders share real-world lessons on inventory, least privilege, measurable outcomes, and building guardrails before scaling adoption.  ( 8 min )

No content preview

No content preview

TL;DR Darknet market activity remains resilient, with aggregate DNM flows reaching nearly $2.6 billion in 2025, underscoring the persistence of… The post From Fentanyl to Fraud: On-Chain Activity Highlights Illicit Market Evolution appeared first on Chainalysis.  ( 18 min )

Read about the disconnect between CEO enthusiasm for AI and employee perception of its value, and learn how to build communication that moves adoption forward.

No content preview

No content preview

No content preview

※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 1800年代初頭より、米国財務省は外交政策および国家安全保障上の目的を達成する手段として、経済制裁を行使してきました。 現在では、米国財務省の外国資産管理局（OFAC）は、国、個人、企業、そして国際的な麻薬組織やテロ組織のように、米国の利益に対して特定の脅威となるグループを制裁対象に指定しています。 長年にわたり、不正行為者は OFAC 制裁を回避するために、あらゆる手口を講じてきました。 近年では、「暗号資産の取引は匿名で追跡されない」といった誤った思い込みから、資金移転の手段として暗号資産に軸足を移すケースも見られます。 こうした動きを踏まえ、OFAC は制裁指定に際し、暗号資産アドレスを識別子の一つとして明示するようになりました。 2018年11月28日、OFACはbitcoinで身代金の支払いを要求した SamSamランサムウェア・スキーム に関与したイラン在住の2名を制裁指定し、あわせて両名が管理するbitcoin アドレスも SDNリスト（制裁対象リスト）に掲載しました。 この暗号資産に関する最初の制裁指定を境に、OFAC は多くのウォレットアドレスに加え、暗号資産サービスそのものも制裁対象として指定するようになりました。 本記事では、以下について解説します。 暗号資産分野におけるOFAC制裁コンプライアンス・ガイダンス 暗号資産に関連する主な OFAC… The post OFACと暗号資産犯罪：暗号資産アドレスが特定された全てのOFAC指定対象（SDN） appeared first on Chainalysis.  ( 10 min )

In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.

These are the top threats you should know about this week.

Learn why Akamai is at the core of the biggest online sporting events, and how we help you be successful in the most critical moments.

No content preview

In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past customer transactions" and stated that it originated from a breach at a third party in August 2025. The most recent transaction date in the data is July 2025.

In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.

In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.

Enterprise customers face an unprecedented security landscape where sophisticated cyber threats use artificial intelligence to identify vulnerabilities, automate attacks, and evade detection at machine speed. Traditional perimeter-based security models are insufficient when adversaries can analyze millions of attack vectors in seconds and exploit zero-day vulnerabilities before patches are available. The distributed nature of serverless architectures […]  ( 113 min )

No content preview

No content preview

No content preview

📖 [The CloudSecList] Issue 325 was originally published by Marco Lancini at CloudSecList on February 15, 2026.

No content preview

※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 MegaETH 上で開発を行うビルダーの皆さまは、スマートコントラクトやトークン、プロトコル全体を対象にリアルタイムで脅威を検知する Chainalysis の Web3 セキュリティソリューション Hexagate を、今すぐご利用いただけます。 Hexagate は、エクスプロイトやハッキング、ガバナンス面・財務面でのリスクからエコシステムを守るために設計された専用ソリューションです。高度な機械学習（ML）により、不審なパターンやブロックチェーン上のトランザクション（取引履歴）をリアルタイムで検知します。これにより MegaETH の開発者は、重大なインシデントに発展する前に、実行リスクやガバナンスの悪用、トークンの異常挙動をいち早く把握できます。 今回の連携により、MegaETH のビルダーは、自前で複雑な仕組みを構築・運用することなく、エンタープライズ水準のオンチェーンセキュリティモニタリングを利用できます。信頼性を損なうことなく、より速く、より安全にプロダクトをリリースするための効率的な方法です。 このパートナーシップにより、MegaETH のビルダーは以下を無償で利用できます。 Hexagate monitoring：MegaETH 上でのリアルタイムかつ… The post Chainalysis Hexagate、MegaETH 向けリアルタイム脅威検知を提供 appeared first on Chainalysis.  ( 7 min )

No content preview

※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 主に東南アジアを拠点とする人身売買の疑いがあるサービスへの暗号資産の資金フローは、2025年に85%増加し、特定されたサービス全体で数億ドル規模に達しました。 Telegramベースの「インターナショナルエスコート」サービスは、中国語圏のマネーロンダリングネットワーク（CMLN）や担保プラットフォームと高度に統合されており、トランザクションの約半数が10,000ドルを超えています。 分析により、東南アジアの人身売買組織のグローバルな展開が明らかになり、南北アメリカ、ヨーロッパ、オーストラリアなど各地から多額の暗号資産が流入しています。 児童性的虐待コンテンツ（CSAM）ネットワークはサブスクリプション型モデルへと進化し、サディスティックなオンライン過激主義（SOE）コミュニティとの重複が増加しています。また、米国のインフラを戦略的に利用している点は、高度な運営計画を示唆しています。 現金取引とは異なり、暗号資産が本質的に持つ透明性は、法執行機関やコンプライアンスチームが人身売買の活動を検知、追跡、阻止するための前例のない機会を生み出しています。 暗号資産と人身売買の疑いがある活動の交差は2025年にさらに深刻化し、特定されたサービス全体のトランザクション総額は数億ドルに達し、前年比（YoY）85%の増加となりました。この金額は、これらの犯罪がもたらす人的被害を大幅に過小評価しています。真のコストは、送金された金額ではなく、影響を受けた人々の命で測られるべきものです。 人身売買の疑いがあるサービスへの暗号資産の資金フローの急増は、孤立した現象ではなく、東南アジアを拠点とする詐欺コンパウンド、オンラインカジノやギャンブルサイト、そして主にTelegramを通じて運営される中国語圏のマネーロン…  ( 8 min )

TL;DR Cryptocurrency flows to suspected human trafficking services, largely based in Southeast Asia, grew 85% in 2025, reaching a scale… The post Cryptocurrency Flows to Suspected Human Trafficking Services Surge 85% Year-over-Year appeared first on Chainalysis.  ( 14 min )

No content preview

Chainalysis is excited to announce upgraded support for Stellar, one of the longest-running blockchains in the ecosystem. Founded in 2014,… The post Chainalysis Upgrades Support for Stellar with Automatic Token Support appeared first on Chainalysis.  ( 24 min )

No content preview

Sensor Intel Series: January 2026 CVE Trends

I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for February 2026 For February, Adobe released nine bulletins addressing 44 unique CVEs in Adobe Audition, After Effects, InDesign, Substance 3D Designer, Substance 3D Stager, Adobe Bridge, Substance 3D Modeler, Lightroom Classic, and the Adobe DNG Software Development Kit (SDK). The largest update here is for After Effects, which fixes 13 Critical and two Important rated bugs. The patch for Substance 3D Designer is on the larger side with seven fixes…

No content preview

These are the top threats you should know about this week.

Read about the new ransomware reality and what most security strategies get wrong. Learn how to protect your organization in 2026.

Bishop Fox's Rob Ragan explores how Cosmos AI transforms application security testing from a logistical bottleneck into a scalable service—enabling organizations to test entire portfolios.  ( 10 min )

In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.

In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised the incident was traced back to a legacy system and did not impact health data, financial information or passwords.

This blog post dives into the most common classes of macOS Local Privilege Escalation vulnerabilities, from time-of-check to time-of-use (TOCTOU) Race Conditions and insecure XPC communications to a range of implementation and configuration oversights. We will explore how attackers can exploit these weaknesses to escalate privileges, and highlight real-world examples to illustrate recurring patterns.

No content preview

Bishop Fox identified six vulnerabilities in Arista NG Firewall version 17.4, including critical command injection flaws allowing root-level code execution with some exploitable by chaining attacks through a single malicious link.  ( 10 min )