In the beginning of April, three attacks detected in the Guardicore Global Sensor Network (GGSN) caught our attention. All three had source IP addresses originating in South-Africa and hosted by VolumeDrive ISP (see IoCs).

Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.

Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.

Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.

In this Akamai FLAME Trailblazer blog post, Rachel Bayley encourages women to step into the unknown and to be their authentic selves.

In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.

No content preview

No content preview

“This is really a turning point and we’re in a historical transition at present.”

How a late-night experiment with ChatGPT and DALL·E completely upended my ego — and taught me what the future of design really looks like. Continue reading on InfoSec Write-ups »

No content preview

No content preview

A hands-on guide covering IIS recon, shortname testing and advanced fuzzing used in real bug bounty hunting. Continue reading on InfoSec Write-ups »

Commercial AI services are enabling even unsophisticated threat actors to conduct cyberattacks at scale—a trend Amazon Threat Intelligence has been tracking closely. A recent investigation illustrates this shift: Amazon Threat Intelligence observed a Russian-speaking financially motivated threat actor leveraging multiple commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries […]  ( 112 min )

No content preview

No content preview

No content preview

No content preview

Researchers discovered 26 new microbial species in ancient Alaskan permafrost, hoping their frost-fighting chemistry could help soldiers and civilians alike survive extreme cold.

This week, we discuss parenting blogs, Pinterest sawing its own legs off, and legal guardrails.

No content preview

Behind a basic age check, researchers say Persona’s system runs extensive identity, watchlist, and adverse-media screening.

Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download.

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs Researchers disclosed multiple serious vulnerabilities in four widely used Microsoft Visual Studio Code extensions that collectively have over 125 million installs. The flaws could let attackers exfiltrate local files and run arbitrary code on developer machines. Users are urged to audit installed […] The post InfoSec News Nuggets 02/20/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

No content preview

No content preview

No content preview

Hey there!😁 Continue reading on InfoSec Write-ups »

HTB OWASP TOP 10 2025 | NovaEnergy Continue reading on InfoSec Write-ups »

In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.

In this excerpt of a TrendAI Research Services vulnerability report, Nikolai Skliarenko and Yazhi Wang of the TrendAI Research team detail a recently patched command injection vulnerability in the Windows Notepad application. This bug was originally discovered by Cristian Papa and Alasdair Gorniak of Delta Obscura. Successful exploitation of this vulnerability could result in the execution of arbitrary commands in the security context of the victim's account. The following is a portion of their write-up covering CVE-2026-20841, with a few minimal modifications. A remote code execution vulnerability has been reported in Microsoft Windows Notepad. The vulnerability is due to improper validation of links in Markdown files. A remote attacker could exploit this vulnerability by enticing the vic…

An Oklahoma man tried to talk about a data center coming to his community. Police arrested him when he went a few seconds over his time limit.

“Looksmaxxers” are losers and freaks, but we let them steer the culture when we adopt their terminology.

In the latest in a string of privacy abuses from the chatbot, Grok provided porn performer Siri Dahl's full legal name and birthdate to the public, information she'd protected until now.

Users are exhausted fighting AI moderation, AI-generated art, and AI-first features.

No content preview

Citizen Lab researchers have co-authored two submissions to the Committee on Enforced Disappearances and UN Working Group on Enforced and Involuntary Disappearances.  One submission focuses on digital tools that enable disappearances, calling on host states to protect against rights violations caused by digital transnational repression. The authors argue  that enforced disappearances have been facilitated by […] The post Submissions to the Committee on Enforced Disappearances: And the UN Working Group on Enforced and Involuntary Disappearances appeared first on The Citizen Lab.

Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust Upgrading Google Play’s AI-powered, multi-layered user protections we prevented over 1.75 million policy-violating apps from being published on Google Play and banned more than 80,000 bad developer accounts that attempted to publish harmful apps. These figures demonstrate how our proactive protections and push for a more accountable ecosystem are discouraging bad actors from publishing malicious apps, while our new tools help honest developers build compliant apps more easily. Initiatives like developer verification, mandatory pre-review checks, and testing requirements have raised the bar for the Google Play ecosystem, significantly reducing the paths for bad actors to enter. parental controls to data safety transparency and app…

Read the new maturity-based guide that helps organizations move from fragmented, reactive security practices to a unified exposure management approach that enables proactive defense. The post New e-book: Establishing a proactive defense with Microsoft Security Exposure Management appeared first on Microsoft Security Blog.

Self-hosted agents execute code with durable credentials and process untrusted input. This creates dual supply chain risk, where skills and external instructions converge in the same runtime. As OpenClaw-like systems enter enterprises, governance and runtime isolation become critical. The post Running OpenClaw safely: identity, isolation, and runtime risk appeared first on Microsoft Security Blog.

AI-generated passwords are "highly predictable" and aren’t truly random, making them easier for cybercriminals to crack.

A phishing attack on a Tenga employee may have exposed US customer data. Customers should watch for sextortion-themed phishing attempts.

Hopefully Meta really will file this in the "just because we can do it doesn't mean we should" drawer.

No content preview

Moving fast with AI is easy. Governing it isn’t. In this discussion, security and AI leaders share real-world lessons on inventory, least privilege, measurable outcomes, and building guardrails before scaling adoption.

From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day Google’s threat intel team says a suspected PRC-nexus cluster (UNC6201) has been exploiting a Dell RecoverPoint for Virtual Machines zero-day (CVE-2026-22769, CVSS 10.0) since at least mid-2024. The writeup ties exploitation to lateral movement, persistence, and multiple malware families, including BRICKSTORM and […] The post InfoSec News Nuggets 02/19/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

No content preview

TL;DR Darknet market activity remains resilient, with aggregate DNM flows reaching nearly $2.6 billion in 2025, underscoring the persistence of… The post From Fentanyl to Fraud: On-Chain Activity Highlights Illicit Market Evolution appeared first on Chainalysis.

Read about the disconnect between CEO enthusiasm for AI and employee perception of its value, and learn how to build communication that moves adoption forward.

No content preview

No content preview

Regulation of immigration or work visas means "it could be more difficult to staff our personnel on customer engagements and could increase our costs," Palantir wrote.

Ring's CEO told staff the feature is “first for finding dogs,” indicating a plan to expand.

We got leaked documents about Alpha School. We also talk about what happens when someone decides to make an AI OnlyFans in your name, and the AI tool cops are buying to geolocate photos.

No content preview

This breach now appears far more serious. The leaked data includes rich personal and financial details that phishers could use.

Phishers are using fake Google Forms pages hosted on lookalike domains to trick job seekers into handing over their Google credentials.

An AI chatbot posing as Google’s Gemini is being used to pitch fake “Google Coin,” promising 7x returns.

No content preview

Stable Channel Update for Desktop Google shipped an emergency Chrome stable update to 145.0.7632.75/76 (Windows and Mac) and 144.0.7559.75 (Linux). The release fixes CVE-2026-2441, a high-severity use-after-free bug in CSS. Google also states an exploit exists in the wild, so this is a restart-and-verify-your-fleet item, not a wait-for-the-next-window patch.   City of Marietta hit by […] The post InfoSec News Nuggets 02/18/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 1800年代初頭より、米国財務省は外交政策および国家安全保障上の目的を達成する手段として、経済制裁を行使してきました。 現在では、米国財務省の外国資産管理局（OFAC）は、国、個人、企業、そして国際的な麻薬組織やテロ組織のように、米国の利益に対して特定の脅威となるグループを制裁対象に指定しています。 長年にわたり、不正行為者は OFAC 制裁を回避するために、あらゆる手口を講じてきました。 近年では、「暗号資産の取引は匿名で追跡されない」といった誤った思い込みから、資金移転の手段として暗号資産に軸足を移すケースも見られます。 こうした動きを踏まえ、OFAC は制裁指定に際し、暗号資産アドレスを識別子の一つとして明示するようになりました。 2018年11月28日、OFACはbitcoinで身代金の支払いを要求した SamSamランサムウェア・スキーム に関与したイラン在住の2名を制裁指定し、あわせて両名が管理するbitcoin アドレスも SDNリスト（制裁対象リスト）に掲載しました。 この暗号資産に関する最初の制裁指定を境に、OFAC は多くのウォレットアドレスに加え、暗号資産サービスそのものも制裁対象として指定するようになりました。 本記事では、以下について解説します。 暗号資産分野におけるOFAC制裁コンプライアンス・ガイダンス 暗号資産に関連する主な OFAC… The post OFACと暗号資産犯罪：暗号資産アドレスが特定された全てのOFAC指定対象（SDN） appeared first on Chainalysis.

In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.

These are the top threats you should know about this week.

This article explains why Chrome’s “preloading” can cause scary-looking blocks in Malwarebytes Browser Guard.

Malwarebytes Scam Guard is now on Windows and Mac, bringing AI-powered scam detection to your desktop.

Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.

A hobby coding experiment reportedly exposed live camera feeds, microphones, and floor plans from thousands of robot vacuums worldwide.

Learn why Akamai is at the core of the biggest online sporting events, and how we help you be successful in the most critical moments.

No content preview

New research from Microsoft and Omdia reveals how fragmented tools, manual workflows, and alert overload are pushing SOCs to a breaking point. The post Unify now or pay later: New research exposes the operational cost of a fragmented SOC appeared first on Microsoft Security Blog.

Leaked documents reveal the inner workings of Alpha School, which both the press and the Trump administration have applauded. The documents show Alpha School's AI is generating faulty lessons that sometimes do "more harm than good."

No content preview

Apple fixes dangerous zero-day flaw affecting macOS, iOS and more, update now to avoid ‘extremely sophisticated attack’ Apple pushed updates across iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to fix a critical dyld memory corruption bug (CVE-2026-20700) that can enable arbitrary code execution. Apple says it may have been used in an “extremely sophisticated” targeted […] The post Reducing the number of super admins in Google Workspaces appeared first on AboutDFIR - The Definitive Compendium Project.

In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past customer transactions" and stated that it originated from a breach at a third party in August 2025. The most recent transaction date in the data is July 2025.

In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.

In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.

Enterprise customers face an unprecedented security landscape where sophisticated cyber threats use artificial intelligence to identify vulnerabilities, automate attacks, and evade detection at machine speed. Traditional perimeter-based security models are insufficient when adversaries can analyze millions of attack vectors in seconds and exploit zero-day vulnerabilities before patches are available. The distributed nature of serverless architectures […]  ( 113 min )

No content preview

No content preview

The site, camgirlfinder, is explicitly built as a tool to let people find a model's presence on other streaming platforms. The creator says “If that is a problem for you then the sad reality is this job is not for you.”

Google patches first Chrome zero-day exploited in attacks this year Google released emergency updates for Chrome to fix CVE-2026-2441, which it says is being exploited in the wild. The issue is a use-after-free linked to iterator invalidation in Chrome’s handling of CSS font feature values. Google did not share exploit details, which usually means defenders […] The post InfoSec News Nuggets 02/16/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

Microsoft researchers found a ClickFix campaign that uses the nslookup tool to have users infect their own system with a Remote Access Trojan.

A list of topics we covered in the week of February 9 to February 15 of 2026

A story about an AI generated article contained fabricated, AI generated quotes.

No content preview

📖 [The CloudSecList] Issue 325 was originally published by Marco Lancini at CloudSecList on February 15, 2026.

Scientists have recreated a miniature laboratory version of the massive cyclonic storms that rage at Jupiter’s poles.

No content preview

※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 MegaETH 上で開発を行うビルダーの皆さまは、スマートコントラクトやトークン、プロトコル全体を対象にリアルタイムで脅威を検知する Chainalysis の Web3 セキュリティソリューション Hexagate を、今すぐご利用いただけます。 Hexagate は、エクスプロイトやハッキング、ガバナンス面・財務面でのリスクからエコシステムを守るために設計された専用ソリューションです。高度な機械学習（ML）により、不審なパターンやブロックチェーン上のトランザクション（取引履歴）をリアルタイムで検知します。これにより MegaETH の開発者は、重大なインシデントに発展する前に、実行リスクやガバナンスの悪用、トークンの異常挙動をいち早く把握できます。 今回の連携により、MegaETH のビルダーは、自前で複雑な仕組みを構築・運用することなく、エンタープライズ水準のオンチェーンセキュリティモニタリングを利用できます。信頼性を損なうことなく、より速く、より安全にプロダクトをリリースするための効率的な方法です。 このパートナーシップにより、MegaETH のビルダーは以下を無償で利用できます。 Hexagate monitoring：MegaETH 上でのリアルタイムかつ… The post Chainalysis Hexagate、MegaETH 向けリアルタイム脅威検知を提供 appeared first on Chainalysis.

No content preview

No content preview

No content preview

No content preview

This week, we discuss support and saying RIP to FPDS.

No content preview

CISA Warns of Exploited SolarWinds, Notepad++, Microsoft Vulnerabilities CISA flagged multiple vulnerabilities as actively exploited, spanning SolarWinds Web Help Desk, Notepad++ update integrity issues, and Microsoft Configuration Manager. The practical takeaway is that these are not theoretical bugs, defenders should treat them as “patch and hunt” items. If you run any of the affected products, […] The post InfoSec News Nuggets 02/13/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

Researchers have uncovered 30 Chrome extensions stealing user data. Here’s how to check your browser and remove any malicious extensions step by step.

Olympic merchandise is already being used as bait. We’ve identified nearly 20 fake shop sites targeting fans globally.

※この記事は自動翻訳されています。正確な内容につきましては原文をご参照ください。 要約 主に東南アジアを拠点とする人身売買の疑いがあるサービスへの暗号資産の資金フローは、2025年に85%増加し、特定されたサービス全体で数億ドル規模に達しました。 Telegramベースの「インターナショナルエスコート」サービスは、中国語圏のマネーロンダリングネットワーク（CMLN）や担保プラットフォームと高度に統合されており、トランザクションの約半数が10,000ドルを超えています。 分析により、東南アジアの人身売買組織のグローバルな展開が明らかになり、南北アメリカ、ヨーロッパ、オーストラリアなど各地から多額の暗号資産が流入しています。 児童性的虐待コンテンツ（CSAM）ネットワークはサブスクリプション型モデルへと進化し、サディスティックなオンライン過激主義（SOE）コミュニティとの重複が増加しています。また、米国のインフラを戦略的に利用している点は、高度な運営計画を示唆しています。 現金取引とは異なり、暗号資産が本質的に持つ透明性は、法執行機関やコンプライアンスチームが人身売買の活動を検知、追跡、阻止するための前例のない機会を生み出しています。 暗号資産と人身売買の疑いがある活動の交差は2025年にさらに深刻化し、特定されたサービス全体のトランザクション総額は数億ドルに達し、前年比（YoY）85%の増加となりました。この金額は、これらの犯罪がもたらす人的被害を大幅に過小評価しています。真のコストは、送金された金額ではなく、影響を受けた人々の命で測られるべきものです。 人身売買の疑いがあるサービスへの暗号資産の資金フローの急増は、孤立した現象ではなく、東南アジアを拠点とする詐欺コンパウンド、オンラインカジノやギャンブルサイト、そして主にTelegramを通じて運営される中国語圏のマネーロン…

TL;DR Cryptocurrency flows to suspected human trafficking services, largely based in Southeast Asia, grew 85% in 2025, reaching a scale… The post Cryptocurrency Flows to Suspected Human Trafficking Services Surge 85% Year-over-Year appeared first on Chainalysis.

Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real exposure. This article consolidates the ten most common risks we observe and maps each to practical detections and mitigations using Microsoft Defender capabilities. The post Top 10 actions to build agents securely with Microsoft Copilot Studio appeared first on Microsoft Security Blog.

Microsoft Security returns to RSAC Conference to show how Frontier Firms—organizations that are human-led and agent-operated—can stay ahead. The post Your complete guide to Microsoft experiences at RSAC™ 2026 Conference appeared first on Microsoft Security Blog.

The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.

Landmark trials now underway allege Meta failed to protect children from sexual exploitation, grooming, and addiction-driven design.

Apple issued security updates for all devices which include a patch for an actively exploited zero-day—tracked as CVE-2026-20700.

AI-assisted website builders are making it far easier for scammers to impersonate well-known and trusted brands, including Malwarebytes.

Google says hackers are abusing Gemini AI for all attacks stages Google reports multiple state backed groups are using Gemini to support end to end operations, including recon, payload development, and post compromise tasks. The practical risk is faster iteration on lures, tooling, and procedures, even when the model is not directly producing malware. The […] The post InfoSec News Nuggets 02/12/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

Chainalysis is excited to announce upgraded support for Stellar, one of the longest-running blockchains in the ecosystem. Founded in 2014,… The post Chainalysis Upgrades Support for Stellar with Automatic Token Support appeared first on Chainalysis.

New guide details how a unified, AI ready SIEM platform empowers security leaders to operate at the speed of AI, strengthen resilience, accelerate detection and response, and more. The post The strategic SIEM buyer’s guide: Choosing an AI-ready platform for the agentic era appeared first on Microsoft Security Blog.

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits Researchers have disclosed a new Linux botnet dubbed SSHStalker that leverages the old Internet Relay Chat (IRC) protocol for command‑and‑control, breathing fresh life into legacy communications channels for modern mass compromise. Initial reporting suggests the botnet scans SSH endpoints to find vulnerable […] The post InfoSec News Nuggets 02/11/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

Sensor Intel Series: January 2026 CVE Trends

I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. My location never stops Patch Tuesday from coming, so let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for February 2026 For February, Adobe released nine bulletins addressing 44 unique CVEs in Adobe Audition, After Effects, InDesign, Substance 3D Designer, Substance 3D Stager, Adobe Bridge, Substance 3D Modeler, Lightroom Classic, and the Adobe DNG Software Development Kit (SDK). The largest update here is for After Effects, which fixes 13 Critical and two Important rated bugs. The patch for Substance 3D Designer is on the larger side with seven fixes…

No content preview

Read Microsoft's new Cyber Pulse report for straightforward, practical insights and guidance on new cybersecurity risks. The post 80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier appeared first on Microsoft Security Blog.

That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends.  Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. The post Manipulating AI memory for profit: The rise of AI Recommendation Poisoning appeared first on Microsoft Security Blog.

These are the top threats you should know about this week.

Read about the new ransomware reality and what most security strategies get wrong. Learn how to protect your organization in 2026.

Winter Olympics hit by suspected ‘Russian origin’ cyberattack – as one of Europe’s largest universities also reports major cybersecurity incident Italy said it blocked a wave of cyberattacks described as “of Russian origin” targeting systems tied to the Milano Cortina 2026 Winter Olympics, including hotels in Cortina d’Ampezzo. The pro Russian group NoName057(16) claimed the […] The post InfoSec News Nuggets 02/10/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

Bishop Fox's Rob Ragan explores how Cosmos AI transforms application security testing from a logistical bottleneck into a scalable service—enabling organizations to test entire portfolios.

In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.

In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised the incident was traced back to a legacy system and did not impact health data, financial information or passwords.

This blog post dives into the most common classes of macOS Local Privilege Escalation vulnerabilities, from time-of-check to time-of-use (TOCTOU) Race Conditions and insecure XPC communications to a range of implementation and configuration oversights. We will explore how attackers can exploit these weaknesses to escalate privileges, and highlight real-world examples to illustrate recurring patterns.

We’re excited to announce that MegaETH builders can now access Hexagate, the Chainalysis Web3 security solution that delivers real-time threat… The post Chainalysis Hexagate Supports MegaETH Ecosystem with Real-Time Smart Contract Security Detection appeared first on Chainalysis.

As LLMs and diffusion models power more applications, their safety alignment becomes critical. The post A one-prompt attack that breaks LLM safety alignment appeared first on Microsoft Security Blog.

Please Don’t Feed the Scattered Lapsus ShinyHunters This piece profiles an extortion crew (“SLSH”) that pairs data theft with direct, personal harassment of executives and their families, including threats and swatting. The reporting highlights that the group’s behavior is less predictable than traditional ransomware operations, which increases risk if a victim engages. A key takeaway […] The post InfoSec News Nuggets 02/09/2026 appeared first on AboutDFIR - The Definitive Compendium Project.

No content preview

Bishop Fox identified six vulnerabilities in Arista NG Firewall version 17.4, including critical command injection flaws allowing root-level code execution with some exploitable by chaining attacks through a single malicious link.

📖 [The CloudSecList] Issue 324 was originally published by Marco Lancini at CloudSecList on February 08, 2026.

We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now. The post Analysis of active exploitation of SolarWinds Web Help Desk appeared first on Microsoft Security Blog.

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.

No content preview

No content preview

No content preview

In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arista NG Firewall. This bug was originally discovered by Gereon Huppertz and reported through the TrendAI Zero Day Initiative (ZDI) program. Successful exploitation could result in arbitrary command execution under the security context of the root user. The following is a portion of their write-up covering CVE-2025-6798, with a few minimal modifications. A command injection vulnerability has been reported in Arista NG Firewall. The vulnerability is due to improper validation of user data in the diagnostics component. A remote, authenticated attacker could exploit this vulnerability by sending craf…

Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice, Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.

In this article I describe Java bytecode obfuscation, using one of the challenges I did in 2023 as part of the interviews with Quarkslab for the position of Java compiler engineer in QShield.

Crypto doesn’t wait for your next scheduled course Crypto and crime are moving faster than most training programs can keep… The post Meet the New Chainalysis Academy: Where Learning Becomes Mastery appeared first on Chainalysis.

Pen tests don’t fail because testers miss bugs. They fail when no one agrees what questions the test should answer. In today’s cloud- and AI-driven apps, scoping, execution, and follow-through determine whether results drive real decisions or just become another filed report.

No content preview

A look at how AI powering the 2026 Winter Games is vulnerable to adversarial prompts, behavioral vulnerabilities, and weak guardrails.

These are the top threats you should know about this week.

This week, Chainalysis welcomes Sebastien Giroux as the company’s Chief Financial Officer. As a key member of the leadership team,… The post Sebastien Giroux Joins Chainalysis as Chief Financial Officer appeared first on Chainalysis.

Stablecoins are no longer a theoretical innovation. They are now operating as production-grade financial infrastructure, supporting real-time settlement, cross-border payments,… The post How Banks Should Engage with Stablecoins: Issue, Partner, or Integrate appeared first on Chainalysis.

Citizen Lab senior research associate Emile Dirks spoke with the International Consortium of Investigative Journalists about a report he co-authored on transnational repression in the EU.  The authors found that European nations respond more weakly to transnational repression from China than repression by other countries. Dirks notes that this is likely due to closer economic […] The post New EU Report Urges More Aggressive Action Against Transnational Repression appeared first on The Citizen Lab.

No content preview

Citizen Lab senior researcher Bill Marczak served as a key witness in a UK ruling that ordered Saudi Arabia to pay £3m to a London dissident who was targeted with Pegasus spyware. In 2018, Citizen Lab researchers discovered that a Saudi operator called KINGDOM was targeting dissidents abroad with NSO Group’s Pegasus spyware. Saudi activist and […] The post Saudi Arabia Ordered to Pay £3m to London Dissident Over Pegasus Spying appeared first on The Citizen Lab.

📖 [The CloudSecList] Issue 323 was originally published by Marco Lancini at CloudSecList on February 01, 2026.

In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.

No content preview

You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams can continue using existing skills and applications while your organization benefits from the enhanced security, reliability, and scalability of AWS managed services. You can also run AWS Managed Microsoft AD as […]  ( 111 min )

December 2, 2019: Original publication date of this post. At AWS, we encourage you to use automation. Not just to deploy your workloads and configure services, but to also help you quickly detect and respond to security events within your AWS environments. In addition to increasing the speed of detection and response, automation also helps […]  ( 120 min )

This week, we look at how long-standing API security failures are being amplified by automation, AI, and increasingly aggressive exploitation timelines. From agentic AI vulnerabilities in ServiceNow to authentication bypasses actively exploited in SmarterMail and Fortinet infrastructure, this issue highlights how broken authentication and authorization continue to dominate real-world incidents.  We also dive into the 42Crunch [...] Read More... The post Issue 288: State of API Security 2026, Agentic AI, Authentication Bypasses, and the Race to Patch APIs appeared first on API Security News.

Citizen Lab senior fellow Cynthia Khoo spoke with the CBC about the People’s Consultation on AI, launched by a civil society coalition last week in response to the federal government’s “national sprint” on AI. The independent initiative decries the short timeline of the “mad 30-day rush” to inform national policy and its overreliance on industry […] The post Want the Federal Government to Hear Your Thoughts on AI?: New Consultation Launched appeared first on The Citizen Lab.

These are the top threats you should know about this week.

No content preview

Agentic AI gives LLMs the power to act: query databases, call APIs or access files. But when your tools blindly trust the LLM, you've created a confused deputy. Here's a practical and comprehensive approach to understanding and identifying this critical authorization flaw.

No content preview

Customers need solutions to track inventory data such as files and software across Amazon Elastic Compute Cloud (Amazon EC2) instances, detect unauthorized changes, and integrate alerts into their existing security workflows. In this blog post, I walk you through a highly scalable serverless file integrity monitoring solution. It uses AWS Systems Manager Inventory to collect […]  ( 114 min )

Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That’s why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt. Today, we're announcing a powerful set of theft protection feature updates that build on our existing protections, designed to give you greater peace of mind by making your device a much harder target for criminals. Stronger Authentication Safeguards More User Control for Failed Authentications: In Android 15, we launched Failed Authentication Lock, a feature that automatically locks the device's scree…

The Q4 2025 Akamai API Security updates help organizations shift security left, improve coverage, and reduce friction.

In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month.

No content preview

No content preview

Amazon Web Services (AWS) recommends using AWS IAM Identity Center to provide your workforce access to AWS managed applications—such as Amazon Q Developer—and AWS accounts. Today, we announced IAM Identity Center support for IPv6. To learn more about the advantages of IPv6, visit the IPv6 product page. When you enable IAM Identity center, it provides […]  ( 109 min )

Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) audit for the AWS CloudHSM service. With CloudHSM, you can manage and access your keys on FIPS 140-3 Level 3 validated hardware, protected with customer-owned, single-tenant hardware security module (HSM) instances that run in your […]  ( 106 min )

In October 2025, Citizen Lab researchers and director Ron Deibert signed an open letter to the Canadian Minister of Artificial Intelligence and Digital Innovation and the Minister of Industry rejecting the “National Sprint” on AI strategy and announcing  a then-forthcoming independent “People’s Consultation on AI.”  The independent consultation is now accepting submissions until March 15, […] The post People’s Consultation on AI Now Accepting Submissions appeared first on The Citizen Lab.

Citizen Lab senior research associate Emile Dirks will be attending a meeting on transnational repression (TNR) at the EU Parliament’s Committee on Foreign Affairs on January 28, during which Nate Schenkkan (lead author, independent researcher), Zselyke Csaky (senior research fellow at the Centre for European Reform), Alexander Dukalskis (Assistant Professor at University College Dublin at […] The post Perpetrators and Methods of Transnational Repression and Possible Counter Strategies appeared first on The Citizen Lab.

No content preview

No content preview

📖 [The CloudSecList] Issue 322 was originally published by Marco Lancini at CloudSecList on January 25, 2026.

Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) audit for the AWS Payment Cryptography service. With AWS Payment Cryptography, your payment processing applications can use payment hardware security modules (HSMs) that are PCI PIN Transaction Security (PTS) HSM certified and fully managed by […]  ( 105 min )

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run […]  ( 106 min )

Amazon Web Services (AWS) is pleased to announce the expansion of GSMA Security Accreditation Scheme for Subscription Management (SAS-SM) certification to four new AWS Regions: US West (Oregon), Europe (Frankfurt), Asia Pacific (Tokyo), and Asia Pacific (Singapore). Additionally, the AWS US East (Ohio) and Europe (Paris) Regions have been recertified. All certifications are under the […]  ( 106 min )

One of the most common questions about secrets management strategies on Amazon Web Services (AWS) is whether an organization should centralize its secrets. Though this question is often focused on whether secrets should be centrally stored, there are four aspects of centralizing the secrets management process that need to be considered: creation, storage, rotation, and […]  ( 112 min )

In an op-ed for the Toronto Star, Jason Stanley and Ron Deibert write that Mark Carney must emphasize the importance of democratic values on the world stage.  “Canada is a healthy, pluralistic, and multicultural democracy,” making it “more essential now than ever that our prime minister stands up for the values our tolerant, multiracial society […] The post What Carney Didn’t Say in Davos is What the World Needed to Hear Most appeared first on The Citizen Lab.

Citizen Lab director Ron Deibert spoke with the Walrus about Minister of Artificial Intelligence and Digital Innovation Evan Solomon’s 30-day “national sprint” to inform Canada’s approach to AI development.  Deibert opted not to participate in the government process. “I don’t want to lend credibility to such flawed processes by participating,” he said, citing a need […] The post Evan Solomon Wants Canada to Trust AI. Can We Trust Evan Solomon? appeared first on The Citizen Lab.

No content preview

No content preview

No content preview

No content preview