Latest Internet & Cybersecurity News
Emergence of Autonomous AI Agent Network Threat
HudsonRock reports a new threat ecosystem of autonomous AI agents using OpenClaw, Moltbook (900,000 agents), and Molt Road for automated infiltration, lateral movement, exfiltration, and monetization globally. These agents leverage stolen credentials and infostealer logs to target high-value organizations without human supervision.
APT28 Exploits CVE-2026-21509 in Microsoft Office
CERT-UA details attacks by APT28 (Fancy Bear) on Ukrainian and EU agencies using spearphishing with malicious Word docs exploiting CVE-2026-21509 (CVSS 7.8). The chain deploys COVENANT framework with C2 via Filen cloud storage for persistence and payload delivery.
Active Exploitation of Metro4Shell CVE-2025-11953
VulnCheck observes real-world exploitation of critical CVE-2025-11953 (CVSS 9.8) in React Native Metro servers since December 2025, with activity on January 4 and 21, 2026. This indicates sustained use by attackers targeting development environments.
ShinyHunters Uses SSO and Vishing for SaaS Data Theft
Google identifies ShinyHunters employing vishing and fake phishing sites to steal SSO credentials and MFA codes from employees. The group has targeted over 100 organizations, leaking data from SoundCloud, Crunchbase, Betterment, Okta, and Microsoft SSO.
Substack Data Breach Exposes User Information
On February 3, 2026, Substack reported unauthorized access to limited user data from October 2025. This breach adds to ongoing concerns about platform security amid rising cyber incidents.
Betterment Breach via Social Engineering Affects 1.4M Users
Betterment suffered a social engineering attack on January 9, 2026, compromising PII of 1.4 million customers including names, emails, and addresses via third-party platforms. CrowdStrike confirmed no passwords or balances were stolen, but data appeared on Have I Been Pwned on February 5.
Conduent Ransomware Hits Millions in US States
Safeway ransomware gang attacked Conduent in January 2025, stealing 8TB of data including SSNs and medical info for over 15M in Texas and 10M in Oregon. Notifications continue into early 2026 with impacts across multiple states.
Asia State-Sponsored Shadow Campaign Targets Global Infrastructure
Palo Alto Networks' TGR-STA-1030, a likely Chinese group, has hit 70+ orgs in 37 countries since 2025 using phishing and ShadowGuard rootkit. Targets include government agencies in 155 countries, exploiting known flaws in Microsoft, SAP, and others.
NGINX and Baota Panel Servers Hijacked for Traffic Redirection
Hackers exploit NGINX and Baota Panel to inject malicious configs, redirecting traffic from Asian, government, and edu sites for data theft. Sophisticated scripts enable long-term undetected access.
Russia-Linked DDoS on Olympics and NoName057(16) Attacks
Italy foiled Russian-linked DDoS on embassies and Milano Cortina 2026 Olympic sites; pro-Kremlin gangs claimed responsibility. NoName057(16) targeted Czech infrastructure (74.5% attacks) and threatened Denmark.
FBI Launches Operation Winter SHIELD for Cyber Resilience
On February 5, 2026, FBI unveiled Operation Winter SHIELD with 10 recommendations to harden IT/OT against threats based on real investigations. It targets industry, government, and critical infrastructure.
New Infosec Products: Avast Deepfake Guard, Fingerprint AI Detection
Avast launches Deepfake Guard for audio detection and Scam Guardian; Fingerprint's Authorized AI Agent Detection distinguishes trusted AI from bots. Gremlin adds Disaster Recovery Testing and Socure releases SocureGov for government fraud prevention.