Latest Internet & Cybersecurity News
Hong Kong Revives Data Breach Reporting Amendments
Hong Kong's privacy regulator announced on February 7, 2026, plans to consult on reviving PDPO amendments mandating data breach reporting and fines. This aligns with global trends like US 72-hour incident reporting for critical infrastructure and Europe's NIS2 enforcement.
Organizations face pressure for faster responses and documentation.
APT28 Exploits Microsoft Office Zero-Day CVE-2026-21509
Russian-linked APT28 is actively exploiting a Microsoft Office zero-day in phishing against Ukrainian and EU targets using WebDAV and Covenant framework. CERT-UA issued a critical alert for this threat.
Productivity tools remain high-risk amid rising attacks.
Notepad++ Update Mechanism Hijacked by Violet Typhoon
State-sponsored Violet Typhoon compromised Notepad++'s official update system to distribute malware, hitting software supply chains. This underscores vulnerabilities in trusted update channels.
Users urged to verify software sources.
AISURU Botnet Launches Record 31.4 Tbps DDoS Attack
The AISURU botnet, using 2 million compromised Android devices, peaked at 31.4 Tbps in a hyper-volumetric DDoS, shattering records. This highlights mobile IoT risks in infrastructure attacks.
Defenses must evolve against such scale.
CISA Mandates Retirement of EOL Edge Devices in 90 Days
CISA's BOD 26-02 requires federal agencies to remediate vulnerable end-of-support edge devices within 90 days, targeting internet-exposed risks. Acting Director emphasizes no unsupported devices on networks.
Non-federal entities encouraged to follow.
Singapore's Operation CYBER GUARDIAN Counters UNC3886 APT
Singapore launched its largest cyber operation against UNC3886 APT targeting all major telcos using zero-days and rootkits since 2025. No service disruptions occurred; access points closed with enhanced monitoring.
Exfiltrated only technical network data.
Qilin Ransomware Hits Romania's Conpet Oil Pipeline Firm
Conpet detected a cyberattack on February 3, 2026, impacting IT but not SCADA; Qilin claims 1TB data theft and listed it on leak site. Operations continued normally via unaffected systems.
Group active with 40+ monthly victims in 2025.
European Commission Probes Mobile Device Management Breach
Hackers breached the European Commission's mobile device management systems, potentially accessing staff info on phones. Investigation underway into the cyber break-in targeting Brussels staff devices.
Scope of compromise under review.
AV-Comparatives Security Survey 2026 Reveals Global Trends
Survey of 1,328 users across 87 countries shows Windows 11 dominant, Linux rising; top feared attack sources: Russia, China, US, North Korea. Commercial security preferred; concerns over domestic threats.
Insights for pros on OS shifts and perceptions.
Mozilla Firefox 148 Enables Central AI Feature Disable
Mozilla announced Firefox 148 allows users to centrally disable all generative AI features, prioritizing privacy amid tool threats. Contrasts rising AI-integrated risks in software.
Users gain control over AI in browsers.
World Economic Forum Warns of AI-Driven Cyber Threats
WEF's 2026 outlook highlights escalating AI cyber attacks, fraud epidemics, and supply chain risks globally. Expertise gaps hinder resilience in NGOs and public sector.
Calls for collective investment to close cyber equity gaps.