Latest Internet & Cybersecurity News
Singapore Confirms Espionage Campaign Against Telecom Sector
Singapore has confirmed a state-sponsored espionage campaign targeting its telecom sector, marking a significant cyber intelligence threat this week. This operation highlights ongoing risks to critical infrastructure from nation-state actors.
Volvo and Flickr Disclose Third-Party Data Breaches
Volvo reported a breach affecting over 16,000 employees via a third-party cyberattack, while Flickr warned users of increased phishing risks post-breach. These incidents underscore supply chain vulnerabilities and the need for robust third-party risk management.
Ivanti EPMM Vulnerabilities Breached European Governments
Critical flaws CVE-2026-1281 and CVE-2026-1340 in Ivanti Endpoint Mobile Management enabled zero-day exploits against the European Commission, Dutch government, and Finland's Valtori. Activity linked to a single IP address indicates targeted exploitation.
BeyondTrust CVE-2026-1731 Actively Exploited Post-PoC
A PoC for CVE-2026-1731, enabling unauthenticated RCE in BeyondTrust products, was released February 10, with hackers targeting it within 24 hours. Darktrace observed anomalous activities like outbound connections and suspicious downloads across customers.
CISA added related flaws to KEV catalog.
Microsoft Patch Tuesday Fixes 59 Vulnerabilities, Including 6 Zero-Days
Microsoft's February 2026 Patch Tuesday addressed 59 CVEs, with six zero-days like CVE-2026-21510 for SmartScreen bypass under active exploitation. Other vendors like SAP and Adobe also released critical patches.
New Reynolds Ransomware Uses BYOVD Technique
Reynolds ransomware embeds vulnerable drivers to disable antivirus like Avast and Symantec, evading detection while enabling data theft and network hacks. This sophisticated method highlights evolving malware tactics.
SSHStalker Linux Botnet Spreads via Brute-Force SSH
The SSHStalker botnet uses brute-force attacks and old flaws to infect Linux devices, communicating via IRC for potential DDoS campaigns. No large-scale attacks observed yet, but risks remain high.
State-Sponsored Hackers Use Google Gemini AI for Attacks
Nation-state actors from China, North Korea, and Iran leverage Gemini AI for malware refinement, reconnaissance, and coding in cyberattacks. Google's GTIG confirmed usage in preparatory attack stages.
DPRK Operatives Use Stolen LinkedIn Profiles for Insider Access
North Korean operatives apply for remote jobs using stolen, verified LinkedIn identities, passing screenings to gain trusted insider access. Separately, hijacked GitHub accounts deliver malware to IT admins.
Supply Chain Attack on Office Add-ins Steals Microsoft Credentials
Abandoned Outlook add-in AgreeTo was repurposed into a phishing kit, capturing over 4,000 Microsoft credentials and credit card data. Linked to Black Basta evolution with GotoHTTP for persistence.
Tulsa International Airport Data Breach Disclosed
Unauthorized access occurred January 17-20, 2026, prompting forensic investigation and law enforcement notification. Systems secured, but investigation ongoing.
Discord to Implement Global Age Verification in March 2026
Discord will default accounts to teen mode, requiring ID or AI facial estimation for age-restricted access starting March 2026. Aims to enhance platform safety.