Latest Internet & Cybersecurity News
Singapore Confirms China-Linked Espionage Campaign Against Telecom Sector
Singapore disclosed an 11-month campaign by a China-linked group targeting its four major telecom operators using zero-day vulnerabilities in edge devices for long-term persistence. The deliberate attack highlights blind spots in edge device security, urging defense-in-depth strategies.
Organizations should implement compensating controls for firewalls and similar devices.
Volvo and Flickr Disclose Third-Party Data Breaches
Volvo reported a breach affecting over 16,000 employees via a third-party cyberattack, while Flickr warned customers of increased phishing risks post-breach. These incidents underscore supply chain vulnerabilities and the need for robust third-party risk management.
Business continuity plans must account for external dependencies.
Ivanti Mobile Management Vulnerability Breaches European Governments
An Ivanti vulnerability was exploited to breach European government entities, with sleeper shells implanted for persistent access. Attackers uploaded payloads deliberately without immediate smash-and-grab tactics.
This follows patterns of mass exploitation in Ivanti products.
Active Exploitation of BeyondTrust CVE-2026-1731 RCE Vulnerability
CVE-2026-1731 in BeyondTrust Remote Support enables unauthenticated remote code execution; PoC released February 10 led to exploits within 24 hours. Darktrace detected anomalous activities like beaconing and crypto mining across customers since then.
Past BeyondTrust breaches linked to nation-states, including U.S. Treasury.
Microsoft Patch Tuesday Fixes 59 Vulnerabilities, Including 6 Zero-Days
Microsoft's February patches address 59 flaws, with six zero-days under exploitation, notably CVE-2026-21510 for Windows Shell SmartScreen bypass. SAP and Adobe also released critical patches for multiple products.
Vendors emphasize urgent updates to counter active threats.
New Reynolds Ransomware Uses BYOVD to Disable Security Tools
Reynolds ransomware embeds vulnerable drivers to bypass detection by Avast and Symantec, facilitating data theft and network hacks. This BYOVD technique enhances stealth and organization among cybercriminals.
Combined with botnets like SSHStalker, it poses risks for DDoS and more.
State-Sponsored Hackers from China, NK, Iran Use Google Gemini AI for Attacks
Nation-state actors leverage Gemini AI for malware refinement, reconnaissance, and coding to enhance cyberattacks. Google's GTIG reports usage in target intel gathering and automation.
International AI Safety Report notes GPAI aids vulnerability identification but not full autonomous attacks yet.
ZeroDayRAT Spyware Targets Android and iOS via Telegram Sales
New mobile spyware ZeroDayRAT sold openly on Telegram with dedicated support channels, first observed February 2. iVerify identified the operational panel for buyers.
It represents evolving spyware platforms for mobile surveillance.
Threat Actors Hijack GitHub and LinkedIn Accounts for Malware and Insider Access
Hijacked GitHub accounts deliver backdoors to IT admins; DPRK uses stolen LinkedIn profiles for remote job infiltration. This builds trust for malware distribution and insider threats.
OSINT researchers and admins are prime targets.
Tulsa International Airport Discloses Data Security Incident
Unauthorized access occurred January 17-20, 2026; TAIT secured systems and hired forensics after discovery. Law enforcement notified; investigation ongoing with confidence in current security.
Affects airport improvement trust files.
Elastic Detects BADIIS Malware in Large-Scale SEO Poisoning on IIS Servers
Over 1,800 Windows IIS servers globally compromised for gambling ads via SEO poisoning, hitting governments and firms in multiple countries. Monetized through illicit infrastructure webs.
Victims span Australia to Vietnam.
ScarCruft Evolves ROKRAT Malware Distribution with HWP OLE Dropper
North Korean-linked ScarCruft shifts to HWP OLE-based loaders from LNK chains, using Russian/Swiss clouds. Enhances tradecraft for malware delivery.
Targets ongoing surveillance operations.