Threat Intel

1 billion personal records exposed in massive new data leak — full names, addresses, phone numbers and more | Tom’s Guide

🚨 1 billion personal records just exposed — and no hackers were involved.

Cybernews discovered an unprotected, password-free database belonging to IDMerit, a digital identity verification provider. One terabyte of structured PII from 26 countries — full names, addresses, dates of birth, national IDs, phone numbers, email addresses, and telco metadata — sitting wide open.

The U.S. took the hardest hit at 204M records. Canada: 12M. The data was clean and structured, meaning anyone who found it could query and extract it immediately.

This wasn’t a breach. No one broke in. A company just… left the door open.

The risks: targeted phishing, SIM swaps, account takeovers, identity theft, and credit fraud — all fueled by pre-validated identity data.

What you should do now: → Watch for suspicious calls, texts, and emails — targeted social engineering is the likely follow-on → Consider freezing your credit → Sign up for identity theft monitoring → Keep your antivirus up to date — phishing emails with malicious attachments are coming

The company secured the database after being notified. But the window was open. That’s what matters.

#CyberSecurity #DataPrivacy #InfoSec #DataLeak #IdentityTheft

Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence

Hackers are exploiting OAuth applications within Microsoft Entra ID to achieve persistent access, bypassing security measures like password resets. This method involves attackers tricking users into granting consent to malicious apps, which then establish long-term footholds in Microsoft 365 environments.

Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions

INTERPOL’s Operation Red Card 2.0 resulted in 651 arrests across 16 African countries and the recovery of over $4.3 million from online scam networks. The operation targeted high-yield investment scams, mobile money fraud, and fake loan apps, uncovering schemes tied to over $45 million in losses worldwide.

PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution

A proof-of-concept has been released for a Windows Notepad vulnerability (CVE-2026-20841) that allows malicious command execution by tricking users into opening a crafted Markdown file and clicking a link. Microsoft has patched this high-severity flaw in its February 2026 release, affecting Notepad versions 11.2508 and earlier.

Chip Testing Giant Advantest Hit by Ransomware - SecurityWeek

The Japanese chip testing giant Advantest Corporation has been targeted in a ransomware attack, with an unauthorized third party potentially gaining access to its network. The company is investigating if any sensitive customer or employee data was compromised.

Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets | Malwarebytes

Attackers are using Facebook ads to spread fake Windows 11 downloads that steal passwords and crypto wallets. These ads lead to near-perfect clones of the official Microsoft download page, directing users to malicious installers that are designed to evade detection and steal sensitive information.

Google cleans house, bans 80,000 developer accounts from the Play Store - Help Net Security

In 2025, Google banned over 80,000 developer accounts and prevented 1.75 million policy-violating apps from the Play Store, utilizing AI-powered reviews and enhanced fraud protection. The company also strengthened Android ecosystem defenses by expanding Google Play Protect and introducing new tools for developers to ensure app security and user safety.

FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025 - SecurityWeek

The FBI has issued a warning about a rise in malware-enabled ATM jackpotting attacks, with over 700 incidents in 2025 causing more than $20 million in losses. These attacks, often utilizing the Ploutus malware, involve gaining physical access to ATMs to trigger unauthorized cash dispensing.

PoC Released for Critical Chrome 0-day Vulnerability Exploited in the Wild

A proof-of-concept exploit has been released for CVE-2026-2441, a critical use-after-free zero-day vulnerability in Google Chrome’s Blink CSS engine that is actively being exploited in the wild. Users are urged to update Chrome immediately to the latest versions to patch this vulnerability.

LLM-Generated Passwords Expose Major Security Flaws with Predictability, Repetition, and Weakness

Recent research reveals that LLM-generated passwords exhibit significant security flaws, including predictability and repetition, making them weaker than they appear. These passwords, generated by models like GPT, Claude, and Gemini, have low entropy and can be cracked much faster than standard secure passwords, posing a risk especially when used in software development.

Mississippi medical center closes all clinics after ransomware attack

The University of Mississippi Medical Center (UMMC) has closed all its clinics statewide due to a ransomware attack that impacted its IT systems and blocked access to electronic medical records. UMMC is working with the FBI and CISA to investigate the incident, while hospital services continue using downtime procedures.

Critical Vulnerabilities in VS Code Extensions Threaten 128 Million Developer Environments

Three critical vulnerabilities (CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717) have been discovered in four popular Visual Studio Code extensions, downloaded over 128 million times, posing a significant risk to developer environments. These flaws allow for actions ranging from remote file exfiltration to remote code execution, highlighting a major security blind spot in the software supply chain.

Apache Tomcat Vulnerabilities Let Attackers Bypass Security Constraints via HTTP/0.9 Requests

Apache Tomcat has a CVE-2026-24733 vulnerability that allows attackers to bypass security constraints via HTTP/0.9 requests when specific access-control rules are configured. This issue requires a particular configuration where HEAD requests are allowed but GET requests are denied, and an attacker must be able to send crafted HTTP/0.9 traffic.

CharlieKirk Grabber Malware Targets Windows Systems to Steal Login Credentials

The CharlieKirk Grabber Malware is a Python-based Windows infostealer designed for rapid credential theft and data exfiltration, targeting browser passwords, Wi-Fi keys, and Discord tokens. It operates by terminating browser processes, decrypting stored data using AES-GCM, and exfiltrating information via file hosting services or encrypted channels.

BeyondTrust Vulnerability Exploited in Ransomware Attacks - SecurityWeek

The CISA has updated its Known Exploited Vulnerabilities (KEV) catalog for a BeyondTrust vulnerability (CVE-2026-1731) indicating its exploitation in ransomware attacks. This critical flaw allows for unauthenticated remote code execution and has been observed in attacks targeting various sectors globally, with threat intelligence firms noting its use in reconnaissance, data theft, and malware deployment.

Critical Jenkins Vulnerability Exposes Build Environments to XSS Attacks

A critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2026-27099, has been discovered in Jenkins Core affecting versions 2.550 and earlier, and LTS versions 2.541.1 and earlier, potentially exposing build environments to severe security risks. Additionally, CVE-2026-27100, a medium-severity vulnerability, allowed unauthorized access to build information. Jenkins versions 2.551 and LTS 2.541.2 have been released to address these issues.

OpenAI CEO Sam Altman warns ‘AI washing’ is real, but tech-related job displacement is on the way | Fortune

OpenAI CEO Sam Altman acknowledges AI washing, where companies falsely blame layoffs on AI, but also warns of real job displacement due to the technology. While some data shows minimal current impact, other experts predict significant future changes in the labor market.

French Ministry confirms data access to 1.2 Million bank accounts

A hacker accessed data from 1.2 million French bank accounts using stolen official credentials, the French Economy Ministry confirmed. The breach allowed access to personal data like account numbers and names, but not balances or transactions, and authorities have filed a criminal complaint.

16 Zero-Day Vulnerabilities in Popular PDF Platforms Enable Code Execution and Data Exfiltration

Sixteen zero-day vulnerabilities have been discovered in popular PDF platforms, including Apryse WebViewer and Foxit PDF cloud services, enabling code execution and data exfiltration. These vulnerabilities, ranging from critical OS Command Injection to DOM-based XSS and SSRF, affect millions of enterprise users worldwide, with patches now coordinated for release.

ClawHavoc Poisoned OpenClaw’s ClawHub with 1,184 Malicious Skills, Enabling Data Theft and Backdoor Access

The ClawHavoc campaign poisoned OpenClaw’s official marketplace, ClawHub, by distributing 1,184 malicious Skills designed to steal data and enable backdoor access. This attack exploited the platform’s permissive upload model, leading to potential system compromises through trojanized tools disguised as legitimate software.

Predator spyware used to infect phone belonging to Angolan journalist, report says | The Record from Recorded Future News

A prominent Angolan journalist, Teixeira Cândido, had his phone infected with Predator spyware in May 2024, marking the first documented use of this tool in the country. This incident highlights the continued operation of Predator manufacturer Intellexa Consortium despite U.S. sanctions, with the spyware being used to target civil society leaders worldwide.

China-linked hackers exploited Dell zero-day since 2024 (CVE-2026-22769) - Help Net Security

A suspected China-linked cyberespionage group, UNC6201, has been exploiting a Dell zero-day vulnerability (CVE-2026-22769) in RecoverPoint for Virtual Machines since mid-2024, deploying backdoors like BRICKSTORM and GRIMBOLT and a webshell called SLAYSTYLE. The attackers leveraged default credentials to gain access and deployed stealthy tactics, including novel methods to pivot into VMware virtual infrastructure.

VS Code extensions with 125M+ installs expose users to cyberattacks

Four popular VS Code extensions with over 125 million installs have security flaws that could allow remote attackers to steal files and execute code. These vulnerabilities highlight a critical gap in developer security, as extensions can act as a gateway to an organization’s sensitive assets.

New SysUpdate Variant Malware Discovered and Tool Developed to Decrypt Encrypted Linux C2 Traffic - Cyber Security News

A new SysUpdate malware variant has been discovered, targeting Linux systems with encrypted command-and-control (C2) traffic. Researchers developed a decryption tool using the Unicorn Engine to analyze and decrypt the malware’s communications.

Turning Moltbook Into a Global Botnet Map

Researchers transformed Moltbook into a global botnet map by exploiting its design, activating over 1,000 agent endpoints in 70+ countries through untrusted content. This demonstration revealed that human operators can easily control and coordinate agents at scale, highlighting the platform’s fragility and security implications for potential malicious use.