A practical guide to the “gray man” approach to travel—how to blend in, stay aware, and reduce risk without paranoia. Learn how behaviour, mindset, and digital hygiene can make you less of a target and more in control wherever you go.
A practical guide to the “gray man” approach to travel—how to blend in, stay aware, and reduce risk without paranoia. Learn how behaviour, mindset, and digital hygiene can make you less of a target and more in control wherever you go.
Critical Marimo Flaw Exploited Hours After Public Disclosure - SecurityWeek
A critical remote code execution (RCE) vulnerability in the Marimo notebook, CVE-2026-39987, was exploited by a threat actor just nine hours after its public disclosure. The unauthenticated flaw allows arbitrary system command execution, and the attacker successfully used it to steal credentials and exfiltrate files.
MITRE Releases Fight Fraud Framework - SecurityWeek
The non-profit MITRE Corporation has released the Fight Fraud Framework (MITRE F3), a knowledge base detailing fraudster tactics, techniques, and procedures (TTPs) to aid organizations in combating fraud. This free, open framework provides a common structure for understanding cyber fraud incidents, including unique tactics like positioning and monetization, to improve collaboration on fraud detection, prevention, and response.
Zephyr Energy hackers swiped £700,000 after redirecting a contractor payment | IT Pro
Oil and gas firm Zephyr Energy reported a cyber intrusion where hackers diverted a contractor payment, resulting in a loss of approximately £700,000. The company has contained the incident, implemented additional security measures, and is working with authorities and banks to recover the funds, stating it will not impact ongoing operations.
UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions
The LucidRook malware, a Lua-based stager, is being used in phishing attacks targeting Taiwan-based NGOs and universities, and is linked to the threat group UAT-10362. These attacks employ password-protected email attachments and leverage sophisticated techniques like DLL sideloading and geo-targeting to maintain stealth and deliver payloads.
Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes | CSO Online
A 13-year-old ActiveMQ RCE bug (CVE-2026-34197) was discovered and weaponized in minutes by researchers using AI, specifically Claude, highlighting the potential of AI in exploit-building. The vulnerability, which allowed arbitrary system command execution through the Jolokia API, has been fixed in newer versions of ActiveMQ Classic.
Microsoft: Canadian employees targeted in payroll pirate attacks
A financially motivated threat actor named Storm-2755 is targeting Canadian employees through payroll pirate attacks, using malicious Microsoft 365 sign-in pages to steal authentication tokens and bypass multi-factor authentication. The attackers then manipulate HR communications and banking information to hijack salary payments, with Microsoft recommending stronger authentication methods and immediate revocation of compromised tokens to mitigate these threats.
UNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
The UNC6783 hackers are using fake Okta login pages and social engineering to breach corporate systems, targeting Business Process Outsourcers (BPOs) to gain access to larger companies. They trick employees by impersonating support staff, stealing credentials, and enrolling their own devices for persistent access, also employing fake software updates to install Remote Access Trojans (RATs).
AI Just Hacked One Of The World’s Most Secure Operating Systems
An AI agent autonomously hacked the secure FreeBSD operating system by exploiting a kernel vulnerability in just four hours, demonstrating a profound shift in cybersecurity capabilities. This event signals a move from AI assisting human researchers to AI acting as an autonomous offensive actor, compressing the time and expertise needed to create weaponized exploits and necessitating a rapid adaptation of defensive strategies and regulatory frameworks.
CareCloud: Millions of Health Care Patients Potentially Affected by Data Breach - Newsweek
A cybersecurity incident at CareCloud, a health care technology company, potentially impacted millions of patients due to unauthorized access to an electronic health record system. While the company is investigating if data was exfiltrated, affected individuals are advised to monitor financial statements and consider fraud alerts as a precaution.
Sensitive LAPD records leaked in hack of L.A. city attorney’s office - Los Angeles Times
A hack of the L.A. city attorneys office has resulted in the leak of 7.7 terabytes of sensitive LAPD records, including witness names, health information, and investigative files. The breach, which compromised discovery documents typically kept private, has raised concerns about transparency and data security, prompting investigations by law enforcement and the FBI.
A hacker has allegedly stolen over 10 petabytes of sensitive data, including defense documents and missile schematics, from a state-run Chinese supercomputer. The hacker, identified as FlamingChina, claims the data originates from the National Supercomputing Center (NSCC) in Tianjin and is attempting to sell it for cryptocurrency. Cybersecurity experts who reviewed samples of the leaked data believe it to be genuine, though CNN cannot independently verify the claims.
Snowflake is enhancing its open data strategy by adding Iceberg V3 support and a governance portability plan to reduce data movement and improve AI data access. The company is focusing on data autonomy, enabling organizations to access, govern, and analyze data across multiple platforms without proprietary system constraints.
Russian hacking group targets home and small office routers to spy on users | Malwarebytes
A Russian military-linked hacking group, known as APT28, is conducting a widespread cyber espionage campaign by compromising home and small office routers to spy on users and steal sensitive information. The group manipulates DNS settings to redirect traffic through their own servers, enabling them to harvest credentials and intercept cloud traffic, with over 200 organizations and 5,000 consumer devices identified as impacted.
Social engineering attacks on open source developers are escalating - Help Net Security
Social engineering attacks targeting open source developers are escalating, with North Korean hackers recently tricking a maintainer into installing malware by impersonating a company and using a fake software update. OpenSSF warns of similar campaigns using Slack and cloned identities to lure developers into downloading malware or visiting phishing pages, emphasizing the need to verify identities and communication channels.
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption - SecurityWeek
Signature Healthcare in Brockton, Massachusetts, has diverted ambulances and canceled chemotherapy infusion services due to a cyberattack that caused significant disruptions. While inpatient care and walk-in emergency services remain open, the healthcare organization has not confirmed a ransomware attack, and the attackers' motives remain unclear.
Q-Day is Coming: Are Canadian Telecoms Ready for Quantum?
The Humanitek 2026 conference revealed that Canadian telecom networks face an imminent threat from quantum computing, dubbed Q-Day, which could break current encryption. This necessitates a massive hardware update of physical infrastructure, moving beyond software patches to solutions like Quantum Key Distribution (QKD). A key challenge is extending QKD’s effective range beyond 100 kilometers, a race Canada’s tech sector is actively pursuing to ensure data sovereignty and national security.
Iran-Linked Hackers Launch Password Spray Campaign Against Microsoft 365 Tenants in Middle East
An Iran-linked threat actor has launched a password spray campaign targeting Microsoft 365 tenants in the Middle East, primarily focusing on Israel and the UAE. The attackers exploit weak passwords and exposed cloud accounts to gain access to sensitive data and tools, bypassing traditional malware defenses. The campaign involved multiple waves and utilized techniques like Tor exit nodes and commercial VPNs to obscure their origin and activity.
Support platform breach exposes Hims & Hers customer data | Malwarebytes
Telehealth company Hims & Hers is notifying customers of a data breach affecting its customer service platform, where hackers accessed or stole support ticket data between February 4 and February 7. The exposed information may include names and contact details, though medical records were reportedly not compromised, with the ShinyHunters gang suspected to be behind the attack.
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks | CSO Online
Microsoft warns that the Storm-1175 cybercrime group, linked to Medusa ransomware, is accelerating attacks by exploiting vulnerable web-facing systems and sometimes using zero-day flaws, reducing the time from initial access to ransomware deployment to under 24 hours. This rapid pace challenges traditional detection and response models, highlighting the need for proactive attack surface reduction and faster patching of internet-exposed assets.
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems - SecurityWeek
The Medusa ransomware group, operating as a ransomware-as-a-service, has been rapidly exploiting vulnerabilities, including zero-days, to breach over 300 organizations, particularly in critical infrastructure, and employs double extortion tactics. Microsoft highlights their swift operational tempo, often moving from initial access to post-compromise operations within days or hours, and their proficiency in weaponizing newly disclosed vulnerabilities.
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
The Flowise AI Agent Builder is actively being exploited due to a critical CVSS 10.0 remote code execution vulnerability (CVE-2025-59528), affecting over 12,000 exposed instances. This flaw allows attackers to execute arbitrary JavaScript code, leading to potential system compromise and data exfiltration.
Security breach at European Commission impacts 30 EU institutions | DigitalShield
The European Commission experienced a significant security breach impacting at least 30 EU institutions, with the cybercriminal group TeamPCP identified as responsible for the initial intrusion and data theft via compromised AWS credentials. Subsequently, the ShinyHunters group claimed the hack and threatened to leak the stolen data, which included personal contact information and sensitive documents.
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
A disgruntled researcher has leaked the BlueHammer Windows zero-day exploit due to dissatisfaction with Microsoft’s handling of the disclosure, allowing attackers to gain SYSTEM or elevated administrator permissions. While the exploit code has been released publicly, it may contain bugs and is not guaranteed to work reliably on all Windows versions.
teiss - News - Jones Day confirms data breach after hackers leak client files online
Major U.S. law firm Jones Day confirmed a data breach after hackers published unauthorized client files online. The incident involved unauthorized access to client-related files, with hackers leaking materials publicly.