Threat Intel

Canadian Tire Data Breach Impacts 38 Million Accounts - SecurityWeek

A Canadian Tire data breach in October 2025 impacted over 38 million accounts, compromising personal information like names, email addresses, and encrypted passwords. The breach, which involved unauthorized access to an e-commerce database, also included partial credit card numbers and dates of birth for a subset of users, though Canadian Tire stated this data could not be used for fraudulent transactions and that no bank or loyalty data was compromised.

Ransomware payment rate drops to record low as attacks surge

Despite a surge in ransomware attacks, the payment rate has dropped to a record low of 28% in 2025, with the median ransom payment significantly increasing by 368%. This shift is attributed to factors like improved incident response, law enforcement actions, and a more fragmented threat landscape, even as the scale and sophistication of attacks continue to grow.

Hackers publish full cache of stolen Odido customer data after ransom refusal | NL Times

Hackers have published the full cache of stolen Odido customer data after the telecom provider refused to pay a ransom, releasing information on over 6.5 million individuals and 600,000 companies, including identification documents, dates of birth, and phone numbers. This marks the fourth consecutive day of data disclosures following the cyber attack in early February, which compromised personal data from at least 6.2 million accounts.

Hacking group begins leaking customer data in Dutch telecom Odido hack, ETTelecom

The hacking group ShinyHunters has begun leaking the personal data of 6 million customers from the Dutch telecom company Odido, including names, contact information, and passport numbers. Odido has refused to negotiate or pay blackmail, despite the threat to leak more data daily, and is working with police and cybersecurity firms.

Unsecured Elasticsearch database leaks Dungeon Crusher players’ purchase data | brief | SC Media

An unsecured Elasticsearch database belonging to the RPG game Dungeon Crusher led to the leak of partial purchase data and in-game chats for 24.5 million players. The exposed information included IP addresses, partial credit card numbers, and email addresses, raising concerns about potential fraud and identity theft.

Pathstone allegedly breached, as attacks on Wall Street escalate ​ | Cybernews

The cyber extortion group ShinyHunters claims to have breached Pathstone Family Office, stealing over 641,000 sensitive records and threatening to release them by March 2nd if demands are not met. This follows similar attacks on other financial firms, with ShinyHunters having a history of releasing stolen data after failed ransom negotiations.

ManoMano data breach: massive DIY chain incident impacts 38 million customers - here’s what we know | TechRadar

The DIY chain ManoMano experienced a data breach impacting 38 million customers due to a third-party provider, Zendesk. The exposed information includes names, emails, phone numbers, and support communications, though no passwords were compromised. ManoMano has taken steps to secure its systems, notified authorities, and is warning users about potential phishing risks.

12 Million exposed .env files reveal widespread security failures

Mysterium VPN discovered over 12 million publicly accessible .env files, exposing sensitive credentials and tokens like API keys and database passwords worldwide. This widespread security failure, with the United States leading in exposed IPs, highlights a systemic issue in configuration management and operational hygiene.

255 firms linked to Singapore’s critical infrastructure allegedly targeted in dark web leak - CNA

A dark web leak allegedly implicates 255 Singapore firms linked to critical infrastructure in clandestine cyber operations, with potential state-backed involvement and a growing trend of targeting SMEs as the weakest link in the digital supply chain.

Ukrainian man pleads guilty to running AI-powered fake ID site

A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold over 10,000 fake identification documents, including passports and driver’s licenses. The platform was primarily used to bypass Know Your Customer (KYC) verification requirements at financial institutions and cryptocurrency exchanges, with the man agreeing to forfeit $1.2 million and facing up to 15 years in prison.

iPhone and iPad are the first consumer devices cleared for NATO ’s ‘RESTRICTED’ classification

The iPhone and iPad are the first consumer devices to be NATO-approved for handling classified information, specifically up to the RESTRICTED classification. These devices are now listed in the NATO Information Assurance Product Catalogue (NIAPC), enabling secure use for military personnel.

Public Google API keys can be used to expose Gemini AI data | Malwarebytes

Previously safe Google Maps/Cloud API keys can now authenticate to Gemini AI, potentially exposing user data or incurring unexpected costs. Researchers found thousands of such keys in public code, highlighting a vulnerability where keys intended for billing identification now act as authentication credentials due to Gemini’s integration.

Chilean Carding Shop Operator Extradited to US - SecurityWeek

A 24-year-old Chilean national, Alex Rodrigo Valenzuela Monje, has been extradited to the US to face charges for allegedly running an illicit online card shop that sold stolen payment card data. He is accused of operating Telegram channels where he sold compromised credit card information, including account numbers, expiration dates, and CVV codes, from May 2021 to August 2023.

Twitch Ships Server-Side Eppo Keys in Its iOS App, Exposing Its Entire Product Roadmap

A misconfiguration in the Twitch iOS app exposed its entire product roadmap, including viewer-triggered ad breaks, Amazon product listings, and Turbo subscription tests, due to the use of server-side SDK Keys instead of obfuscated Client Tokens. This error allows anyone to view plaintext feature flag configurations, revealing ongoing experiments and unreleased features.

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Trojanized gaming tools are being used to spread a Java-based RAT through browsers and chat platforms, employing techniques like PowerShell and LOLBins for stealthy execution and persistence. This RAT can exfiltrate data and deploy additional payloads, with defenses including auditing Microsoft Defender exclusions and removing malicious tasks.

Juniper Networks PTX Routers Affected by Critical Vulnerability  - SecurityWeek

Juniper Networks has released an update for its Junos OS Evolved to fix a critical vulnerability (CVE-2026-21902) affecting PTX series routers. This flaw, if exploited by an unauthenticated attacker, could allow for arbitrary code execution with root privileges, potentially giving an attacker complete control over the device.

The “Ghost” in the Annotations - Neil Lofland

A large-scale malware campaign is actively distributing AMOS (Atomic macOS Stealer) by compromising legitimate websites and using a social engineering framework called ClickFix. This attack bypasses security measures by exploiting user trust through fake verification prompts that trick users into executing malicious commands in their Terminal.

Dohdoor Malware Targets U.S. Schools and Healthcare with Multi-Stage Attack

A new malware dubbed Dohdoor is actively targeting U.S. schools and healthcare organizations with a multi-stage attack, potentially linked to North Korea. The malware uses DNS-over-HTTPS to mask its command-and-control traffic and aims to establish backdoor access for delivering follow-on payloads like Cobalt Strike.

US authorities punish sellers of malware and spyware | CSO Online

US authorities are cracking down on sellers of malware and spyware, with Peter Williams sentenced to prison for selling US cyberweapons to Russia for cryptocurrency. Additionally, Sergey Sergeyevich Zelenyuk and his company Matrix LLC were sanctioned for acquiring and distributing harmful cyber tools.

Study Finds 87% of Organizations Exposed to Attacks Due to Known Vulnerabilities

A recent study reveals that 87% of organizations are exposed to attacks due to known vulnerabilities, impacting 40% of all services, with Java applications being the most affected. This highlights a critical tension between development speed and security, as rapid adoption of new libraries and insecure CI/CD practices leave software supply chains vulnerable.

GitHub - anticipatorai/anticipator: Anticipator is an open-source threat detection platform for multi-agent AI systems.

The Anticipator GitHub Post introduces a runtime security tool for multi-agent AI systems, designed to detect various attacks like prompt injection and credential leakage within LangGraph pipelines without using LLMs or external APIs. It operates locally and deterministically, scanning messages in transit and logging threats rather than blocking execution, with features including 10 detection layers, a CLI for monitoring and reporting, and persistent threat history storage.

Your personal OpenClaw agent may also be taking orders from malicious websites | CSO Online

A critical OpenClaw flaw, dubbed ClawJacked (CVE-2026-25253), allowed malicious websites to exploit implicit trust in localhost connections, enabling them to brute-force passwords and take full control of locally running AI agents. The vulnerability, which has been fixed by OpenClaw, highlighted the risks associated with prioritizing developer experience over security in AI tools.

Europol goes after The Com’s ransomware and extortion networks - Help Net Security

Law enforcement agencies from 28 countries, coordinated by Europol’s Project Compass, have arrested 30 individuals and identified 179 perpetrators linked to The Com, a decentralized network of young people involved in ransomware, extortion, and the coercion of children. This operation aims to disrupt the group’s activities across social media and gaming platforms, where they recruit and exploit vulnerable individuals, and has also led to the identification of up to 62 victims.

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience - SecurityWeek

The Aeternum botnet loader utilizes the Polygon blockchain for its command-and-control (C&C) infrastructure, significantly enhancing its resilience against takedowns by eliminating the need for traditional servers and domains. This novel approach leverages smart contracts for encrypted command delivery, making the botnet’s infrastructure permanent and operationally inexpensive.

Fake job recruiters hide malware in developer coding challenges

A fake recruiter campaign, dubbed ‘Graphalgo’ and attributed to North Korean threat actors like the Lazarus group, is targeting JavaScript and Python developers by hiding malware in coding challenges. Applicants are tricked into running malicious code disguised as legitimate projects, which installs a remote access trojan (RAT) designed to steal cryptocurrency and exfiltrate data.