Apple patches decade-old iOS zero-day exploited in the wild • The Register
Apple has patched a decade-old zero-day vulnerability in iOS affecting the dynamic linker (dyld), which was exploited in an extremely sophisticated attack against targeted individuals. This flaw, discovered by Google’s Threat Analysis Group, allowed attackers with memory write capability to execute arbitrary code, potentially chaining with other vulnerabilities for zero-click exploitation.
Qilin admits Georgia housing authority breach, leaks files | SC Media
The Qilin ransomware operation has claimed responsibility for a data breach affecting the Augusta Housing Authority (AHA) in Georgia, leaking sensitive files including financial and employee benefit information. Qilin has been highly active, with the AHA breach being one of many claimed victims in early 2026.
Odido cyber attack: Hackers gained access to 6.2 million people’s data | NL Times
Hackers gained access to personal data of potentially 6.2 million people through a cyber attack on Odido’s systems, including names, addresses, and identification details. The data breach, which did not affect services, has been reported to the Dutch Data Protection Authority.
Russia and Iran have accused Elon Musk’s Starlink of violating international law by blurring the lines between commercial and military technology. The UN meeting highlighted concerns that Starlink’s operations, particularly its use in Ukraine and Iran, may contravene the 1967 Outer Space Treaty and national sovereignty.
The RU-APT-ChainReaver-L campaign is a sophisticated, cross-platform supply chain attack that hijacks trusted websites and GitHub repositories to distribute infostealer malware across Windows, macOS, and iOS. The attackers use valid code signing certificates, deceptive redirects, and compromised file-sharing services like Mirrored.to and Mirrorace.org to evade detection and steal credentials, cryptocurrency, and sensitive files.
A cyberattack on Georgia-based ApolloMD has exposed the sensitive information of over 620,000 individuals, including names, dates of birth, addresses, diagnoses, and Social Security numbers. The Qilin ransomware gang claimed responsibility for the breach, which occurred between May 22 and May 23 of last year.
Volvo Group hit in massive Conduent data breach
A massive data breach at Conduent has impacted nearly 17,000 Volvo Group North America employees, with the total number of affected individuals rising to 25 million. The breach, which occurred between October 2024 and January 2025, exposed sensitive personal data including names, addresses, dates of birth, Social Security numbers, and health information.
Crazy ransomware gang abuses employee monitoring tool in attacks
The Crazy ransomware gang is using legitimate employee monitoring software and the SimpleHelp remote support tool to gain and maintain access to corporate networks, evade detection, and deploy ransomware. Threat actors abuse these tools to remotely view victim desktops, execute commands, and monitor for cryptocurrency wallets and remote access tools before deploying ransomware.
Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack - SecurityWeek
Nevada has implemented a new statewide data classification policy with four tiers (public, sensitive, confidential, restricted) to standardize data privacy and protection. This policy was developed to enhance cybersecurity efforts and digital resilience across state agencies, following a significant cyberattack that disrupted state systems.
Interesting get how I found that claims… The autopentest-ai GitHub repository provides an agentic pentesting MCP server that automates web application penetration testing by crawling applications, mapping endpoints, and running parallel agents to test for various vulnerabilities like XSS and SQLi, all based on the OWASP Web Security Testing Guide (WSTG). It features a structured 7-phase workflow, a comprehensive quality assurance system with automated phase gates and a final judge review, and generates evidence-based findings with reproducible curl commands.
Free Tool Says it Can Bypass Discord’s Age Verification Check With a 3D Model
A new tool has emerged that claims to bypass Discord’s age verification system by allowing users to manipulate a 3D model instead of requiring a facial scan. This comes after Discord globally launched “teen-by-default” settings, which have faced criticism and may lead to more users being prompted for age verification.
Singapore Mounts Largest-Ever Coordinated Cyber Defense
Singapore conducted its largest-ever coordinated cyber defense operation, dubbed Operation Cyber Guardian, to counter a sophisticated cyberespionage campaign linked to the suspected Chinese threat actor UNC3886. This extensive, nearly year-long effort involved over 100 cyber defenders from government, military, intelligence, and private sectors to protect major telecommunications networks from state-linked attacks.
Домены WhatsApp исчезли из НСДИ: доступ к мессенджеру ограничен в России
The domains for the WhatsApp messenger have been removed from Russia’s National Domain Name System (NSDI), restricting access to the service within the country. This action follows similar restrictions on YouTube, Discord, and Signal, making access to WhatsApp now dependent on VPN usage.
LummaStealer infections surge after CastleLoader malware campaigns
LummaStealer infections have surged, with the CastleLoader malware now acting as the primary delivery mechanism, often utilizing ClickFix techniques. This infostealer, previously disrupted, has scaled significantly by employing CastleLoader’s modular and in-memory execution capabilities to distribute its payload.
SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits
The SSHStalker botnet utilizes IRC for command and control, exploiting legacy Linux kernel vulnerabilities to gain access and maintain persistent, dormant control over systems. It employs a Golang scanner to spread and uses log-cleaning tools and a ‘keep-alive’ component to evade detection.
GTIG Warns of Rising Espionage and Supply Chain Cyber Threats Targeting Defense Sector
Google’s Threat Intelligence Group (GTIG) warns of escalating espionage and supply chain cyber threats targeting the defense sector, with state-backed actors exploiting vulnerabilities in frontline systems and personnel devices. The report highlights a multi-front cyber onslaught involving Russian, North Korean, Iranian, and Chinese actors, focusing on compromising individual devices, hiring pipelines, and manufacturing networks to undermine national security.
We hid backdoors in binaries — Opus 4.6 found 49% of them - Quesma Blog
A benchmark tested AI agents on their ability to detect backdoors in binary executables, finding that Claude Opus 4.6 could identify them only 49% of the time, with a significant rate of false positives. While AI is making binary analysis more accessible, current models are not yet reliable for production environments due to limitations in handling complex code and a tendency to miss subtle threats or flag benign code.
Signature Phishing Up 200% As January Losses Pass $6M
In January, signature phishing attacks surged by over 200%, leading to $6.27 million in losses across 4,700 wallets, according to Scam Sniffer. This increase is partly attributed to cheaper Ethereum fees following the Fusaka upgrade, making tactics like mass address poisoning more profitable for scammers.
North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign | CSO Online
A North Korean threat actor known as UNC1609 is targeting cryptocurrency organizations with a ClickFix social engineering campaign that uses fake Zoom meetings and AI-generated video to trick victims into executing malicious macOS commands. The campaign deploys several new macOS backdoors and infostealers, including WAVESHAPER and DEEPBREATH, which are designed to steal sensitive data and maintain remote access.
This new mobile compromise toolkit enables spyware, surveillance, and data theft | IT Pro
A new mobile spyware platform called ZeroDayRAT is openly sold on Telegram, offering full remote control over Android and iOS devices without requiring technical expertise. This toolkit enables spyware, surveillance, and data theft, compromising a user’s location, messages, finances, camera, microphone, and keystrokes.
Microsoft Releases Critical Windows 11 Cumulative Updates for Versions 25H2, 24H2, and 23H2
Microsoft has released critical cumulative updates for Windows 11 versions 25H2, 24H2, and 23H2, including KB5077181, KB5075941, and KB5074105, to enhance security and system quality. These updates address vulnerabilities, protect against common exploit tactics, and are crucial for enterprises to deploy promptly to prevent cyber threats.
Cephalus Ransomware Emerges as Go-Based Double-Extortion Threat Targeting Exposed RDP
The Cephalus ransomware is a newly emerged Go-based threat that employs a double-extortion tactic, stealing data before encrypting files and targeting exposed RDP services lacking multi-factor authentication. It actively tamper with Windows Defender protections and uses hybrid encryption, while defenders are advised to secure RDP access and monitor for suspicious activities.
MSHTML Framework Zero-Day Opens Door to Network-Based Security Bypass
Microsoft has disclosed a zero-day vulnerability (CVE-2026-21513) in the MSHTML Framework that allows attackers to bypass security features and gain high-level access to affected systems. This critical vulnerability, with a CVSS score of 8.8, has a network-based attack vector and is already being exploited in the wild, necessitating immediate patching.
Cyble’s analysis reveals a mature SMS & OTP bombing ecosystem evolving with high-speed APIs, SSL bypass, and cross-platform automation, targeting sectors like telecommunications and finance, primarily in West Asia, South Asia, and Eastern Europe. The research highlights persistent evolution, advanced evasion techniques like proxy rotation and SSL bypass, and the commoditization of these tools, necessitating robust mitigation strategies such as comprehensive rate limiting and dynamic CAPTCHA implementation for organizations.
6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates - SecurityWeek
Microsoft’s February 2026 Patch Tuesday updates address approximately 60 vulnerabilities, including six actively exploited zero-days affecting Windows, Office, and Internet Explorer. These zero-days include bypasses, privilege escalation flaws, and denial-of-service vulnerabilities, with some discovered by Google Threat Intelligence Group and Microsoft’s own security teams.