Cybercrime
-
Massiv Android trojan hides in IPTV droppers to enable device takeover and banking fraud
Researchers published a technical analysis of Massiv, an Android trojan spread as IPTV droppers that enables remote device takeover, screen streaming and overlays to steal banking credentials. Initial campaigns targeted Portugal and Greece in early 2025.
-
CRESCENTHARVEST campaign uses deceptive .LNK files to deploy RAT against Iran protest supporters
CRESCENTHARVEST used RAR archives and deceptive .LNK files to deliver a remote access trojan and data stealer to Farsi speaking supporters of Iran protests. It is not known if any infections succeeded.
-
DDoS attack disrupts Deutsche Bahn booking and timetable systems
A Deutsche Bahn blog post said a DDoS attack disrupted bahn.de and the DB Navigator app starting about 1545 UTC on 17 February. Services were restored with limitations by about 1300 UTC on 18 February.
-
Spanish court orders NordVPN and ProtonVPN to block 16 LaLiga piracy sites
A Spanish court ordered NordVPN and ProtonVPN to block 16 websites used to pirate LaLiga matches in Spain. The precautionary measures apply to a dynamic list of IP addresses and were issued inaudita parte without opportunity for appeal.
-
Notepad++ adds double-lock update verification in 8.9.2 after supply-chain compromise
Notepad++ 8.9.2 adds a double-lock update verification that checks a signed installer and a digitally signed update XML. The change follows a six-month compromise that redirected some updates starting in June 2025.
-
Keenadu firmware backdoor found in Android tablets, 13,715 users encountered
Kaspersky’s technical analysis found Keenadu, a firmware backdoor embedded in libandroid_runtime.so on Android tablets. Telemetry shows 13,715 users encountered the malware, which can inject into every app and bypass Android sandboxing.
-
SmartLoader campaign trojanized Oura MCP server to deliver StealC infostealer
A SmartLoader campaign trojanized an Oura MCP server to deliver the StealC infostealer using fake GitHub accounts. The trojanized server remains listed on the MCP registry.
-
Washington Hotel discloses ransomware infection that exposed business data
Washington Hotel disclosed a February 13, 2026 ransomware attack that compromised servers and exposed business data. IT staff disconnected affected servers and outside experts were engaged. Customer records appear unlikely to be exposed, investigation continues.
-
Infostealer exfiltrates OpenClaw configuration, capturing tokens and keys
Researchers found an information stealer exfiltrated OpenClaw configuration files, including gateway tokens, device keys and the agent soul file. The analysis warns this enables remote access and may prompt specialized malware modules for AI agents.
-
ZeroDayRAT spyware sold on Telegram enables live surveillance and financial theft on Android and iOS
A technical analysis by iVerify identified ZeroDayRAT, a commercial spyware platform sold on Telegram that targets Android and iOS. The malware enables live camera and microphone access, location tracking, account enumeration and clipboard wallet hijacking.
