News
-
Anthropic reports three firms used 24,000 fake accounts to extract Claude in over 16 million exchanges
Anthropic reported that three China based AI firms used about 24,000 fraudulent accounts to run distillation campaigns against Claude that produced over 16 million exchanges targeting reasoning, coding and tool use capabilities.
-
AI-assisted actor exploits weak FortiGate management to compromise over 600 devices
A technical report by Amazon Integrated Security says a Russian-speaking actor used commercial generative AI to compromise more than 600 FortiGate firewalls across 55 plus countries by exploiting exposed management ports and weak credentials.
-
Security analysis finds vulnerabilities in popular mental health apps on Google Play
A technical analysis by Oversecured found vulnerabilities in popular Android mental health apps that can expose conversation histories and mood data. Affected apps have tens of millions of combined downloads and the flaws remain unpatched.
-
APT28 targets Western and Central Europe with document beacons and webhook exfiltration
APT28 ran Operation MacroMaze from September 2025 to January 2026 targeting Western and Central Europe, using spear-phishing documents that beacon to webhook hosts and exfiltrate command output through browser-based HTML forms.
-
Polish police dismantle Facebook phishing ring that seized more than 100,000 logins
Polish cybercrime officers dismantled a phishing ring that seized Facebook accounts and BLIK codes. Investigators identified 11 members, seized over 100,000 logins and passwords, and more than 400 charges have been filed.
-
Pirated software lure spreads wormable XMRig miner that uses BYOVD to boost hashrate
Trellix reported a cryptojacking campaign that used pirated software bundles to deliver a wormable XMRig miner on Windows hosts. The malware uses a vulnerable driver to raise mining hashrate and spread via removable media during November and early December 2025.
-
Arkanix Stealer MaaS advertised on forums targeted 22 browsers and crypto wallets
Kaspersky analysis found Arkanix Stealer marketed in October 2025 as malware as a service. The campaign used Python and native loaders to harvest data from 22 browsers, gaming clients and crypto wallets before the panel was taken down.
-
MuddyWater launches Operation Olalampo targeting MENA with new Rust backdoor and loaders
A technical analysis by Group-IB found Iranian-linked MuddyWater launched Operation Olalampo on January 26, 2026 targeting MENA organisations. The campaign uses downloaders GhostFetch and HTTP_VIP, Rust backdoor CHAR and GhostBackDoor.
-
Malicious NPM package hides Pulsar RAT inside PNG images using steganography and obfuscated dropper
A malicious NPM package ‘buildrunner-dev’ downloads an obfuscated batch loader and hides encrypted payloads inside PNG images. Extraction recovered a .NET loader and a Pulsar RAT embedded via steganography.
-
PayPal says loan app error exposed customers’ Social Security numbers for months
A software error in PayPal’s Working Capital loan app exposed personal data including Social Security numbers from July to December 2025. The company rolled back the code change, reset passwords and is offering credit monitoring to affected users.
