News
-
PayPal says loan app error exposed customers’ Social Security numbers for months
A software error in PayPal’s Working Capital loan app exposed personal data including Social Security numbers from July to December 2025. The company rolled back the code change, reset passwords and is offering credit monitoring to affected users.
-
Advantest hit by ransomware that may have exposed customer or employee data
A Tokyo-based test equipment company detected a ransomware intrusion on February 15 that may have exposed customer or employee data. The firm isolated affected systems and engaged third-party cyber specialists while an investigation continues.
-
ClickFix campaign uses compromised sites to deliver new MIMICRAT remote access trojan
A ClickFix campaign abused compromised legitimate sites to install MIMICRAT, a previously undocumented C++ remote access trojan. The multi-stage PowerShell chain drops a Lua loader and the RAT supports 22 commands.
-
Three former Google engineers indicted over alleged trade secret theft, files reportedly sent to Iran
Three San Jose residents, including two former Google engineers, were indicted on charges of stealing trade secrets related to processor security and cryptography and transferring files to unauthorized locations including Iran, the Justice Department said.
-
Operation Red Card 2.0 yields 651 arrests and $4.3 million recovered across 16 African countries
Operation Red Card 2.0 resulted in 651 arrests and more than $4.3 million recovered across 16 African countries during December 2025 and January 2026. Authorities seized devices and took down malicious infrastructure linked to large scale scams.
-
Critical Grandstream GXP1600 flaw allows root takeover and silent eavesdropping
A critical stack overflow in Grandstream GXP1600 VoIP phones allows unauthenticated remote root access and silent eavesdropping. CVE-2026-2329 is rated 9.3. Firmware 1.0.7.81 fixes the vulnerability.
-
Attackers use device code vishing to take over Microsoft Entra accounts
Threat actors used device code phishing and vishing to abuse the OAuth 2.0 device flow and compromise Microsoft Entra accounts. The attacks use legitimate OAuth client IDs to obtain refresh tokens and access connected SSO applications.
-
Texas sues TP-Link over alleged deceptive labeling and security risks
Texas sued TP-Link, accusing the company of deceptive “Made in Vietnam” labeling and security failures that allowed state-backed hackers to exploit firmware flaws. The suit seeks monetary penalties and injunctions to force disclosure and change data practices.
-
Intruder accessed France’s FICOBA registry exposing data for 1.2 million accounts
A late January 2026 breach of France’s FICOBA exposed data tied to 1.2 million bank accounts including IBANs and personal details. Banks were alerted and authorities filed a criminal complaint.
-
Massiv Android trojan hides in IPTV droppers to enable device takeover and banking fraud
Researchers published a technical analysis of Massiv, an Android trojan spread as IPTV droppers that enables remote device takeover, screen streaming and overlays to steal banking credentials. Initial campaigns targeted Portugal and Greece in early 2025.
