PayPal has confirmed a data exposure incident affecting its Working Capital (PPWC) business loan service, where a software code change left sensitive customer information accessible for nearly six months before being detected. The exposure ran from 1 July 2025 to 12 December 2025, when the error was finally discovered and
A financially motivated Russian-speaking cybercrime group compromised more than 600 internet-exposed FortiGate firewalls across 55 countries in just over a month, using off-the-shelf generative AI tools to scale an operation that would traditionally require a well-resourced team, according to a new incident report from AWS. The campaign, which ran from
Elastic Security Labs has disclosed a new ClickFix campaign that leverages compromised legitimate websites as delivery infrastructure to deploy a previously undocumented remote access trojan dubbed MIMICRAT (also tracked as AstarionRAT). The campaign, discovered earlier this month, demonstrates significant operational sophistication — from multi-stage PowerShell chains that bypass Windows security controls
A new wave of attacks is combining voice phishing (vishing) with OAuth 2.0 device authorization abuse to compromise Microsoft Entra accounts at technology, manufacturing, and financial organizations — bypassing traditional phishing infrastructure entirely. Sources told BleepingComputer they believe the ShinyHunters extortion gang is behind the campaigns, which the threat actors
ThreatFabric has disclosed a new Android banking trojan called Massiv that masquerades as IPTV streaming apps to gain access to victims' devices, enabling full remote control and financial fraud through device takeover attacks. Although currently observed in a limited number of targeted campaigns, the malware already poses significant risk
Acronis Threat Research Unit (TRU) has disclosed a new espionage campaign dubbed CRESCENTHARVEST that targets supporters of Iran's ongoing protests with a custom remote access trojan designed for long-term surveillance and data theft. The campaign, observed since January 9, 2026, is believed to be the work of an
Researchers at Flare have documented the rapid weaponization of critical SmarterMail vulnerabilities across underground Telegram channels, showing how threat actors moved from disclosure to exploit sharing to ransomware deployment in a matter of days. The activity centers on two critical vulnerabilities — CVE-2026-24423 (CVSS 9.3), an unauthenticated remote code execution
Mandiant and the Google Threat Intelligence Group (GTIG) have disclosed that a suspected Chinese state-backed threat group tracked as UNC6201 has been exploiting a maximum-severity Dell zero-day vulnerability since mid-2024 — remaining undetected in victim networks for over 18 months. The vulnerability, CVE-2026-22769, is a hardcoded-credential flaw in Dell RecoverPoint for
A new SmartLoader campaign is targeting developers through trojanized AI tooling — cloning a legitimate Model Context Protocol (MCP) server for Oura Health's smart ring and distributing it through the MCP Market registry to deliver the StealC infostealer. The campaign, documented by Straiker's AI Research (STAR) Labs,
Kaspersky researchers have identified a new Android malware family called Keenadu that is being distributed through compromised device firmware, system apps, and even Google Play — giving attackers complete control over infected devices and the ability to compromise every application installed on them. As of February 2026, Kaspersky has confirmed 13,
Check Point Research (CPR) has published findings showing that AI assistants with web-browsing capabilities can be weaponized as covert command-and-control infrastructure — allowing malware to communicate with attacker servers through trusted AI domains that blend seamlessly into normal enterprise traffic. The technique was demonstrated against Grok and Microsoft Copilot, both of
Microsoft's Defender Security Research Team has uncovered a widespread campaign in which legitimate businesses are embedding hidden prompt injection commands inside "Summarize with AI" buttons on their websites — hijacking AI assistant memory to bias future recommendations in their favor. The technique, which Microsoft has dubbed AI