Security researchers and BeyondTrust demonstrated a DNS-based data exfiltration method in AWS Bedrock AgentCore Code Interpreter's sandbox mode, allowing attackers to establish bidirectional command-and-control channels, obtain interactive reverse shells, and exfiltrate sensitive data via DNS queries despite network isolation restrictions. The technique leverages malicious instructions embedded in files and requires overly permissive IAM roles to access AWS resources such as S3 buckets. AWS confirmed the behavior as intended functionality and updated documentation, recommending migration from sandbox mode to VPC mode for sensitive workloads. BeyondTrust assigned a CVSS score of 7.5 to the issue. The findings highlight architectural challenges in sandbox isolation and underscore the risks of overprivileged IAM roles in AI code execution environments.

An Android runtime manipulation technique leveraging the LSPosed framework has been disclosed, enabling attackers to intercept, spoof, or inject data at the OS level to bypass mobile payment protections such as SMS-based 2FA, SIM-binding, and app integrity checks. The attack targets legitimate payment apps without code modification, retaining valid signatures and evading Google Play Protect. Malicious modules like "Digital Lutera" hook system APIs to intercept SMS 2FA tokens, spoof device identities, and manipulate device databases in real time. By combining a compromised victim device with a manipulated attacker-controlled device, fraudsters exploit weakened SIM-binding and backend trust models to authorize unauthorized transactions and reset payment PINs without user awareness.

LeakNet ransomware has expanded its operations by adopting the ClickFix social engineering tactic delivered through compromised websites, which instruct users to run malicious 'msiexec.exe' commands via fake CAPTCHA checks. The group continues to deploy a Deno-based in-memory loader to execute Base64-encoded JavaScript payloads, fingerprint systems, and stage follow-on malware via polling loops, while maintaining a consistent post-exploitation chain involving DLL sideloading, credential discovery via 'klist', lateral movement via PsExec, and data staging using compromised Amazon S3 buckets. LeakNet first emerged in November 2024, presenting itself as a 'digital watchdog' focused on internet freedom and transparency, and has targeted industrial entities according to Dragos. The group’s shift away from initial access brokers reduces per-victim costs and operational bottlenecks. ReliaQuest also observed a separate intrusion attempt using Microsoft Teams-based phishing leading to a Deno-based loader, suggesting either a broadening of LeakNet’s tactics or adoption by other actors. The operation’s average of three monthly victims may increase as the group scales its new initial access and execution methods.

The rapid adoption of autonomous AI agents requires a fundamental shift from traditional guardrails to identity-first governance models to prevent data exfiltration, destructive actions, and systemic failures. Security frameworks must treat AI agents as first-class identities with explicit ownership, authentication, scoped permissions, and continuous monitoring. Current approaches relying on prompt filtering and output controls are deemed insufficient due to the non-deterministic and adaptive nature of AI agents, which can bypass such constraints over time. The focus shifts to controlling access—limiting systems reach, data access, and executable actions—while enforcing intent-based policies rather than static permissions inherited from human users. Organizations are urged to eliminate 'shadow AI' through continuous discovery of machine identities, tokens, and service accounts to prevent unauthorized agents from operating with default trust.

A novel attack abuses font-rendering and CSS techniques to present visually distinct malicious commands to end users while hiding them from AI assistants, enabling social-engineering-driven command execution. Attackers craft malicious instructions encoded in custom glyph mappings and concealed via CSS (font size, foreground/background color matching, or near-zero opacity), making the payload invisible to text-based AI parsers while rendering clearly to users. Users visiting a malicious page are tricked into executing the hidden payload (e.g., reverse-shell initiation) under the guise of legitimate rewards. AI assistants analyzing only the DOM or raw HTML receive a sanitized view and incorrectly deem the instructions safe, reinforcing erroneous trust.

Microsoft has reversed its plan to automatically install the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA). The forced rollout, originally scheduled to begin in early December 2025 and complete by mid-December, was halted in March 2026 and temporarily disabled without an official explanation. Existing installations remain unaffected. IT administrators can still opt out of automatic installation via the Apps Admin Center and may use new policies to uninstall Copilot on managed devices. Microsoft initially announced in September 2025 that the Copilot app would integrate AI-powered features across Microsoft 365 suite apps (Word, Excel, PowerPoint) and be added to the Windows Start Menu by default, with completion by mid-November 2025. The app was positioned as a centralized entry point for Copilot experiences, though opt-out controls remained available for administrators.

Microsoft and Samsung have released recovery guidance to resolve persistent Windows C:\ drive access issues affecting Samsung laptops running Windows 11 versions 25H2 and 24H2. Users experiencing 'Access denied' errors, app failures, or permission-related problems must follow a 29-step procedure to restore default Windows permissions and uninstall the Samsung Galaxy Connect app. The fix reinstates TrustedInstaller ownership of the C:\ drive and normalizes system behavior without modifying personal files. Affected users are advised to contact Samsung Support if issues persist after applying the update.

Fifty-four percent of UK organizations reported cyber operations attributed to nation state actors in 2025, according to Armis’ 2026 Cyberwarfare Report, representing an increase from 47% in the prior year. Geopolitical tensions are cited as the primary driver, with 80% of UK IT decision-makers stating that escalating international hostilities have heightened the risk of cyber warfare. Nearly all respondents (92%) expressed concern about the potential consequences of a full-scale cyber conflict, and 76% believe state actors possess the capability to disrupt global critical infrastructure.

A 2026 study by Pentera reveals systemic gaps in enterprise AI security as CISOs report limited visibility and reliance on outdated tooling. The survey of 300 US CISOs and senior security leaders highlights that 67% lack comprehensive visibility into AI usage across their organizations, with 48% citing this as a primary obstacle alongside a 50% shortfall in specialized AI security expertise. Only 11% of organizations deploy AI-specific security tools, forcing reliance on legacy controls that fail to address AI-specific attack vectors such as autonomous decision-making and indirect access pathways.

Microsoft released an out-of-band hotpatch (KB5084897) for Windows 11 Enterprise systems to address a Bluetooth device visibility issue that prevented connected Bluetooth devices from appearing in Windows Settings or Quick Settings. The bug impacted device usability by obscuring available Bluetooth devices during discovery and pairing attempts, though devices remained functional and connected. The update was automatically deployed on March 17, 2026, to hotpatch-enabled Windows 11 versions 25H2 and 24H2 without requiring a system restart.

A known issue in Microsoft Outlook Classic renders the application unusable when the Microsoft Teams Meeting add-in is enabled. The problem stems from a previous Outlook build and affects users attempting to use Outlook Classic with the add-in active. Microsoft is actively addressing the issue and has provided temporary mitigation steps, including updating Outlook or performing an Online Repair for click-to-run installations. Additionally, Microsoft is investigating separate issues causing email connection problems in Outlook Classic, including synchronization failures with Gmail and Yahoo accounts that trigger errors 0x800CCC0F and 0x80070057.

APIs have become the primary attack surface for organizations globally, with a 113% annual increase in daily attack volume during 2025. Security incidents involving APIs were reported by 87% of organizations last year, reflecting a shift from traditional web-based exploitation to behavior-based attacks. Unauthorized workflows and abnormal activity accounted for 61% of API incidents, up from 30% in 2024, indicating adoption of more subtle, evasive techniques. The most exploited API vulnerabilities aligned with OWASP Top 10 risks, including misconfigurations (40%), broken object property level authorization (35%), and broken authentication (19%). The expansion of agentic AI has intensified the risk, with an average of 3,000 APIs per customer found to expose sensitive data in 2025, 12% of which contained security weaknesses and 24% of those issues directly related to sensitive data exposure.

The UK Cyber Monitoring Centre (CMC) announced plans to expand its operations to the United States in 2027, one year after its UK-focused launch. The CMC, a UK-based nonprofit established in February 2025, assesses the economic and financial impact of major cyber incidents using a proprietary 0–5 severity scale modeled after physical event scales such as the Richter or Saffir-Simpson scales. The expansion aims to replicate the UK model in the US, where the CMC will establish a technical committee and legal entity, with incubation expected to adapt the methodology to the US economy before full operation.

A North Korean advanced persistent threat (APT) group, tracked as Konni, conducted a multi-stage spear-phishing campaign to compromise targets and abuse compromised KakaoTalk desktop application sessions for malware propagation. Initial access was achieved via a spear-phishing email masquerading as an appointment notice for a North Korean human rights lecturer, leading to execution of a malicious LNK file. The payload deployed a remote access trojan (RAT) named EndRAT (written in AutoIt), establishing persistence via scheduled tasks and exfiltrating sensitive data. The adversary maintained long-term access on compromised hosts, stole internal documents, and used the victim’s KakaoTalk contacts to selectively propagate malware via ZIP archives disguised as North Korea-related content. The campaign reflects a high-trust abuse strategy, leveraging compromised user accounts to deceive additional targets.

The GlassWorm malware campaign has resurfaced with a significant escalation, adding at least 72 new malicious Open VSX extensions since January 31, 2026. The malware uses invisible Unicode characters to hide malicious code and targets GitHub, NPM, and OpenVSX account credentials, as well as cryptocurrency wallet data. The campaign initially impacted 49 extensions, with an estimated 35,800 downloads, though this figure includes inflated numbers due to bots and visibility-boosting tactics. The Eclipse Foundation has revoked leaked tokens and introduced security measures, but the threat actors have pivoted to GitHub and now returned to OpenVSX with updated command-and-control endpoints. The malware's global reach includes systems in the United States, South America, Europe, Asia, and a government entity in the Middle East. Koi Security has accessed the attackers' server and shared victim data with law enforcement. The threat actors have posted a fresh transaction to the Solana blockchain, providing an updated C2 endpoint for downloading the next-stage payload. The attacker's server was inadvertently exposed, revealing a partial list of victims spanning the U.S., South America, Europe, and Asia, including a major government entity from the Middle East. The threat actor is assessed to be Russian-speaking and uses the open-source browser extension C2 framework named RedExt as part of their infrastructure. The third wave of GlassWorm uses Rust-based implants packaged inside the extensions and targets popular tools and developer frameworks like Flutter, Vim, Yaml, Tailwind, Svelte, React Native, and Vue. Additionally, a malicious Rust package named "evm-units" was discovered, targeting Windows, macOS, and Linux systems. This package, uploaded to crates.io in mid-April 2025, attracted over 7,000 downloads and was designed to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. The package checks for the presence of Qihoo 360 antivirus and alters its execution flow accordingly. The references to EVM and Uniswap indicate that the supply chain incident is designed to target developers in the Web3 space. The latest development involves the compromise of a legitimate developer's resources to push malicious updates to downstream users, with the malicious extensions having previously been presented as legitimate developer utilities and collectively accumulated over 22,000 Open VSX downloads prior to the malicious releases. A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. The threat actor gained access to the account of a legitimate developer (oorzc) and pushed malicious updates with the GlassWorm payload to four extensions that had been downloaded 22,000 times. GlassWorm attacks first appeared in late October, hiding the malicious code using "invisible" Unicode characters to steal cryptocurrency wallet and developer account details. The malware also supports VNC-based remote access and SOCKS proxying. Over time and across multiple attack waves, GlassWorm impacted both Microsoft's official Visual Studio Code marketplace and its open-source alternative for unsupported IDEs, OpenVSX. In a previous campaign, GlassWorm showed signs of evolution, targeting macOS systems, and its developers were working to add a replacement mechanism for the Trezor and Ledger apps. A new report from Socket's security team describes a new campaign that relied on trojanizing the following extensions: oorzc.ssh-tools v0.5.1, oorzc.i18n-tools-plus v1.6.8, oorzc.mind-map v1.0.61, oorzc.scss-to-css-compile v1.3.4. The malicious updates were pushed on January 30, and Socket reports that the extensions had been innocuous for two years. This suggests that the oorzc account was most likely compromised by GlassWorm operators. According to the researchers, the campaign targets macOS systems exclusively, pulling instructions from Solana transaction memos. Notably, Russian-locale systems are excluded, which may hint at the origin of the attacker. GlassWorm loads a macOS information stealer that establishes persistence on infected systems via a LaunchAgent, enabling execution at login. It harvests browser data across Firefox and Chromium, wallet extensions and wallet apps, macOS keychain data, Apple Notes databases, Safari cookies, developer secrets, and documents from the local filesystem, and exfiltrates everything to the attacker's infrastructure at 45.32.150[.]251. Socket reported the packages to the Eclipse Foundation, the operator of the Open VSX platform, and the security team confirmed unauthorized publishing access, revoked tokens, and removed the malicious releases. The only exception is oorzc.ssh-tools, which was removed completely from Open VSX due to discovering multiple malicious releases. Currently, versions of the affected extensions on the market are clean, but developers who downloaded the malicious releases should perform a full system clean-up and rotate all their secrets and passwords. The GlassWorm campaign now abuses extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive delivery vehicles in later updates. The new extensions mimic widely used developer utilities and feature heavier obfuscation and Solana wallet rotation to evade detection. The campaign also affects 151 GitHub repositories and two npm packages using the same Unicode technique. Additionally, 88 new malicious npm packages were uploaded in three waves between November 2025 and February 2026, using Remote Dynamic Dependencies (RDD) to modify malicious code on the fly. The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. The attack targets Python projects including Django apps, ML research code, Streamlit dashboards, and PyPI packages by appending obfuscated code to files like setup.py, main.py, and app.py. The earliest injections date back to March 8, 2026. The attackers, upon gaining access to the developer accounts, rebase the latest legitimate commits on the default branch of the targeted repositories with malicious code, and then force-push the changes, while keeping the original commit's message, author, and author date intact. This new offshoot of the GlassWorm campaign has been codenamed ForceMemo. The Base64-encoded payload, appended to the end of the Python file, features GlassWorm-like checks to determine if the system has its locale set to Russian. If so, it skips execution. In all other cases, the malware queries the transaction memo field associated with a Solana wallet ("BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC") previously linked to GlassWorm to extract the payload URL. The earliest transaction on the C2 address dates to November 27, 2025 -- over three months before the first GitHub repo injections on March 8, 2026. The address has 50 transactions total, with the attacker regularly updating the payload URL, sometimes multiple times per day. The disclosure comes as Socket flagged a new iteration of the GlassWorm that technically retains the same core tradecraft while improving survivability and evasion by leveraging extensionPack and extensionDependencies to deliver the malicious payload by means of a transitive distribution model. Aikido Security also attributed the GlassWorm author to a mass campaign that compromised more than 151 GitHub repositories with malicious code concealed using invisible Unicode characters. The decoded payload is configured to fetch the C2 instructions from the same Solana wallet, indicating that the threat actor has been targeting GitHub repositories in multiple waves. The use of different delivery methods and code obfuscation methods, but the same Solana infrastructure, suggests ForceMemo is a new delivery vector maintained and operated by the GlassWorm threat actor, who has now expanded from compromising VS Code extensions to a broader GitHub account takeover. The attacker injects malware by force-pushing to the default branch of compromised repositories. This technique rewrites git history, preserves the original commit message and author, and leaves no pull request or commit trail in GitHub's UI. No other documented supply chain campaign uses this injection method.

The Iranian hacktivist group Handala (a.k.a. Handala Hack Team), linked to Iran's Ministry of Intelligence and Security (MOIS), has claimed responsibility for a data-wiping attack against Stryker, a global medical technology company. The attack reportedly affected over 200,000 systems, servers, and mobile devices across Stryker’s offices in 79 countries. Handala claims to have stolen 50 terabytes of data before wiping tens of thousands of systems and servers. The group cited retaliation for a U.S. missile strike that killed 175 people, including children, as the motive. Stryker’s operations, particularly in Ireland, have been severely disrupted, with over 5,000 workers sent home. The attack utilized Microsoft Intune to issue remote wipe commands, causing significant operational downtime. Stryker confirmed the attack in an 8-K filing with the SEC, noting global disruption to the company’s Microsoft environment. The timeline for a full restoration of affected functions and systems access is not yet known, but Stryker has business continuity measures in place to support its customers and partners. Experts suggest Handala is more than a hacktivist group, with tactics and targeting consistent with Iranian state actors. The attack was limited to Stryker's internal Microsoft environment and did not impact any of its products, including connected or life-saving technologies. The threat actor used the wipe command in Intune to erase data from nearly 80,000 devices between 5:00 and 8:00 a.m. UTC on March 11, after compromising an administrator account and creating a new Global Administrator account. Investigators did not find any indication that data was exfiltrated despite Handala's claims. The investigation is being conducted by the Microsoft Detection and Response Team (DART) in collaboration with cybersecurity experts from Palo Alto Unit 42. Stryker emphasizes that the incident was not a ransomware attack and that the threat actor did not deploy any malware on its systems. Stryker's current priority is to restore the supply-chain system and resume customer orders and shipping.

CISA has flagged an actively exploited vulnerability (CVE-2025-47813) in Wing FTP Server, which allows low-privilege attackers to discover the full local installation path of the application. This flaw can be chained with a critical remote code execution (RCE) bug (CVE-2025-47812) for further exploitation. The vulnerabilities were patched in May 2025, but attackers continue to exploit them in the wild. CISA has given federal agencies two weeks to secure their systems and encourages private sector organizations to apply mitigations immediately.

The UK's Companies House suspended its WebFiling dashboard after a security flaw allowed unauthorized access to corporate and personal details of directors. The vulnerability, introduced during an update in October 2025, enabled attackers to view and potentially modify registration details of around five million companies, exposing them to phishing and fraud. The flaw was discovered by Dan Neidle and John Hewitt, who demonstrated how easy it was to exploit. Companies House has taken the dashboard offline for investigation and has since restored the service. The agency confirmed that the flaw could only be exploited by logged-in users and that no user passwords or identity verification data were compromised. The extent of the impact and whether modifications were made remains unclear, and the agency is investigating further.

Microsoft is addressing an ongoing Exchange Online outage affecting multiple connection methods, including Outlook on the web, Outlook desktop, and Exchange ActiveSync. The issue, tracked under incident ID EX1253275, stems from a code conflict in a recent deployment related to authentication support. The misconfiguration causes intermittent access problems for some users. Microsoft has identified a section of service infrastructure not processing traffic efficiently and is making configuration changes to remediate the impact. The company expects the issue to be fully resolved by the next scheduled update. Other connection methods remain unaffected. The incident was first acknowledged on the day of the article at 06:42 AM UTC. While the exact number of users and regions impacted is not specified, the issue has been flagged as critical in the Microsoft 365 admin center. Additionally, Microsoft is investigating a separate outage affecting the Microsoft 365 Copilot web sign-in page and Copilot web clients.

Google has released security updates for Chrome to address two high-severity zero-day vulnerabilities (CVE-2026-3909 and CVE-2026-3910) that are being actively exploited in the wild. The vulnerabilities involve an out-of-bounds write in the Skia 2D graphics library and an inappropriate implementation in the V8 JavaScript and WebAssembly engine, potentially leading to out-of-bounds memory access or code execution. The patches are available in Chrome versions 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux. These vulnerabilities highlight the ongoing threat of zero-day exploits in widely used software, emphasizing the importance of timely updates and patches to mitigate potential security risks.

Nudge Security has launched a solution to help organizations discover, monitor, and govern the use of AI tools within their environments. The tool provides continuous discovery, real-time monitoring, and proactive governance to mitigate risks associated with shadow AI usage. The solution integrates with identity providers (IdP) like Microsoft 365 and Google Workspace to detect AI tool adoption and monitor sensitive data sharing. It also offers alerts for risky activities and enforces AI usage policies. This development addresses the growing challenge of managing AI tools that are often adopted without IT oversight, posing potential security and compliance risks.

A high-severity privilege escalation flaw in the Linux kernel (CVE-2024-1086) is being exploited in ransomware attacks. Disclosed in January 2024, the vulnerability allows attackers with local access to escalate privileges to root level. It affects multiple major Linux distributions, including Debian, Ubuntu, Fedora, and Red Hat. The flaw was introduced in February 2014 and fixed in January 2024. Additionally, nine confused deputy vulnerabilities, codenamed CrackArmor, have been discovered in the Linux kernel's AppArmor module. These flaws, existing since 2017, allow unprivileged users to bypass kernel protections, escalate to root, and undermine container isolation guarantees. The vulnerabilities affect Linux kernels since version 4.11 and impact major distributions like Ubuntu, Debian, and SUSE. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed the exploitation of the initial flaw in ransomware campaigns and added it to its Known Exploited Vulnerabilities (KEV) catalog in May 2024. Federal agencies were ordered to secure their systems by June 20, 2024. Mitigations include blocking 'nf_tables', restricting access to user namespaces, or loading the Linux Kernel Runtime Guard (LKRG) module. Qualys Threat Research Unit discovered the CrackArmor flaws, which stem from a 'confused deputy' flaw allowing unprivileged local users to manipulate AppArmor security profiles. Over 12.6 million enterprise Linux systems are affected, and the flaws enable local privilege escalation, denial-of-service attacks, and container isolation bypass. Qualys has developed proof-of-concept exploits but has not publicly released them.

Security validation is evolving towards agentic AI-driven approaches to address the fragmented nature of current validation tools. Traditional methods rely on disparate tools like BAS, pentesting, and vulnerability scanners, which do not integrate well and fail to reflect the interconnected nature of real-world attacks. Agentic AI promises continuous, context-aware validation that autonomously plans, executes, and reasons across complex workflows, providing a more holistic view of security posture. The shift involves three perspectives: adversarial (identifying attack paths), defensive (validating security controls), and risk (prioritizing exposures). Agentic AI can compress validation workflows from days to minutes by autonomously analyzing threats, mapping them to the environment, and surfacing critical insights. The effectiveness of agentic AI depends on a unified security data layer, or Security Data Fabric, which includes asset intelligence, exposure intelligence, and security control effectiveness. This fabric provides the context needed for AI to tailor validation to specific environments and threats.

A new infostealer malware named Shamos is targeting Mac devices through ClickFix attacks. The malware, developed by the COOKIE SPIDER group, steals data and credentials from web browsers, Keychain, Apple Notes, and cryptocurrency wallets. The attacks use malvertising and fake GitHub repositories to lure victims into executing shell commands that download and install the malware. Since June 2025, Shamos has attempted infections in over three hundred environments monitored by CrowdStrike. The malware uses anti-VM commands, AppleScript for reconnaissance, and creates persistence through a Plist file. Users are advised to avoid executing unknown commands and to seek help from trusted sources. A new variant of the MacSync stealer, related to Shamos, is distributed through a digitally signed, notarized Swift application, bypassing macOS Gatekeeper checks. This variant uses evasion techniques such as inflating the DMG file with decoy PDFs and performing internet connectivity checks. The malware runs largely in memory and cleans up temporary files after execution, leaving minimal traces behind. The associated developer certificate has been revoked. Three distinct ClickFix campaigns have been identified distributing the MacSync infostealer via fake AI tool installers. The campaigns use various lures, including OpenAI Atlas browser and ChatGPT conversations, to trick users into executing malicious commands. The latest variant of MacSync supports dynamic AppleScript payloads and in-memory execution to evade detection. The shell script retrieves the AppleScript infostealer payload from a hard-coded server and removes evidence of data theft. The malware harvests credentials, files, keychain databases, and cryptocurrency wallet seed phrases.

A verified game on Steam, BlockBlasters, was compromised to steal cryptocurrency from users. The malware was added to the game on August 30, 2025, and was active until September 21, 2025. The game targeted users with significant cryptocurrency holdings, leading to the theft of $150,000 from 261 to 478 Steam accounts. The attacker's operational security failure exposed their Telegram bot code and tokens. One victim, a gamer seeking funds for cancer treatment, lost $32,000. The community has since rallied to cover the loss. Similar incidents involving other Steam games have occurred this year. The FBI is now investigating eight malicious Steam games, including BlockBlasters, and is seeking victims who installed these games between May 2024 and January 2026. The investigation focuses on cryptocurrency theft and account hijacks. The FBI is asking for screenshots of communications with individuals who promoted the games and is legally mandated to identify victims of federal crimes it investigates, offering potential services, restitution, and rights under federal and/or state law.

Ukraine's Defense Forces were targeted in a charity-themed malware campaign between October and December 2025, delivering the PluggyApe backdoor, likely deployed by the Russian threat group Void Blizzard (Laundry Bear). The attacks began with instant messages over Signal or WhatsApp, directing recipients to malicious websites posing as charitable foundations. These sites distributed password-protected archives containing PluggyApe payloads. The malware profiles the host, sends victim information to attackers, and waits for further commands. In February 2026, a new campaign targeting Ukrainian entities was observed, employing judicial and charity-themed lures to deploy a JavaScript-based backdoor codenamed DRILLAPP. This campaign is likely orchestrated by threat actors linked to Russia and shares overlaps with the prior PluggyApe campaign. The malware is capable of uploading and downloading files, leveraging the microphone, and capturing images through the webcam. The threat actor is believed to be active since at least April 2024.

Google is testing a new security feature in Android 17 Beta 2 that prevents non-accessibility apps from using the Accessibility API when Advanced Protection Mode (AAPM) is enabled. This change aims to mitigate malware abuse of the API, which has been exploited to steal sensitive data. Only verified accessibility tools, such as screen readers and Braille-based access programs, are exempt from this restriction. The update also introduces a new contacts picker for granular control over contact data access.

OpenAI has clarified that ChatGPT advertisements are currently only available in the United States, despite recent updates to the privacy policy that mentioned ads, sparking speculation about a global rollout. OpenAI is taking a phased approach to ad deployment, focusing on learning from real-world use in the US before expanding further. The ads are personalized and appear below answers for logged-in users on Free and Go plans, with strict privacy measures in place to prevent data sharing with advertisers.

Betterleaks, a new open-source secrets scanner, has been introduced as an advanced successor to Gitleaks. Developed by Zach Rice and supported by Aikido Security, the tool scans directories, files, and git repositories for valid secrets using default or customized rules. Betterleaks aims to identify sensitive information such as credentials, API keys, and tokens before threat actors can exploit them. The tool features improved token efficiency scanning, parallelized Git scanning, and support for doubly/triply encoded secrets. Future updates plan to include LLM-assisted analysis, automatic secret revocation, and performance optimizations.

Microsoft has released an out-of-band (OOB) hotpatch update (KB5084597) for Windows 11 Enterprise devices to address critical remote code execution (RCE) vulnerabilities in the Routing and Remote Access Service (RRAS) management tool. The vulnerabilities, tracked as CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111, could allow remote code execution when connecting to a malicious server. The hotpatch update is designed for devices using hotpatch updates instead of regular Patch Tuesday cumulative updates, ensuring no reboot is required for mission-critical systems.