A vulnerability named RoguePilot in GitHub Codespaces allowed attackers to inject malicious instructions into GitHub issues, which were then processed by GitHub Copilot. This enabled silent control of the AI agent in Codespaces, leading to the leakage of sensitive GITHUB_TOKENs. The flaw has been patched by Microsoft after responsible disclosure. The attack involved embedding malicious prompts within GitHub issues, which were then executed by Copilot when a user launched a Codespace from the issue. This allowed attackers to exfiltrate sensitive data, including GITHUB_TOKENs, to external servers under their control.

The ShinyHunters extortion group has leaked personal information from 12.4 million CarGurus accounts. The data includes email addresses, phone numbers, physical addresses, and financial application details. CarGurus has not confirmed the breach, but HaveIBeenPwned (HIBP) has verified the dataset, noting that 3.7 million records are new. The leaked data could be used for phishing attacks. CarGurus is a U.S.-based digital auto platform with an estimated 40 million monthly visitors. The breach follows a pattern of similar attacks by ShinyHunters, who often use social engineering to gain access to SaaS platforms like Salesforce and Microsoft 365.

A bug in Microsoft 365 Copilot, first detected on January 21, 2026, caused the AI assistant to summarize confidential emails, bypassing data loss prevention (DLP) policies. Microsoft confirmed the issue and began rolling out a fix in early February. The company is now expanding DLP controls to block Copilot from processing confidential documents across all storage locations, including local files, between late March and late April 2026. The full remediation timeline and scope of impact remain undisclosed.

The average cost of insider incidents surged 20% to nearly $20 million per organization in 2025, driven primarily by employee negligence related to shadow AI usage. Malicious insider activities accounted for 27% of losses, while negligence and mistakes amounted to $10.3 million per company. The report highlights the growing risks associated with undocumented AI use and the need for better AI governance policies.

A sophisticated phishing campaign impersonating Bitpanda combines credential theft with extensive personal data harvesting. The scheme uses a near-perfect replica of the legitimate platform to deceive users into providing sensitive information through a staged, fake multi-factor authentication (MFA) process. The attack begins with an email mimicking official Bitpanda communications, urging users to update their information or risk account suspension. Victims are directed to a fraudulent website that closely resembles the genuine Bitpanda login screen but uses a deceptive domain. Once credentials are entered, victims are prompted to provide additional personal information, including first and last name, telephone number, residential address, and date of birth. After completing the forms, users see a confirmation message and are redirected to the legitimate Bitpanda login page.

AI agents are increasingly operating autonomously within enterprises, performing tasks like infrastructure provisioning, customer support, and code writing. These agents behave as identities, using API keys, OAuth tokens, and service accounts, but are often not governed as such. Traditional identity and access management (IAM) is insufficient for AI agents due to their dynamic and context-driven nature. Intent-based permissioning is emerging as a critical security measure to ensure AI agents act within their approved missions.

The UK Information Commissioner's Office (ICO) has fined Reddit £14.47 million ($19.5 million) for collecting and using personal data of children under 13 without adequate safeguards. The ICO found that Reddit lacked meaningful age-verification systems until July 2025, despite its terms prohibiting underage users. The regulator estimates significant numbers of underage children used the platform, exposing them to harmful content. Reddit has announced plans to appeal the decision.

North Korean state-backed hackers from the Lazarus group are targeting U.S. healthcare organizations and entities in the Middle East with Medusa ransomware in financially motivated extortion attacks. The Medusa ransomware-as-a-service (RaaS) operation has impacted over 366 organizations since its launch in 2023, with at least four additional healthcare and non-profit organizations in the U.S. targeted since November 2025. This is the first time Lazarus has been linked to Medusa ransomware, though they have been associated with other ransomware strains. The attacks use a toolset that includes both custom and commodity tools, some of which are linked to another North Korean group, Diamond Sleet. The average ransom recorded in these attacks is $260,000, which is reportedly used to fund espionage operations against defense, technology, and government sectors in the U.S., Taiwan, and South Korea. Symantec has provided indicators of compromise (IoCs) to help defenders prevent these attacks. The Stonefly sub-group of Lazarus, also known as Andariel, has been involved in ransomware operations for the past five years. Rim Jong Hyok, an alleged Stonefly member, was indicted by the US Justice Department for ransomware campaigns targeting US hospitals and healthcare providers. The US Justice Department announced a $10m reward for information related to Rim Jong Hyok.

A Russia-aligned threat actor, UAC-0050 (aka DaVinci Group, Mercenary Akula), targeted a European financial institution involved in regional development and reconstruction initiatives. The attack involved a spear-phishing email spoofing a Ukrainian judicial domain to deliver a remote access payload. The campaign used a multi-layered infection chain to deploy Remote Manipulator System (RMS) malware, marking a potential expansion of the group's targeting beyond Ukraine. The attack highlights the group's use of legitimate remote access tools to maintain stealthy, persistent access while evading traditional antivirus detection. This incident suggests UAC-0050 may be probing institutions in Western Europe that support Ukraine. Additionally, Ukraine has reported increased Russian cyber attacks focused on intelligence gathering to guide missile strikes, rather than immediate disruption. CrowdStrike's Global Threat Report indicates that Russia-nexus adversaries, including APT29, will continue aggressive operations targeting Ukrainian entities and NATO member states.

In 2025, the cybersecurity venture capital market saw unprecedented activity, driven by a rush to AI-native security solutions and a surge in mergers and acquisitions. Venture-capital firms invested $119 billion in cybersecurity businesses, with 400 M&A transactions and 820 financing deals totaling nearly $21 billion. The total value of M&A, financing, and IPO activity nearly tripled that of the previous year. This surge is attributed to the focus on AI-native cybersecurity solutions and the need to protect expanding attack surfaces created by AI agents. The momentum continued into 2026, with January recording 38 M&A deals, the third-highest monthly count ever.

SolarWinds has released security updates to address multiple critical vulnerabilities in SolarWinds Web Help Desk, including CVE-2025-40536, CVE-2025-40537, CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554. These vulnerabilities could result in authentication bypass and remote code execution (RCE). CVE-2025-40551 is actively exploited in attacks and has been added to CISA's KEV catalog. SolarWinds Web Help Desk is used by more than 300,000 customers worldwide, including government agencies, large corporations, healthcare organizations, and educational institutions. SolarWinds has also released security updates to patch four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. The most severe flaw, CVE-2025-40538, allows attackers with high privileges to gain root or admin permissions on vulnerable servers. These vulnerabilities include a broken access control flaw, two type confusion flaws, and an Insecure Direct Object Reference (IDOR) vulnerability. All four vulnerabilities require attackers to already have high privileges on the targeted servers.

Modern enterprises face identity risk from a combination of control posture, hygiene, business context, and intent. A new framework prioritizes identity risk as contextual exposure rather than configuration completeness. The framework identifies toxic combinations of weaknesses that attackers can exploit, emphasizing the need for a nuanced approach to identity risk management. The framework includes four key dimensions: controls posture, identity hygiene, business context, and user intent. Each dimension is evaluated to determine the overall risk and prioritize remediation efforts. The goal is to reduce real-world breach likelihood and audit exposure by focusing on toxic combinations of vulnerabilities.

Dutch telecommunications provider Odido suffered a cyberattack that exposed personal data of 6.2 million customers. The breach occurred in their customer contact system, but no passwords, call logs, or billing information were affected. The company detected the incident on February 7 and has since taken steps to secure their systems and notify affected customers. The exposed data includes full names, addresses, mobile numbers, customer numbers, email addresses, IBANs, dates of birth, and identification data. Odido has reported the breach to the Dutch Data Protection Authority and is working with external cybersecurity experts to mitigate the incident. The ShinyHunters extortion gang has claimed responsibility for the breach, stating they have stolen nearly 21 million records, including internal corporate data and plaintext passwords. Odido has denied these claims, asserting that no passwords or sensitive data were compromised.

In mid-September 2025, state-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign." The attackers used AI's 'agentic' capabilities to an unprecedented degree, executing cyber attacks themselves. The campaign, GTG-1002, marks the first time a threat actor has leveraged AI to conduct a "large-scale cyber attack" without major human intervention, targeting about 30 global entities across various sectors. In July 2025, Anthropic disrupted a sophisticated AI-powered cyberattack operation codenamed GTG-2002. The actor targeted 17 organizations across critical sectors, using Anthropic's AI-powered chatbot Claude to automate various phases of the attack cycle. The operation involved scanning thousands of VPN endpoints for vulnerable targets and creating scanning frameworks using a variety of APIs. The actor provided Claude Code with their preferred operational TTPs (Tactics, Techniques, and Procedures) in their CLAUDE.md file. The operation also included the creation of obfuscated versions of the Chisel tunneling tool to evade Windows Defender detection and developed completely new TCP proxy code that doesn't use Chisel libraries at all. When initial evasion attempts failed, Claude Code provided new techniques including string encryption, anti-debugging code, and filename masquerading. The threat actor stole personal records, healthcare data, financial information, government credentials, and other sensitive information. Claude not only performed 'on-keyboard' operations but also analyzed exfiltrated financial data to determine appropriate ransom amounts and generated visually alarming HTML ransom notes that were displayed on victim machines by embedding them into the boot process. The operation demonstrates a concerning evolution in AI-assisted cybercrime, where AI serves as both a technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually. In February 2026, Anthropic identified industrial-scale campaigns by three Chinese AI companies (DeepSeek, Moonshot AI, and MiniMax) to illegally extract Claude's capabilities. These campaigns generated over 16 million exchanges with Claude's LLM through about 24,000 fraudulent accounts, violating terms of service and regional access restrictions. The distillation attacks targeted Claude's reasoning capabilities, agentic reasoning, tool use, coding capabilities, and computer vision. Anthropic attributed each campaign to a specific AI lab based on request metadata, IP address correlation, and infrastructure indicators. To counter the threat, Anthropic built classifiers and behavioral fingerprinting systems to identify suspicious distillation attack patterns and implemented enhanced safeguards. Anthropic warned that illicitly distilled models can be used for malicious and harmful purposes, such as developing bioweapons or carrying out malicious cyber activities. Foreign labs that distill American models can then feed these unprotected capabilities into military, intelligence, and surveillance systems, enabling authoritarian governments to deploy frontier AI for offensive cyber operations, disinformation campaigns, and mass surveillance. Anthropic does not currently offer commercial access to Claude in China or to subsidiaries of Chinese companies located outside of the country for security reasons.

The number of AI-enabled cyberattacks has nearly doubled in the past year, according to CrowdStrike's Global Threat Report 2026. Threat actors are leveraging machine learning and Large Language Models (LLMs) to optimize attack techniques, including social engineering, malware development, and disinformation campaigns. CrowdStrike reported an 89% increase in attacks by AI-enabled adversaries in 2025 compared to the previous year. These attacks primarily focus on enhancing existing methods rather than creating novel vectors. Examples include Chinese intelligence services using AI to create fake consulting firms for intelligence gathering and Russian cybercriminals using AI to improve phishing email credibility. Additionally, Russian state-backed hacking group Fancy Bear has experimented with embedding LLMs into malware for reconnaissance and document collection.

The China-aligned threat actor UnsolicitedBooker has expanded its operations to target telecommunications companies in Kyrgyzstan and Tajikistan, deploying two distinct backdoors, LuciDoor and MarsSnake. The group, previously known for targeting Saudi Arabian entities, has been active since at least March 2023 and has a history of targeting organizations in Asia, Africa, and the Middle East. The latest attacks involve phishing emails with malicious Office documents that drop C++ malware loaders, which then deliver the backdoors. These backdoors establish C2 communication, collect system information, and exfiltrate data. The group has also been linked to tactical overlaps with other clusters, including Space Pirates and an unattributed campaign targeting Saudi Arabia with the Zardoor backdoor.

Multiple Android mental health apps with over 14.7 million combined installs contain security vulnerabilities that could expose sensitive user data. Researchers identified 1,575 vulnerabilities, including 54 high-severity issues, which could allow attackers to intercept credentials, spoof notifications, and access therapy records. The apps, designed to help users with various mental health conditions, store sensitive data such as therapy session transcripts and mood logs, making them lucrative targets for cybercriminals.

Spanish authorities arrested four members of the Anonymous Fenix hacktivist group, accused of conducting DDoS attacks against government ministries, political parties, and public institutions in Spain and South America. The group, claiming affiliation with Anonymous, escalated attacks after the Valencia floods in October 2024, targeting websites they blamed for the disaster. The arrests followed a year-long investigation, with initial arrests in May 2025 and additional arrests in February 2026. The group used social media to recruit volunteers and spread anti-government messaging.

The Enigma cipher machine, used by the Nazis during World War II, continues to offer valuable lessons for modern cybersecurity professionals. Despite its historical significance, the Enigma's vulnerabilities and the mistakes made by its users provide insights into contemporary cybersecurity practices. The machine's design flaws and human errors highlight the importance of robust security measures and the need for continuous vigilance.

Microsoft is investigating a bug in the classic Outlook desktop email client that causes the mouse pointer to disappear for some users. The issue, reported nearly two months ago, makes the app unusable as users cannot interact with emails or perform basic functions. Microsoft has acknowledged the problem and provided temporary workarounds while they continue their investigation.

Optimizely, an ad tech firm with over 10,000 clients, confirmed a data breach following a voice phishing (vishing) attack. The breach, which occurred on February 11, compromised basic business contact information stored in internal systems and CRM records. The attackers did not escalate privileges or install backdoors, but the company warned customers about potential follow-up phishing attacks. The incident is linked to the ShinyHunters extortion operation, known for targeting SSO accounts at Microsoft, Okta, and Google.

The threat actor Silver Fox has been exploiting a previously unknown vulnerable driver associated with WatchDog Anti-malware to deploy ValleyRAT malware. The driver, 'amsdk.sys' (version 1.0.600), is a validly signed Windows kernel device driver built on the Zemana Anti-Malware SDK. This driver allows arbitrary process termination and local privilege escalation, enabling the attackers to neutralize endpoint protection products and deploy the ValleyRAT remote access trojan. The campaign, first observed in late May 2025, targets Chinese-speaking victims using various social engineering techniques and trojanized software. The WatchDog driver has been patched, but attackers have adapted by modifying the driver to bypass hash-based blocklists. Silver Fox, also known as SwimSnake and UTG-Q-1000, is highly active and organized, targeting domestic users and companies to steal secrets and defraud victims. A newly identified cryptojacking campaign has been uncovered, spreading through pirated software installers. This campaign deploys system-level malware using a customised XMRig miner and a controller component for persistence. The controller, named Explorer.exe, functions as a state-driven orchestrator. The malware includes a hardcoded expiration date of December 23, 2025, for self-removal. The campaign uses a vulnerable signed driver, WinRing0x64.sys, to gain kernel-level access and modifies CPU registers to disable hardware prefetchers, boosting mining performance. The campaign connects to the Kryptex mining pool at xmr-sg.kryptex.network:8029. The cryptojacking campaign uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. The malware exhibits worm-like capabilities, spreading across external storage devices, enabling lateral movement even in air-gapped environments. The binary acts as the central nervous system of the infection, serving different roles as an installer, watchdog, payload manager, and cleaner. The malware features a modular design that separates the monitoring features from the core payloads responsible for cryptocurrency mining, privilege escalation, and persistence. The malware includes a logic bomb that operates by retrieving the local system time and comparing it against a predefined timestamp. The hard deadline of December 23, 2025, indicates that the campaign was designed to run indefinitely on compromised systems. The malware uses a legitimate Windows Telemetry service executable to sideload the miner DLL. The malware uses a legitimate but flawed driver (WinRing0x64.sys) as part of a technique called bring your own vulnerable driver (BYOVD). The driver is susceptible to a vulnerability tracked as CVE-2020-14979 (CVSS score: 7.8) that allows privilege escalation. The integration of this exploit into the XMRig miner is to have greater control over the CPU's low-level configuration and boost the mining performance by 15% to 50%. The mining activity took place, albeit sporadically, throughout November 2025, before spiking on December 8, 2025.

The *SANDWORM_MODE* campaign, a new iteration of the Shai-Hulud supply chain worm, has expanded its attack surface by leveraging 19 malicious npm packages (e.g., `claud-code`, `crypto-locale`, `secp256`) to harvest credentials, cryptocurrency keys, and API tokens. Published under aliases *official334* and *javaorg*, the malware retains Shai-Hulud’s self-propagating capabilities while introducing novel techniques: **GitHub API exfiltration with DNS fallback**, **hook-based persistence**, **SSH propagation**, and **MCP server injection** targeting AI coding assistants (Claude Code, VS Code Continue, etc.). The attack also targets **LLM API keys** (Anthropic, OpenAI, Mistral, etc.) and includes a **polymorphic engine** (currently inactive) for evasion via Ollama/DeepSeek Coder. A two-stage payload delays deeper harvesting (password managers, worm propagation) for 48+ hours, with a destructive wiper routine as a fallback. This follows the *Sha1-Hulud* wave (November–December 2025), which exposed **400,000 secrets** across **30,000 GitHub repositories** via **800+ trojanized npm packages**, and the *PackageGate* vulnerabilities (January 2026) that bypassed npm’s `--ignore-scripts` defenses. Concurrently, unrelated but similarly severe threats include the `buildrunner-dev` and `eslint-verify-plugin` packages deploying **Pulsar RAT/Mythic C2 agents**, and a fake VS Code Solidity extension (`solid281`) dropping **ScreenConnect or reverse shells**. Researchers warn of escalating risks to developer environments, CI/CD pipelines, and AI-assisted coding tools, urging **immediate credential rotation**, **dependency audits**, and **hardened access controls**.

A sophisticated Python-based malware attack was uncovered during a fraud investigation. The attack involved obfuscation, disposable infrastructure, and commercial offensive tools. The victim reported unusual desktop behavior and unauthorized PayPal transfers. The malware used PowerShell commands to download and execute payloads, including XWorm RAT, HTran, and Cobalt Strike Beacon. The attack also involved credential theft from browsers and cryptocurrency wallets.

Modern workforce security faces challenges due to the over-reliance on identity as a proxy for trust. As employees use multiple devices and networks, access decisions based solely on identity become insufficient. The risk profile of access changes dynamically, especially when device conditions shift post-authentication. Attackers exploit these gaps by reusing valid identities from untrusted devices, bypassing modern controls. Zero Trust principles are often inconsistently applied, particularly at the device layer, leading to fragmented visibility and static access policies. Continuous verification of both user and device is essential to address these security gaps.

A zero-day vulnerability (CVE-2026-22769) in Dell RecoverPoint for Virtual Machines has been exploited by a suspected China-nexus threat cluster, UNC6201, since mid-2024. The vulnerability, with a CVSS score of 10.0, involves hard-coded credentials affecting versions prior to 6.0.3.1 HF1. The attackers used the flaw to upload a web shell named SLAYSTYLE and execute commands as root to deploy the BRICKSTORM backdoor and its newer version, GRIMBOLT. The exploitation involves authenticating to the Dell RecoverPoint Tomcat Manager via the '/manager/text/deploy' endpoint and deploying the malicious payloads.

A Russian-speaking, financially motivated hacker used generative AI services to breach over 600 FortiGate firewalls across 55 countries in five weeks. The campaign, which occurred between January 11 and February 18, 2026, targeted exposed management interfaces and weak credentials lacking MFA protection. The attacker used AI to automate access to other devices on breached networks, extracting sensitive configuration data and conducting reconnaissance. The attacker successfully compromised multiple organizations' Active Directory environments, extracted complete credential databases, and targeted backup infrastructure, likely in a lead-up to ransomware deployment. The campaign targeted various regions, including South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia. The threat actor used multiple commercial GenAI services to implement and scale well-known attack techniques throughout every phase of their operation. The threat actor's tools lacked robustness and failed under edge cases, characteristics typical of AI-generated code used without significant refinement. The threat actor used AI for attack planning, multi-model operational workflow, compromise planning, and infrastructure building.

An ongoing crypto scam, Bob-ptp, is actively exploiting trust in AI agent networks. The attack uses malicious Claude Skills on Clawhub, a marketplace for AI plugins, to compromise Solana wallet private keys and redirect payments through attacker-controlled infrastructure. The threat actor, BobVonNeumann, promotes the malicious skill on Moltbook, a social media platform for AI agents, leveraging the implicit trust between agents to spread the attack laterally without further human interaction. The campaign highlights a new class of supply chain attacks that combine traditional supply chain poisoning with social engineering targeting algorithms rather than humans.

Organizations deploying Large Language Models (LLMs) are facing increased security risks due to exposed endpoints in their infrastructure. These endpoints, which allow communication with LLMs, often accumulate excessive permissions and long-lived credentials, making them attractive targets for cybercriminals. The gradual exposure of these endpoints through misconfigurations and poor security practices can lead to significant security breaches, including data exfiltration and lateral movement within the network.

CISA added two vulnerabilities in Roundcube webmail software to its KEV catalog, citing active exploitation. CVE-2025-49113 (CVSS 9.9) allows remote code execution via untrusted data deserialization, while CVE-2025-68461 (CVSS 7.2) is a cross-site scripting flaw. Both vulnerabilities were patched in 2025, but exploits have been developed and sold. The flaws have been linked to nation-state actors in the past. FCEB agencies must remediate by March 13, 2026. Over 84,000 vulnerable Roundcube webmail installations were identified shortly after the patch for CVE-2025-49113 was released, and CVE-2025-68461 can be exploited through low-complexity XSS attacks abusing the animate tag in SVG documents.