The campaign exploits recent geopolitical developments to lure victims into opening malicious .LNK files disguised as protest-related images or videos, researchers Subhajeet Singha, Eliad Kimhy, and Darrel Virtusio said in a report published this week. These files are bundled with authentic media and a Farsi-language report providing updates from 'the rebellious cities of Iran.' This pro- protest framing appears to be intended to increase credibility and to attract Farsi-speaking Iranians seeking protest-related information.
We've excised the text, but suffice it to say that the whiteboard contains usernames and passwords for system access. It's a change from a Post-it note stuck to the screen, but it's no less likely to make a security professional shriek in horror. After all, not only is the account exposed, but anyone can use it, which renders an access log somewhat redundant.
Hoang: My background sits at the intersection of enterprise IT, data protection, and cybersecurity. I've spent much of my career working with CIOs and CISOs on resilience - how organizations protect, recover, and govern their most critical data in the face of cyber threats, outages, and operational risk. Today, as CIO at Commvault, I see security not as a standalone function, but as a core business capability.
We had already heard of 'next-gen SIEM'. This is a system that replaces traditional rule-based logging with automatic recognition of complex threats. It was designed to reduce noise on the line for SecOps personnel by reducing the number of false positives. However, according to Abstract CEO and co-founder Colby DeRodeff, this was only the beginning. He believes that a real 'reset' is needed, in the form of an 'AI-Gen Composable SIEM'.
Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn't enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers cite freeing time for high-value work as the primary AI automation motivation. Real impact comes from intelligent workflows that combine automation, AI-driven decisioning, and human ingenuity into seamless processes that work across teams and systems.
Researchers at Kaspersky have analyzed a recently discovered Android malware that enables its operators to remotely control compromised devices. Dubbed Keenadu, the backdoor has been found in the firmware of various Android device brands, particularly tablets. While in some cases the malware appears to have been injected into the firmware during development, it has also been delivered to devices via OTA firmware updates.
On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata,
Microsoft has confirmed that a bug allowed its Copilot AI to summarize customers' confidential emails for weeks without permission. The bug, first reported by Bleeping Computer, allowed Copilot Chat to read and outline the contents of emails since January, even if customers had data loss prevention policies to prevent ingesting their sensitive information into Microsoft's large language model. Copilot Chat allows paying Microsoft 365 customers to use the AI-powered chat feature in its Office software products, including Word, Excel, and PowerPoint.
Matthew A. Akande, 37, was sentenced by U.S. District Court Judge Indira Talwani to eight years in prison, to be followed by three years of supervised release. Akande was also ordered to pay $1,393,230 in restitution. Akande was arrested in October 2024 at Heathrow Airport in the United Kingdom at the request of the United States and extradited to the United States on March 5, 2025.
In its yearly cybersecurity report, Dragos said state-sponsored crews haven't let up on their attempts to compromise America's critical infrastructure, with three new OT-focused threat groups joining the fray. This brings the total number worldwide to 26, and of these, 11 were active in 2025. Additionally, an existing group that Dragos tracks as Voltzite and is "highly correlated" with Volt Typhoon, according to Dragos CEO Robert M. Lee, kept up its intrusion activities last year.
Gene Moody, field CTO at Action1, explained that, in this vulnerability, a browser frees an object, but later continues to use the stale reference memory location. Any attacker who can shape heap layout with controlled content can potentially replace the contents of that freed memory with data they control. Because this lives in the renderer, and is reachable through normal page content, he said, the trigger surface is almost absolute.
Prompt injection attacks pose a serious threat to anyone who uses AI tools, but especially to professionals who rely on them at work. By exploiting a vulnerability that affects most AIs, a hacker can insert malicious code into a text prompt, which may then alter the results or even steal confidential data. Also: 5 custom ChatGPT instructions I use to get better AI results - faster Now, OpenAI has introduced a feature called Lockdown Mode to better thwart these types of attacks.
A 47-year-old man arrested by police in Poland for allegedly being involved in cybercriminal activities has been linked to the Phobos ransomware operation. According to Poland's Central Cybercrime Bureau, officers found hacking tools, credentials, payment card numbers, and server IP addresses on the unnamed suspect's devices during a search. They also discovered that the suspect had exchanged messages with the Phobos ransomware group.
This temporary disruption is the result of a nationwide ransomware attack on BridgePay Network Solutions, one of the City's online payment gateway providers. The attack occurred early in the morning on February 6, 2026 and is impacting payment services for hundreds of municipalities across the United States. BridgePay is cooperating with federal authorities and recovery specialists as the incident is being reviewed. BridgePay reports that their initial findings indicate that no payment card data was compromised and there is no evidence of usable data exposure.
TP-Link is no longer owned by a Chinese company and its products are assembled in Vietnam, but Paxton's lawsuit claims that because the company's "ownership and supply-chain are tied to China" it's subject to the country's data laws, which require companies to comply with requests from Chinese intelligence agencies. The lawsuit also says that firmware vulnerabilities in TP-Link's hardware have already "exposed millions of consumers to severe cybersecurity risks."
