Information security

Information security

Tax season is stressful for many, making it an ideal time for scammers to target unsuspecting and distracted taxpayers. Awareness is our first, and best, line of defense. Criminals often pose as the IRS, payroll companies, tax preparation services, or even trusted financial institutions in an effort to steal money and sensitive information.

Multiple repositories followed repeatable naming conventions and project 'family' patterns, enabling targeted searches for additional related repositories that were not directly referenced in observed telemetry but exhibited the same execution and staging behavior.

The attacker was using API calls to communicate with SaaS apps as command-and-control (C2) infrastructure to disguise their malicious traffic as benign, a common tactic used by threat actors when attempting to improve the stealth of their intrusions. Rather than abusing a weakness or security flaw, attackers rely on cloud-hosted products to function correctly and make their malicious traffic seem legitimate.

The threat actor gained access to Optimizely's systems through a sophisticated voice-phishing attack, but was unable to escalate privileges, install software, or create any backdoors in the Optimizely environment. The incident was confined to certain internal business systems including Zendesk, records in our Salesforce CRM, and a limited set of internal documents used for back-office operations.

Dependabot sounded the alarm on a large scale. Thousands of repositories automatically received pull requests and warnings, including a high vulnerability score and signals about possible compatibility issues. According to Valsorda, this shows that the tool mainly checks whether a dependency is present, without analyzing whether the vulnerable code is actually accessible within a project.

Google credits security researcher Shaheen Fazim with reporting the exploit to Google. The dude's LinkedIn says he's a professional bug hunter, and I'd say he deserves the highest possible bug bounty for finding something that a government agency is saying "in CSS in Google Chrome before 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."

Peter Williams stole a U.S. defense contractor's trade secrets about highly sensitive cyber capabilities and sold them to a broker whose clients include the Russian government, putting our national security and countless potential victims at risk.

Organizations have reported heightened cybersecurity risks as a result of these skill shortages, but the issues don't end there. Many teams will also experience burnout, which is an issue for security teams even in the best of times, which can only add to the talent gap concern if burnt out employees leave the industry.

We have learned that an unauthorized third party acquired certain employee data. Upon discovery, we immediately activated our incident response protocols and launched a thorough investigation with the help of external cybersecurity experts. The unauthorized third party has stated that the stolen data has been deleted. We are monitoring and to date have not seen any evidence that the data has been published or otherwise misused.

Rather than relying completely on scans that are run as code is moving through a continuous integration/continuous delivery (CI/CD) pipeline, Checkmarx Developer Assist can eliminate 90% of vulnerabilities before they enter the DevOps workflow, said Kinsbruner. That's critical because the first generation of AI coding tools are creating more vulnerabilities that, unless discovered and remediated, are actually making applications less secure than ever, he added.

This week, meet a reader we'll Regomize as "Curt" who once worked as IT security manager at a company where the helpdesk manager routinely ignored company policy by not logging out of his PC. The machine sat there ready for use, instead of reverting to a password-protected screensaver that could only be dispelled by pressing Ctrl-Alt-Del to spawn a login dialog.

Microsoft is warning organizations about the impending end of support for several Windows products from 2016. These include Windows Server 2016, Windows 10 Enterprise 2016 LTSB, and Windows IoT Enterprise LTSB 2016. According to Microsoft, these products are approaching the final stage of their lifecycle, which has direct consequences for organizations that still depend on this software. The lifecycle documentation on Microsoft Learn shows that Windows Server 2016 has not received regular support since January 2022 and is now fully in the extended support phase.

Choice Hotels International disclosed a breach affecting franchisees and applicants. Its notification letter states that a "skilled person used social engineering" to gain access on January 14, 2026 to an application that contained records regarding franchisees and franchise applicants. The access occurred even though access required multifactor authentication (MFA). The information involved included names and Social Security numbers. There is no indication that any guest data was involved. No gang has publicly claimed responsibility for the attack as yet.

Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on the unsuspecting user's machine. This can be extremely dangerous, as OpenClaw has broad system access and deep integrations with messaging platforms including WhatsApp, Telegram, Slack, Discord, iMessage, Teams, and others.

Google has issued a patch for a high‑severity Chrome zero‑day, tracked as CVE‑2026‑2441, a memory bug in how the browser handles certain font features that attackers are already exploiting. CVE-2026-2441 has the questionable honor of being the first Chrome zero-day of 2026. Google considered it serious enough to issue a separate update of the stable channel for it, rather than wait for the next major release.

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.

Wikipedia editors have decided to remove all links to Archive.today, a web archiving service that they said has been linked to more than 695,000 times across the online encyclopedia. Archive.today - which also operates under several other domain names, including archive.is and archive.ph - is perhaps most widely used to access content that's otherwise inaccessible behind paywalls. That also makes it useful as a source for Wikipedia citations.

Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024. CISA this week added the flaw, tracked as CVE-2026-22769, to its Known Exploited Vulnerabilities catalog, ordering civilian agencies to secure affected systems by February 21 - giving them just three days to get fixes in place.

Axonius has laid off approximately 40 employees, representing less than 4% of its global staff, with the majority of cuts in marketing and sales. Co-founder Dean Sysman has stepped down from his role as CEO to become executive chairman, with company president Joe Diamond appointed as interim CEO. The workforce adjustment aims to refine the company's organizational structure and improve operational efficiency as it prepares for a potential IPO.