It's been a busy 24 hours in the cyber world with significant updates on AI-assisted attacks, actively exploited vulnerabilities, a data exposure incident, new spyware techniques, and a look at AI for defence. Let's dive in:
AI-Augmented FortiGate Breaches ๐ค๐ฐ
- A Russian-speaking, financially motivated threat actor used commercial generative AI services to breach over 600 FortiGate firewalls across 55 countries between January and February 2026.
- The attacks exploited exposed management interfaces and weak credentials lacking multi-factor authentication, rather than zero-day vulnerabilities, demonstrating how AI lowers the barrier to entry for less skilled actors.
- AI was used to generate attack methodologies, develop custom reconnaissance tools (in Python and Go), plan lateral movement, and draft operational documentation, leading to the extraction of sensitive configurations, Active Directory compromise, and targeting of backup infrastructure, likely for ransomware deployment.
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/
๐ฐ The Hacker News | https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html
Actively Exploited Vulnerabilities: React2Shell & Roundcube ๐ถ๏ธ๐ฐ
- React2Shell (CVE-2025-55182): This critical RCE (CVSS 10.0) in React Server Components is still being actively exploited, with a new "ILovePoop" toolkit used by a possibly state-sponsored actor for reconnaissance against government, defence, finance, and industrial targets globally. Patching is complex due to Next.js bundling React as a 'vendored' package, making it invisible to standard dependency scanners.
- Roundcube Webmail Flaws: CISA has added two actively exploited vulnerabilities to its KEV catalog: CVE-2025-49113 (RCE, CVSS 9.9) and CVE-2025-68461 (XSS, CVSS 7.2). The RCE flaw, a deserialization issue present for over 10 years, was weaponised within 48 hours of public disclosure, with nation-state actors previously targeting Roundcube.
- Organisations should prioritise patching these vulnerabilities, especially React2Shell, which affects default configurations and has seen sophisticated post-exploitation tradecraft, and Roundcube, with a CISA deadline for FCEB agencies by March 13, 2026.
๐ถ๏ธ Dark Reading | https://www.darkreading.com/application-security/attackers-new-tool-scan-react2shell-exposure
๐ฐ The Hacker News | https://thehackernews.com/2026/02/cisa-adds-two-known-exploited-vulnerabilities-catalog
PayPal Code Error Exposes PII ๐ต๐ผ
- PayPal notified approximately 100 customers of a data exposure incident due to a coding error in its Working Capital loan application, which inadvertently leaked personal information including names, Social Security numbers, dates of birth, email addresses, and business addresses.
- The exposure occurred between July 1, 2025, and December 13, 2025, with a "few" customers also experiencing unauthorised transactions, all of which have been fully refunded by PayPal.
- The company has rolled back the problematic code change, reset affected account passwords, and is offering two years of free credit monitoring to impacted individuals.
๐ต๐ผ The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/20/paypal_app_code_error_leak/
Predator Spyware's iOS Stealth Techniques ๐ค
- Intellexa's Predator spyware can effectively hide iOS camera and microphone recording indicators (the green/orange dots) from users, allowing it to secretly stream audio and video feeds to operators.
- The malware achieves this by leveraging kernel-level access to hook a single function, โHiddenDot::setupHook()โ, within SpringBoard, which intercepts and nullifies sensor activity updates before they reach the UI layer.
- This sophisticated technique prevents the operating system from displaying any visual cues of active surveillance, making the spyware's activity completely hidden to a regular user, although technical analysis can still reveal malicious processes.
๐ค Bleeping Computer | https://www.bleepingcomputer.com/news/security/predator-spyware-hooks-ios-springboard-to-hide-mic-camera-activity/
Anthropic Launches AI for Code Security ๐ฐ
- Anthropic has introduced "Claude Code Security," a new feature for its Enterprise and Team customers that uses AI to scan software codebases for vulnerabilities and suggest targeted patches.
- This initiative aims to counter the growing threat of adversaries weaponising AI for automated vulnerability discovery by providing defenders with an AI-powered tool that can reason about code like a human security researcher, tracing data flows and identifying issues missed by traditional static analysis.
- The system includes a multi-stage verification process to filter false positives, assigns severity ratings, and operates with a human-in-the-loop approach, ensuring that no patches are applied without developer review and approval.
๐ฐ The Hacker News | https://thehackernews.com/2026/02/anthropic-launches-claude-code-security.html
#CyberSecurity #ThreatIntelligence #AI #FortiGate #Vulnerabilities #RCE #Roundcube #React2Shell #Spyware #Predator #iOS #DataBreach #PayPal #CodeSecurity #InfoSec #CyberAttack #IncidentResponse
Tim Green
Hackaday
SOC Goulash
Bob Carver
sayzard
SmartGit
N-gated Hacker News
TechNadu