It's been a busy 24 hours in the cyber world with significant updates on AI-assisted attacks, actively exploited vulnerabilities, a data exposure incident, new spyware techniques, and a look at AI for defence. Let's dive in:

AI-Augmented FortiGate Breaches 🤖📰

- A Russian-speaking, financially motivated threat actor used commercial generative AI services to breach over 600 FortiGate firewalls across 55 countries between January and February 2026.
- The attacks exploited exposed management interfaces and weak credentials lacking multi-factor authentication, rather than zero-day vulnerabilities, demonstrating how AI lowers the barrier to entry for less skilled actors.
- AI was used to generate attack methodologies, develop custom reconnaissance tools (in Python and Go), plan lateral movement, and draft operational documentation, leading to the extraction of sensitive configurations, Active Directory compromise, and targeting of backup infrastructure, likely for ransomware deployment.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/
📰 The Hacker News | https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html

Actively Exploited Vulnerabilities: React2Shell & Roundcube 🕶️📰

- React2Shell (CVE-2025-55182): This critical RCE (CVSS 10.0) in React Server Components is still being actively exploited, with a new "ILovePoop" toolkit used by a possibly state-sponsored actor for reconnaissance against government, defence, finance, and industrial targets globally. Patching is complex due to Next.js bundling React as a 'vendored' package, making it invisible to standard dependency scanners.
- Roundcube Webmail Flaws: CISA has added two actively exploited vulnerabilities to its KEV catalog: CVE-2025-49113 (RCE, CVSS 9.9) and CVE-2025-68461 (XSS, CVSS 7.2). The RCE flaw, a deserialization issue present for over 10 years, was weaponised within 48 hours of public disclosure, with nation-state actors previously targeting Roundcube.
- Organisations should prioritise patching these vulnerabilities, especially React2Shell, which affects default configurations and has seen sophisticated post-exploitation tradecraft, and Roundcube, with a CISA deadline for FCEB agencies by March 13, 2026.

🕶️ Dark Reading | https://www.darkreading.com/application-security/attackers-new-tool-scan-react2shell-exposure
📰 The Hacker News | https://thehackernews.com/2026/02/cisa-adds-two-known-exploited-vulnerabilities-catalog

PayPal Code Error Exposes PII 🕵🏼

- PayPal notified approximately 100 customers of a data exposure incident due to a coding error in its Working Capital loan application, which inadvertently leaked personal information including names, Social Security numbers, dates of birth, email addresses, and business addresses.
- The exposure occurred between July 1, 2025, and December 13, 2025, with a "few" customers also experiencing unauthorised transactions, all of which have been fully refunded by PayPal.
- The company has rolled back the problematic code change, reset affected account passwords, and is offering two years of free credit monitoring to impacted individuals.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/20/paypal_app_code_error_leak/

Predator Spyware's iOS Stealth Techniques 🤖

- Intellexa's Predator spyware can effectively hide iOS camera and microphone recording indicators (the green/orange dots) from users, allowing it to secretly stream audio and video feeds to operators.
- The malware achieves this by leveraging kernel-level access to hook a single function, ‘HiddenDot::setupHook()’, within SpringBoard, which intercepts and nullifies sensor activity updates before they reach the UI layer.
- This sophisticated technique prevents the operating system from displaying any visual cues of active surveillance, making the spyware's activity completely hidden to a regular user, although technical analysis can still reveal malicious processes.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/predator-spyware-hooks-ios-springboard-to-hide-mic-camera-activity/

Anthropic Launches AI for Code Security 📰

- Anthropic has introduced "Claude Code Security," a new feature for its Enterprise and Team customers that uses AI to scan software codebases for vulnerabilities and suggest targeted patches.
- This initiative aims to counter the growing threat of adversaries weaponising AI for automated vulnerability discovery by providing defenders with an AI-powered tool that can reason about code like a human security researcher, tracing data flows and identifying issues missed by traditional static analysis.
- The system includes a multi-stage verification process to filter false positives, assigns severity ratings, and operates with a human-in-the-loop approach, ensuring that no patches are applied without developer review and approval.

📰 The Hacker News | https://thehackernews.com/2026/02/anthropic-launches-claude-code-security.html

#CyberSecurity #ThreatIntelligence #AI #FortiGate #Vulnerabilities #RCE #Roundcube #React2Shell #Spyware #Predator #iOS #DataBreach #PayPal #CodeSecurity #InfoSec #CyberAttack #IncidentResponse

Wes Roth (@WesRoth)

Gemini팀이 GeminiCLI 기반의 오픈소스 AI 코드 보안 에이전트를 배포했다고 보고했습니다. 이 에이전트는 Openclaw 프로젝트의 치명적 취약점을 자동으로 탐지하고, 개념 증명(POC)을 생성하며, 직접 풀 리퀘스트까지 열어 문제를 해결한 사례를 공유했습니다. 자동화된 코드 보안/수정 워크플로우의 실사용 사례입니다.

https://x.com/WesRoth/status/2018255572857237695

#gemini #aisecurity #opensource #codesecurity

Be like Bettina Dutler start signing your Git commits with SSH today!

At SmartGit we documented how easy this is with GitHub and GitLab!

#Git #SSH #DevOps #SmartGit #CodeSecurity#SoftwareEngineering

“Noise reduction alone isn’t the goal; accuracy on real risks is.”
— James Wickett, CEO & Co-founder, DryRun Security

Why application security needs context at code review - and why intent matters more than alert volume.

Read more:
https://www.technadu.com/why-application-security-needs-context-at-code-review-not-more-alerts/616254/

#AppSec #DevSecOps #CodeSecurity #InfoSec

Đang tìm kiếm mô hình/công cụ để quét và phát hiện mã độc trong dự án mã nguồn mở. Đang cân nhắc Nemotron, GPT-OSS, Qwen Coder hoặc liệu có mô hình điều chỉnh/tập trung chuyên sâu nào khác hỗ trợ? Cần gợi ý từ cộng đồng! #AiAnToan #PhanTichMa #OSS #CodeSecurity #MalwareDetection

https://www.reddit.com/r/LocalLLaMA/comments/1psr8rl/looking_for_modelsprojects_to_scan_and_detect/

AI models often miss IaC security flaws—not because they lack power, but because they lack focus.

This benchmark shows how accuracy improves when AI gets clear context, tight scope, and an understanding of why a fix works.

It’s the difference between a quick patch and real remediation.

At AppSec Village, we appreciate sponsors like Symbiotic AI, who push for true precision in AI-powered security.

Read the full article →
https://www.symbioticsec.ai/blog/cracking-code-insights-ai-powered-code-security-remediation?utm_source=apv&utm_medium=technical&utm_campaign=apv&utm_id=apv

#AI #AIBenchmarks #CodeSecurity #DevSecOps

Developer-first security isn’t buzzwords or “shift left.”

It’s giving developers context, clarity, and tools that reduce cognitive load—not add more alerts or friction.

This article breaks down why most approaches fall short, and what real developer-first security looks like in practice.

At AppSec Village, we’re here for sponsors like Symbiotic Security who actually support how developers work.

Read it here: https://www.symbioticsec.ai/blog/real-conversation-about-developer-first-security?utm_source=apv&utm_medium=technical&utm_campaign=apv&utm_id=apv

#AI #CodeSecurity #DevSecOps #DeveloperFirstSecurity