Managing pharmaceutical artwork doesn’t have to be complex. With Discus Artwork Management, streamline every step—from review to approval—with complete compliance and traceability.

Get started today: https://zurl.co/qo3IL
Free demo on +91 81414 42222

#ArtworkManagement #PharmaCompliance #RegulatoryCompliance #PharmaIndustry #DocumentControl #QualityManagement #GMP #LifeSciences #DigitalTransformation #Automation #PharmaTech #DiscusIT

Die #EBA veröffentlicht finale Leitlinien zur Kapitalausstattung von #ThirdCountryBranches. Ziel ist eine einheitliche Aufsicht bei der Bewertung geeigneter Kapitalinstrumente. Relevanz für #Governance, #CapitalRequirements und #RegulatoryCompliance.

https://www.eba.europa.eu/publications-and-media/press-releases/eba-publishes-its-final-guidelines-instruments-capital-endowment-requirement-third-country-branches

IoT privacy compliance development.
Samsung will revise ACR data practices after legal action by the Texas Attorney General.

Key elements:
• Real-time viewing habit collection under scrutiny
• Enhanced disclosure & consent flow promised
• Emphasis on consumer transparency
• Broader regulatory pressure on smart device telemetry

ACR data monetization highlights a persistent tension:
Device intelligence vs user autonomy
Advertising revenue vs explicit consent
Convenience vs continuous telemetry
As regulatory enforcement increases, IoT vendors may face stricter consent design expectations.
Question for security & privacy professionals:
Should connected consumer devices require periodic re-consent for telemetry collection?

Source: https://therecord.media/samsung-updates-acr-privacy-practices-texas

Engage below.
Follow TechNadu for privacy law, IoT security, and compliance updates.
Repost to broaden awareness.

#Infosec #PrivacyEngineering #ACR #IoTSecurity #DataGovernance #ConsumerPrivacy #RegulatoryCompliance #SmartDevices #CyberLaw #SecurityAwareness #DigitalRights

Die #EBA veröffentlicht einen Bericht zur Bewertung von #ICT-Risiken im #SREP. Fortschritte sind erkennbar, zugleich bleiben Anforderungen an Integration, Methodik und #DORA-Umsetzung hoch. #Cybersecurity #RegulatoryCompliance

www.eba.europa.eu/publications-and-media/press-releases/eba-publishes-follow-report-ict-risk-assessment-under-supervisory-review-and-evaluation-process

Hello cyber practitioners! It's been a busy 24 hours with a flurry of activity across data breaches, nation-state operations, critical vulnerabilities, and some interesting discussions around AI and privacy. Let's dive in:

Recent Cyber Attacks or Breaches ⚠️

- The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecom Odido, impacting 6.2 million customers, and digital auto platform CarGurus, exposing data from 12.4 million accounts. The group often uses voice phishing (vishing) to compromise single sign-on (SSO) accounts.
- The FBI reported a significant surge in ATM jackpotting attacks in 2025, with criminals cracking 700 machines and costing banks over $20 million. Attackers frequently use malware like Ploutus to manipulate the eXtensions for Financial Services (XFS) software, forcing cash dispensing.
- Spanish authorities arrested four alleged members of the "Anonymous Fénix" hacktivist group for distributed denial-of-service (DDoS) attacks against government ministries and public institutions in Spain and South America, particularly after the Valencia floods.
- Two South Korean teenagers were charged for breaching Seoul's Ttareungyi public bike service in June 2024, exposing data of 4.62 million users, including IDs, phone numbers, and home addresses.
- The UAE Cyber Security Council claimed to have thwarted an organised 'terrorist' ransomware attack targeting its digital infrastructure and vital sectors, noting the use of AI technologies to develop sophisticated offensive tools.
- Decentralised finance platform Step Finance is shutting down after a $40 million theft from its treasury in January, following the compromise of executive team devices.
- Researchers uncovered and took down the infrastructure of Diesel Vortex, a Russian-linked cybercrime group that stole over 1,600 login credentials from Western cargo companies, enabling freight shipment diversion and check fraud.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/shinyhunters-extortion-gang-claims-odido-breach-affecting-millions/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/
🌑 Dark Reading | https://www.darkreading.com/cyber-risk/atm-jackpotting-attacks-surged-2025
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/spain-arrests-suspected-anonymous-fenix-hacktivists-for-ddosing-govt-sites/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/korean_bike_breach_charges/
🗞️ The Record | https://therecord.media/uae-claims-it-stopped-terrorist-ransomware-attack
🗞️ The Record | https://therecord.media/step-finance-cryptocurrency-theft-shutdown
🗞️ The Record | https://therecord.media/phishing-operation-russia-armenia-targeting-us-european-cargo

New Threat Research on Threat Actors/Groups, Ransomware, Malware, or Techniques and Tradecraft 🛡️

- North Korea's Lazarus Group (specifically the Andariel/Stonefly subgroup) is now deploying Medusa ransomware in financially motivated attacks, targeting US healthcare organisations and an unnamed entity in the Middle East. This marks a shift from their self-developed strains to using ransomware-as-a-service (RaaS) offerings.
- The China-aligned UnsolicitedBooker threat cluster has shifted its focus from Saudi Arabian entities to telecommunications companies in Kyrgyzstan and Tajikistan. They are deploying LuciDoor and MarsSnake backdoors via malicious Microsoft Office documents and phishing links.
- Anthropic accused three Chinese AI labs (DeepSeek, Moonshot, MiniMax) of "industrial-scale campaigns" involving 24,000 fraudulent accounts and 16 million queries to illicitly distill Claude's capabilities. This "illicit distillation" poses national security risks if these unprotected models are used for offensive cyber operations, disinformation, or mass surveillance.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
🗞️ The Record | https://therecord.media/north-korean-hackers-using-medusa-ransomware
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/north_koreas_lazarus_group_healthcare_medusa_ransomware/
📰 The Hacker News | https://thehackernews.com/2026/02/unsolicitedbooker-targets-central-asian.html
🤫 CyberScoop | https://cyberscoop.com/anthropic-accuses-chinese-labs-ai-distillation-cyber-risk/
📰 The Hacker News | https://thehackernews.com/2026/02/anthropic-says-chinese-ai-firms-used-16.html

Vulnerabilities, especially any mentioning Remote Code Exploitation (RCE), Active Exploitation, or Zero-Days 🚨

- SolarWinds has released patches for four critical Serv-U vulnerabilities (CVE-2025-40538, CVE-2025-40540, CVE-2025-40539, CVE-2025-40541), all with CVSS 9.1 ratings. These flaws, including a broken access control and type confusion bugs, could allow attackers with high privileges to gain root access and execute arbitrary code on unpatched servers. Immediate update to Serv-U 15.5.4 is strongly advised.
- A vulnerability dubbed RoguePilot in GitHub Codespaces allowed prompt injection via malicious GitHub issues. This enabled GitHub Copilot to silently execute commands and leak sensitive data, such as the privileged GITHUB_TOKEN, representing an AI-mediated supply chain attack. Microsoft has since patched the flaw.
- Researchers uncovered over 1,500 security vulnerabilities, including 54 high-severity issues, across ten popular Android mental health applications with a combined 14.7 million installs. These flaws could expose sensitive therapy data, allow credential interception, spoof notifications, and bypass root detection.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-solarwinds-serv-u-flaws-offer-root-access-to-servers/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/patch_these_4_critical_makemeroot/
📰 The Hacker News | https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/

Threat Landscape Commentary 🌍

- The FBI has affirmed its commitment to combating transnational criminal networks operating industrial-scale scamming compounds in Southeast Asia. These operations traffic individuals and facilitate pig-butchering and cryptocurrency investment scams, generating billions in illicit funds.

🗞️ The Record | https://therecord.media/us-committed-to-fighting-southeast-asia-scam-compounds

Data Privacy 🔒

- Microsoft is expanding its Purview Data Loss Prevention (DLP) controls for Microsoft 365 Copilot to block the processing of confidential Word, Excel, and PowerPoint documents across all storage locations, including local files. This enhancement aims to provide consistent protection and addresses previous bugs where Copilot could summarise protected emails.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/

Regulatory Issues or Changes ⚖️

- The UK Information Commissioner's Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for unlawfully processing children's data. Reddit failed to implement adequate age assurance mechanisms until July 2025, despite its own terms of service prohibiting users under 13. Reddit plans to appeal the decision.
- Senior Ukrainian officials are pushing for tighter regulation of the messaging app Telegram, citing its frequent use by Russia for recruiting individuals for sabotage and terrorist attacks, as well as for spreading disinformation.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/uk_data_watchdog_fines_reddit_1447m_for_letting_kids_slip_past_the_gate/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/uk-fines-reddit-19-million-for-using-childrens-data-unlawfully/
🗞️ The Record | https://therecord.media/ukraine-telegram-regulation-russia-sabotage-recruitment

Everything Else ⚙️

- Go library maintainer Filippo Valsorda criticised GitHub's Dependabot, labelling it a "noise machine" for generating excessive false positives and "nonsensical" CVSS scores. He argues this leads to alert fatigue and reduces security effectiveness, recommending static analysis tools like `govulncheck` instead.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/github_dependabot_noise_machine/

#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #DataBreach #Vulnerability #RCE #AI #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #Hacktivism #FinancialCrime #RegulatoryCompliance

"Banks operating in #Qatar face distinct obligations when securing customer data, managing cross-border transfers, and maintaining regulatory compliance under evolving data sovereignty frameworks." cc: #FSISAC #RegulatoryCompliance

5 Critical Data Sovereignty Challenges for Banks in Qatar
https://cybersec.kiteworks.com/s/5-critical-data-sovereignty-challenges-for-banks-in-qatar-25531

The Hidden War in Your UI: Why Deceptive Design Patterns Are a Real Threat

1,944 words, 10 minutes read time.

As a developer, I am both annoyed and frankly shamed by the current state of software design. Every day, applications and platforms embed intentional annoyances into interfaces, forcing behavior, hijacking attention, and punishing users for expecting a seamless experience. You try to perform a simple task, and suddenly you’re redirected somewhere else entirely—maybe an ad, a subscription prompt, or a social feed—long before you even start the work you intended. These are not accidents. These are deliberate choices, coded into the system to manipulate, trap, and capitalize on human behavior. From forced search bars on mobile devices to pre-checked opt-ins on websites, these dark patterns exploit predictable cognitive biases, turning our attention into a commodity and our actions into revenue streams. This isn’t a small inconvenience—it’s a systematic exploitation of users’ time, focus, and trust, and it’s everywhere.

The consequences are not confined to frustrated individuals. Employers pay for it in lost productivity. Employees waste time correcting accidental interactions, navigating confusing prompts, or recovering from unintended actions. In sectors where precision and workflow efficiency matter, these misclicks scale into measurable losses, costing organizations millions collectively each year. Governments feel it too. Public services increasingly rely on digital portals—tax filing, healthcare registration, social services—but when these platforms employ dark patterns, citizens are misdirected, deadlines are missed, and error rates rise. Each forced interaction adds friction, increasing the cost of providing services and draining public resources. The economic burden is real, quantifiable, and currently ignored, while companies benefit from increased engagement, ad revenue, or subscriptions at the expense of productivity, efficiency, and trust. The government should step up and prohibit these manipulative practices, making companies accountable for intentionally deceiving their users. Until that happens, the cycle continues unabated.

How Dark Patterns Exploit Human Cognition

To understand why these patterns work, you need to recognize the psychology at play. Designers exploit attention, memory limitations, decision fatigue, and the human preference for the path of least resistance. Buttons placed where users are most likely to tap accidentally, pre-checked boxes designed to enroll you in services, and mislabelled toggles all manipulate these cognitive tendencies. The Fogg Behavior Model illustrates how even small prompts combined with minimal friction can trigger behaviors users never intended. Dark patterns exploit trust and expectation: they turn habitual attention and muscle memory into liabilities, guiding users down paths they would not consciously choose.

Real-world platforms offer clear examples. Social media apps like Facebook and Instagram frequently adjust UI elements—buttons, feed placement, navigation cues—in ways that subtly influence user engagement. Subscription services often obscure cancellation paths or hide essential controls, making the default, easier action the one the company wants. Even well-intentioned software, when poorly designed, can unintentionally trap users in workflows, but these dark patterns are far from accidental—they are engineered to maximize engagement and revenue at the user’s expense. When companies normalize these practices, users become desensitized to manipulation, eroding trust and making them more susceptible to both commercial and malicious exploitation.

Forced Interactions and Accidental Engagement: Costs to Employers and Governments

The human cost of dark patterns is only part of the story. Employers and governments bear substantial hidden costs. Employees navigating interfaces riddled with forced interactions spend countless minutes recovering from accidental clicks, dismissing misleading prompts, or correcting unintended selections. In high-stakes environments—healthcare, finance, or legal compliance—these misclicks can amplify into operational errors, delayed decisions, and lost productivity. Governments experience similar outcomes. Digital portals designed with confusing or manipulative flows increase errors, escalate support costs, and frustrate citizens trying to accomplish essential tasks. From pre-ticked marketing consent boxes to forced redirects in public service apps, these interfaces impose inefficiency and resource waste at scale.

The Pixel search bar example illustrates the mechanics personally, but the scope is far broader. E-commerce apps push pre-selected add-ons, subscription services hide opt-outs, and enterprise software overlays prompts directly in workflow paths. Each accidental click or forced interaction represents lost attention and increased cognitive load, which over time erodes trust and slows work. Beyond productivity, these misdirections can create vulnerabilities. Habitual engagement with deceptive interfaces can normalize disregard for warnings, cultivating conditions ripe for phishing, malware infection, or clickjacking attacks.

Dark Patterns as a Security Threat

The techniques behind dark patterns mirror the strategies hackers already exploit. Clickjacking, spoofed URLs, tabnabbing, and malicious pop-ups rely on the same behavioral leverage: users trusting what appears familiar and predictable. By conditioning people to click without thinking, dark patterns reduce the natural caution that guards against social engineering. While there are no public, verifiable cases of someone losing a job because they were redirected to a prohibited site via a dark pattern, the risk is clear: intentional annoyances in UI can inadvertently expose employees to restricted or inappropriate content, security incidents, or phishing attacks. Hackers are already using similar manipulations for financial gain; if commercial dark patterns normalize inattentive clicking, it’s only a matter of time before adversaries adapt these tactics systematically.

From a regulatory perspective, this elevates dark patterns from a nuisance to a societal concern. Employers must manage the risk of accidental exposure, governments must oversee secure and reliable digital services, and users are effectively subsidizing the cost of poor design and malicious exploitation. The potential fallout spans productivity loss, legal liability, and cyber risk—an intersection rarely acknowledged in discussions about user experience but increasingly critical as systems become more complex and interconnected.

Regulatory and Industry Responses to Deceptive UI

Governments and regulators are starting to take notice, but the pace is glacial compared to the ubiquity and sophistication of dark patterns. In the United States, the Federal Trade Commission (FTC) has begun enforcing against manipulative interfaces, including cases where subscription services used deceptive defaults or buried cancellation options. A notable settlement with Amazon over hidden enrollment practices in its Prime service illustrates that regulators recognize dark patterns can create systemic harm, not just isolated user frustration. Similarly, privacy legislation such as the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR) specifically prohibit coercive or deceptive manipulations of user consent, acknowledging that forced opt-ins, pre-checked boxes, and hidden controls undermine both privacy rights and user autonomy. These legal frameworks provide a foundation for holding companies accountable, but enforcement remains sporadic and limited in scope.

Industry-driven initiatives are also emerging, though they often lack teeth. UX and design organizations have published guidelines for ethical design and user-first principles, emphasizing transparency, control, and respect for cognition. Websites like DarkPatterns.org catalog manipulative designs and educate consumers, while professional associations provide heuristics for evaluating UX for ethical compliance. These frameworks offer companies a roadmap to avoid regulatory scrutiny and rebuild trust, but adoption is inconsistent. Many organizations continue to prioritize engagement metrics, ad revenue, and subscription conversions over ethical design, creating an environment where dark patterns thrive.

The interplay between regulation, corporate incentives, and ethical design is critical because dark patterns are not benign. Their impacts cascade through the workplace, government service delivery, and cybersecurity. Employees conditioned to accept manipulative flows may inadvertently compromise security. Citizens navigating government portals may experience inefficiency, confusion, and delays. Consumers are nudged into unintended purchases or data sharing. The cumulative effect is societal: wasted resources, eroded trust, and increased risk exposure. Without proactive regulation and industry commitment, these consequences will only intensify, and the incentive to adopt manipulative design will remain.

Designing Ethical UI: Balancing Business Goals with User Respect

Ethical design isn’t about removing friction entirely—it’s about aligning user behavior with informed choice rather than deception. Companies can achieve engagement and conversion without resorting to manipulative tactics by making paths transparent, defaults neutral, and consent explicit. This includes placing critical actions where users intend to find them, avoiding pre-selected options, labeling interfaces clearly, and respecting user attention rather than exploiting it. Transparency is a defensive and offensive strategy: it reduces the risk of accidental engagement with inappropriate content, lowers exposure to security incidents, and enhances brand trust. Organizations that internalize these principles see the long-term benefit of loyal, confident users who understand and respect the product rather than feeling tricked into using it.

Frameworks for ethical evaluation exist. Heuristic evaluations, cognitive walkthroughs, and user testing are tools to identify manipulative patterns before they reach production. These methods don’t just improve usability; they reduce legal and security risks by uncovering deceptive or friction-heavy elements that could be exploited accidentally or maliciously. Designing with ethical intent is no longer optional. The intersection of user experience, cybersecurity, and regulatory compliance demands that companies reconsider every prompt, redirect, and forced interaction through the lens of respect, transparency, and safety.

Conclusion: Recognizing the Battle and Reclaiming Control

Deceptive design patterns aren’t just a minor nuisance—they’re a battlefield embedded in every click, swipe, and prompt we encounter. From mobile apps to enterprise software and government portals, users are systematically manipulated, distracted, and exploited, and the costs are real: lost productivity for employers, inefficiency and frustration in public services, increased cybersecurity risk, and erosion of trust across the digital ecosystem. While there are no documented cases of someone losing a job directly because a dark pattern redirected them to inappropriate content, the potential is undeniable. Habitual exposure to forced interactions, hidden defaults, and misleading interfaces creates vulnerabilities that hackers and malicious actors can exploit, turning convenience into liability. It’s a matter of when, not if, these techniques are weaponized beyond commercial manipulation.

Governments and regulators need to step up decisively. Current legislation like GDPR, CCPA, and FTC enforcement actions provide a foundation, but they don’t address the sheer scale or subtlety of manipulative UI practices. Companies that continue to prioritize engagement metrics and revenue over user autonomy are externalizing costs onto society, employees, and security infrastructure. Until these behaviors are prohibited, users will remain the collateral damage in a battle they didn’t consent to.

As developers, designers, and informed users, we can reclaim control by demanding transparency, insisting on ethical design, and refusing to normalize manipulative interfaces. Companies can achieve engagement and profitability without resorting to deception, but only if they respect cognition, trust, and attention. The longer we tolerate dark patterns, the greater the risk of unexpected fallout: financial exploitation, accidental security breaches, and the erosion of professional and personal boundaries. The fight for ethical UI isn’t just about convenience or aesthetics—it’s about protecting attention, autonomy, and the integrity of every system we rely on. It’s time to call BS, demand accountability, and push the industry toward design that respects users instead of manipulating them.

Call to Action

If this post sparked your creativity, don’t just scroll past. Join the community of makers and tinkerers—people turning ideas into reality with 3D printing. Subscribe for more 3D printing guides and projects, drop a comment sharing what you’re printing, or reach out and tell me about your latest project. Let’s build together.

D. Bryan King

Sources

Dark Patterns: Deceptive UI Patterns – Nielsen Norman Group
Dark Patterns – DarkPatterns.org
The Ethics of UX Design – ACM Digital Library
FTC Actions Against Dark Patterns
GDPR on Automated Decision-Making
Behavioral Economics and UX Manipulation – JSTOR
Psychology of Dark Patterns – UX Collective
Impact of Deceptive Design on User Trust – ScienceDirect
Dark Patterns and Privacy – Privacy International
Dark Patterns in Mobile Apps – Taylor & Francis Online
Google’s UI Choices – Wired
Ethical Considerations in UI Design – ACM
UI Design Ethics and User Manipulation – ScienceDirect
Dark Patterns and Ethical UX – UX Matters

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Alright team, it's been a packed 24 hours in the cyber world! We've got updates on some serious breaches, evolving malware, critical vulnerabilities, and a fair bit of regulatory action. Let's dive in:

Recent Cyber Attacks & Breaches 🚨

- Japanese semiconductor supplier Advantest is responding to a ransomware attack that impacted several company systems, highlighting a trend of increased targeting of industrial organisations.
- Criminals stole over $20 million in 2025 through ATM jackpotting, using malware like Ploutus to force cash dispensing, a cyber-physical attack on the rise.
- Abu Dhabi Finance Week inadvertently exposed passport details and other identity information of approximately 700 VIP attendees, including former British Prime Minister David Cameron, due to an unprotected cloud storage system.
- A supply chain attack on the `cline` npm package for an AI coding tool silently installed the OpenClaw AI framework on users' systems, exploiting a prompt injection vulnerability.
- A Ukrainian national was sentenced to five years in prison for facilitating a North Korean scheme to hire remote IT workers at US companies, funnelling funds to North Korea's munitions programs.
- Microsoft 365 Copilot had a bug that allowed it to summarise confidential emails from Sent Items and Drafts, bypassing Data Loss Prevention (DLP) policies, which has since been fixed.
- Polish authorities have detained a 47-year-old man suspected of ties to the Phobos ransomware group, part of Europol's ongoing Operation Aether.
- A Nigerian man was sentenced to eight years for using Warzone RAT to hack Massachusetts tax firms, stealing client data and filing over 1,000 fraudulent returns for $1.3 million.

🗞️ The Record | https://therecord.media/leading-japanese-semiconductor-supplier-ransomware
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/19/crims_atm_jackpotting/
🌑 Dark Reading | https://www.darkreading.com/cyber-risk/abu-dhabi-finance-week-leaked-vip-passport-details
🌑 Dark Reading | https://www.darkreading.com/application-security/supply-chain-attack-openclaw-cline-users
🤫 CyberScoop | https://cyberscoop.com/doj-ukrainian-north-korea-remote-worker-scheme-facilitator-sentenced/
📰 The Hacker News | https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/nigerian-man-gets-eight-years-in-prison-for-hacking-tax-firms/

New Threat Research & Tradecraft 🔬

- ESET discovered PromptSpy, the first Android malware to use generative AI (Google Gemini) to adapt its persistence across different devices by interpreting UI elements. It functions as spyware, offering remote control, screen recording, and credential interception.
- Proofpoint uncovered "TrustConnect," a fake Remote Monitoring and Management (RMM) vendor selling a Remote Access Trojan (RAT) as a service (RATaaS), using a legitimate code-signing certificate and an AI-generated website to appear credible. RMM abuse surged 277% in 2025.
- "Starkiller" is a sophisticated Phishing-as-a-Service (PhaaS) tool that bypasses MFA by proxying legitimate login pages in real-time, stealing credentials and session tokens. Threat actors are also using device code vishing with legitimate Microsoft OAuth flows to compromise Microsoft Entra accounts, bypassing MFA.
- Chinese state-backed Volt Typhoon remains active and embedded in US critical infrastructure, aiming to pre-position for destructive attacks. SYLVANITE, another group, gains initial access to OT systems across various sectors before handing off to Volt Typhoon.
- North Korea's "Contagious Interview" campaign now includes a MetaMask backdoor, a lightweight JavaScript component, to steal wallet passwords from IT professionals in cryptocurrency, Web3, and AI sectors.
- LockBit 5.0 ransomware has evolved, now targeting Windows, Linux, ESXi, and Proxmox with advanced evasion techniques. "ClickFix" campaigns continue to use nested obfuscation and typosquatting (e.g., fake Homebrew sites) to deliver info-stealers and RATs like Matanbuchus 3.0, AstarionRAT, and Cuckoo Stealer.
- Kerberos delegation has been found to apply to machine accounts, not just human users, posing a significant risk if adversaries leverage it for Domain Administrator-equivalent privileges.
- Threat actors are weaponising inadvertently exposed vulnerable training applications (e.g., OWASP Juice Shop) in cloud environments to plant web shells and cryptocurrency miners. Atlassian Jira Cloud trials are also being abused for automated spam campaigns.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/19/genai_malware_android/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/promptspy-is-the-first-known-android-malware-to-use-generative-ai-at-runtime/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/19/rmm_rat_trustconnect/
🌑 Dark Reading | https://www.darkreading.com/threat-intelligence/starkiller-phishing-kit-mfa
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/
🗞️ The Record | https://therecord.media/researchers-warn-volt-typhoon-still-active-critical-infrastructure
📰 The Hacker News | https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html

Vulnerabilities & Active Exploitation ⚠️

- CISA has ordered federal agencies to patch a maximum-severity hardcoded-credential vulnerability (CVE-2026-22769) in Dell RecoverPoint within three days, as it's been actively exploited since mid-2024 by Chinese group UNC6201.
- Critical Ivanti Endpoint Manager Mobile (EPMM) flaws (CVE-2026-1281, CVE-2026-1340) are being actively exploited to deploy reverse shells, web shells, and malware like Nezha and cryptocurrency miners.
- A critical (CVSS 9.3) unauthenticated RCE flaw (CVE-2026-2329) in Grandstream GXP1600 series VoIP phones allows remote attackers to gain root privileges and silently eavesdrop on calls.
- Microsoft patched a high-severity privilege escalation (CVE-2026-26119) in Windows Admin Center, allowing an authenticated attacker to elevate privileges over a network.
- OpenSSL fixed a stack buffer overflow (CVE-2025-15467) that could lead to Remote Code Execution (RCE) under certain conditions in its Cryptographic Message Syntax data processing.
- Researchers discovered 16 vulnerabilities in Foxit and Apryse PDF tools, potentially enabling account takeover, session hijacking, data exfiltration, and arbitrary JavaScript execution.
- CISA added an actively exploited GitLab Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-22175) to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch by March 11.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-dell-flaw-within-3-days/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/flaw-in-grandstream-voip-phones-allows-stealthy-eavesdropping/
📰 The Hacker News | https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
📰 The Hacker News | https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html

Threat Landscape Commentary 🌐

- MIT CSAIL's 2025 AI Agent Index highlights that AI agents are becoming more capable but lack consensus on behaviour and safety standards. Most developers prioritise features over safety, and many agents ignore `robots.txt`, indicating traditional web protocols are insufficient.
- The proliferation of IoT devices in homes and offices presents significant security risks, with many lacking sufficient security features and storing unencrypted data at rest. Enterprises should segment IoT devices on separate networks and use dedicated accounts to prevent lateral movement.
- Google blocked over 1.75 million apps from the Play Store in 2025 due to policy violations, leveraging generative AI for improved detection. However, new research warns that LLM-generated passwords are fundamentally insecure due to their predictable nature.
- Dragos reports a sharp rise in ransomware groups targeting industrial organisations, with a 49% increase in 2025, impacting 3,300 industrial entities globally.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/20/ai_agents_abound_unbound_by/
🌑 Dark Reading | https://www.darkreading.com/iot/connected-compromised-iot-devices-turn-threats
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/google-blocked-over-175-million-play-store-app-submissions-in-2025/
📰 The Hacker News | https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html

Regulatory Issues & National Security ⚖️

- The UK government plans to mandate online platforms remove non-consensual intimate images within 48 hours, treating them with the same severity as child sexual abuse material (CSAM) and terrorism content, with significant fines for non-compliance.
- Texas is suing TP-Link for deceptive marketing and alleged Chinese hacking risks, claiming its products, despite "Made in Vietnam" labels, rely on Chinese components and could be compelled to share user data with the CCP. Poland has also banned Chinese-made vehicles with data-recording technology from military facilities due to similar national security concerns.
- Following the 2024 Change Healthcare attack, HHS is focusing heavily on identifying and mitigating security risks from third-party vendors in the health sector, recognising their potential for outsized impact.
- West Virginia has sued Apple, alleging iCloud facilitates CSAM distribution and storage, citing Apple's decision to abandon CSAM detection tools and its significantly lower reporting numbers compared to other tech giants.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/19/uk_intimate_images_online/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/texas-sues-tp-link-over-chinese-hacking-risks-user-deception/
📰 The Hacker News | https://thehackernews.com/2026/02/threatsday-bulletin-openssl-rce-foxit-0.html
🤫 CyberScoop | https://cyberscoop.com/hhs-burrows-into-identifying-risks-to-health-sector-from-third-party-vendors/
🗞️ The Record | https://therecord.media/apple-csam-west-virginia-lawsuit

Government Cybersecurity Initiatives 🏛️

- The US State Department is pushing for unified public-private sector efforts to transition to quantum-resistant encryption by 2035, emphasising that these long-term plans must outlive political leadership cycles to counter nation-state data harvesting.
- The Trump administration aims to accelerate the secure implementation of AI for cyber defence (detection, diversion, deception) while ensuring it doesn't expand the attack surface. This includes promoting US AI cybersecurity standards and strengthening the cyber workforce by consolidating existing training initiatives.

🤫 CyberScoop | https://cyberscoop.com/post-quantum-state-department-transition-plans-outlive-leadership-cycles/
🤫 CyberScoop | https://cyberscoop.com/trump-administration-ai-cybersecurity-oncd-strategy/

#CyberSecurity #ThreatIntelligence #Ransomware #Malware #Vulnerabilities #ZeroDay #ActiveExploitation #AI #Phishing #MFA #SupplyChainAttack #IoT #CriticalInfrastructure #NationalSecurity #DataPrivacy #RegulatoryCompliance #InfoSec #CyberAttack #IncidentResponse