Hello cyber practitioners! It's been a busy 24 hours with a flurry of activity across data breaches, nation-state operations, critical vulnerabilities, and some interesting discussions around AI and privacy. Let's dive in:
Recent Cyber Attacks or Breaches ⚠️
- The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecom Odido, impacting 6.2 million customers, and digital auto platform CarGurus, exposing data from 12.4 million accounts. The group often uses voice phishing (vishing) to compromise single sign-on (SSO) accounts.
- The FBI reported a significant surge in ATM jackpotting attacks in 2025, with criminals cracking 700 machines and costing banks over $20 million. Attackers frequently use malware like Ploutus to manipulate the eXtensions for Financial Services (XFS) software, forcing cash dispensing.
- Spanish authorities arrested four alleged members of the "Anonymous Fénix" hacktivist group for distributed denial-of-service (DDoS) attacks against government ministries and public institutions in Spain and South America, particularly after the Valencia floods.
- Two South Korean teenagers were charged for breaching Seoul's Ttareungyi public bike service in June 2024, exposing data of 4.62 million users, including IDs, phone numbers, and home addresses.
- The UAE Cyber Security Council claimed to have thwarted an organised 'terrorist' ransomware attack targeting its digital infrastructure and vital sectors, noting the use of AI technologies to develop sophisticated offensive tools.
- Decentralised finance platform Step Finance is shutting down after a $40 million theft from its treasury in January, following the compromise of executive team devices.
- Researchers uncovered and took down the infrastructure of Diesel Vortex, a Russian-linked cybercrime group that stole over 1,600 login credentials from Western cargo companies, enabling freight shipment diversion and check fraud.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/shinyhunters-extortion-gang-claims-odido-breach-affecting-millions/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cargurus-data-breach-exposes-information-of-124-million-accounts/
🌑 Dark Reading | https://www.darkreading.com/cyber-risk/atm-jackpotting-attacks-surged-2025
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/spain-arrests-suspected-anonymous-fenix-hacktivists-for-ddosing-govt-sites/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/korean_bike_breach_charges/
🗞️ The Record | https://therecord.media/uae-claims-it-stopped-terrorist-ransomware-attack
🗞️ The Record | https://therecord.media/step-finance-cryptocurrency-theft-shutdown
🗞️ The Record | https://therecord.media/phishing-operation-russia-armenia-targeting-us-european-cargo
New Threat Research on Threat Actors/Groups, Ransomware, Malware, or Techniques and Tradecraft 🛡️
- North Korea's Lazarus Group (specifically the Andariel/Stonefly subgroup) is now deploying Medusa ransomware in financially motivated attacks, targeting US healthcare organisations and an unnamed entity in the Middle East. This marks a shift from their self-developed strains to using ransomware-as-a-service (RaaS) offerings.
- The China-aligned UnsolicitedBooker threat cluster has shifted its focus from Saudi Arabian entities to telecommunications companies in Kyrgyzstan and Tajikistan. They are deploying LuciDoor and MarsSnake backdoors via malicious Microsoft Office documents and phishing links.
- Anthropic accused three Chinese AI labs (DeepSeek, Moonshot, MiniMax) of "industrial-scale campaigns" involving 24,000 fraudulent accounts and 16 million queries to illicitly distill Claude's capabilities. This "illicit distillation" poses national security risks if these unprotected models are used for offensive cyber operations, disinformation, or mass surveillance.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/north-korean-lazarus-group-linked-to-medusa-ransomware-attacks/
🗞️ The Record | https://therecord.media/north-korean-hackers-using-medusa-ransomware
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/north_koreas_lazarus_group_healthcare_medusa_ransomware/
📰 The Hacker News | https://thehackernews.com/2026/02/unsolicitedbooker-targets-central-asian.html
🤫 CyberScoop | https://cyberscoop.com/anthropic-accuses-chinese-labs-ai-distillation-cyber-risk/
📰 The Hacker News | https://thehackernews.com/2026/02/anthropic-says-chinese-ai-firms-used-16.html
Vulnerabilities, especially any mentioning Remote Code Exploitation (RCE), Active Exploitation, or Zero-Days 🚨
- SolarWinds has released patches for four critical Serv-U vulnerabilities (CVE-2025-40538, CVE-2025-40540, CVE-2025-40539, CVE-2025-40541), all with CVSS 9.1 ratings. These flaws, including a broken access control and type confusion bugs, could allow attackers with high privileges to gain root access and execute arbitrary code on unpatched servers. Immediate update to Serv-U 15.5.4 is strongly advised.
- A vulnerability dubbed RoguePilot in GitHub Codespaces allowed prompt injection via malicious GitHub issues. This enabled GitHub Copilot to silently execute commands and leak sensitive data, such as the privileged GITHUB_TOKEN, representing an AI-mediated supply chain attack. Microsoft has since patched the flaw.
- Researchers uncovered over 1,500 security vulnerabilities, including 54 high-severity issues, across ten popular Android mental health applications with a combined 14.7 million installs. These flaws could expose sensitive therapy data, allow credential interception, spoof notifications, and bypass root detection.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-solarwinds-serv-u-flaws-offer-root-access-to-servers/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/patch_these_4_critical_makemeroot/
📰 The Hacker News | https://thehackernews.com/2026/02/roguepilot-flaw-in-github-codespaces.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/
Threat Landscape Commentary 🌍
- The FBI has affirmed its commitment to combating transnational criminal networks operating industrial-scale scamming compounds in Southeast Asia. These operations traffic individuals and facilitate pig-butchering and cryptocurrency investment scams, generating billions in illicit funds.
🗞️ The Record | https://therecord.media/us-committed-to-fighting-southeast-asia-scam-compounds
Data Privacy 🔒
- Microsoft is expanding its Purview Data Loss Prevention (DLP) controls for Microsoft 365 Copilot to block the processing of confidential Word, Excel, and PowerPoint documents across all storage locations, including local files. This enhancement aims to provide consistent protection and addresses previous bugs where Copilot could summarise protected emails.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/
Regulatory Issues or Changes ⚖️
- The UK Information Commissioner's Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for unlawfully processing children's data. Reddit failed to implement adequate age assurance mechanisms until July 2025, despite its own terms of service prohibiting users under 13. Reddit plans to appeal the decision.
- Senior Ukrainian officials are pushing for tighter regulation of the messaging app Telegram, citing its frequent use by Russia for recruiting individuals for sabotage and terrorist attacks, as well as for spreading disinformation.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/uk_data_watchdog_fines_reddit_1447m_for_letting_kids_slip_past_the_gate/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/uk-fines-reddit-19-million-for-using-childrens-data-unlawfully/
🗞️ The Record | https://therecord.media/ukraine-telegram-regulation-russia-sabotage-recruitment
Everything Else ⚙️
- Go library maintainer Filippo Valsorda criticised GitHub's Dependabot, labelling it a "noise machine" for generating excessive false positives and "nonsensical" CVSS scores. He argues this leads to alert fatigue and reduces security effectiveness, recommending static analysis tools like `govulncheck` instead.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/24/github_dependabot_noise_machine/
#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #DataBreach #Vulnerability #RCE #AI #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #Hacktivism #FinancialCrime #RegulatoryCompliance
Analyst207
KAPUALabs
Discus IT
PPC Land
Riscreen
TechNadu
SOC Goulash
InfoSecSherpa