🇮🇷 A K U L A v 2 . 2 claims data breach on Iran's Tehran Municipality. Leaked login credentials for Tehran Municipality's official email service portal. #DataBreach #Government #Iran #ThreatIntel

Flickr's recent data breach is a reminder that our archives deserve better protection. Keep them safer via photos.inlinestyle.it - EU-hosted, ad-free, and made for calm sharing. #privacy #degoogle #photos #databreach

Spain's Ministry of Science Shuts Down Systems Following Alleged IDOR Breach

Spain's Ministry of Science shut down IT systems following a cyberattack claimed by a threat actor who allegedly exploited an IDOR vulnerability to gain administrative access and steal personal records.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/spain-s-ministry-of-science-shuts-down-systems-following-alleged-idor-breach-7-m-h-w-d/gD2P6Ple2L

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2026 is out!

This week’s #AI zeitgeist didn’t just spawn memes — it exposed real, systemic risks at the intersection of autonomy, identity, and trust. On one front, a critical vulnerability in the self‑hosted AI assistant #OpenClaw 🦞 (previously Clawdbot/Moltbot) allowed attackers to steal authentication tokens and achieve remote code execution via a single malicious link — a classic web attack chain repurposed against an AI agent ecosystem. The flaw (tracked as CVE‑2026‑25253) hinged on improper origin validation in OpenClaw’s local gateway, letting a crafted page trigger a token leak and session hijack before it was patched.

At the same time, #Moltbook — a Reddit‑style social network exclusively for AI agents — went viral, attracting millions of registered bots and widespread fascination about the idea of autonomous digital actors forming “machine societies.” But the hype masked serious cybersecurity failures: misconfigured backends exposed millions of API keys, agent tokens, and private messages to unauthenticated access, and researchers found prompt injection and bot‑to‑bot social engineering risks that could propagate malicious instructions through the agent population.

These two developments are linked by more than branding. They illustrate a converging threat landscape where:

• Autonomous agents operate with deep system access,

• Shared agent ecosystems become new attack surfaces, and

• Viral prompt sharing and AI‑to‑AI networks can amplify hidden exploits.

It’s a reminder that even as AI autonomy grabs attention, the fundamentals of cybersecurity: protecting data, accounts, and trust boundaries — remain as crucial as ever. Because before we debate sentience, we need to secure the agents we already deployed.

→ Let’s now dive into this week’s top insights! It includes the following and much more:

🗒️ 🇨🇳 Notepad++ was hit by a supply-chain attack

📤️ Newsletter platform #Substack notifies users of #databreach;

🇫🇷 French prosecutors raid X offices, summon #Musk over #Grok #deepfakes;

🇺🇸 👀 Homeland Security is trying to force tech companies to hand over data about Trump critics;

🇷🇺 Russian-state hackers quickly exploited a critical #Microsoft Office flaw (CVE-2026-21509) within 48 hours of a patch;

🇳🇴 🇨🇳 China’s Salt Typhoon hackers broke into Norwegian companies;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-06-2026

Finland State ICT Provider Valtori Reports Data Breach Affecting 50,000 Officials

Valtori, Finland's state ICT provider, suffered a data breach exposing the names and device identifiers of 50,000 government employees across all ministries due to a zero-day vulnerability in a mobile device management system.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/finland-state-ict-provider-valtori-reports-data-breach-affecting-50000-officials-w-y-i-f-1/gD2P6Ple2L

Flickr Discloses Data Breach Linked to Third-Party Email Provider Vulnerability

Flickr reports a data breach on February 5, 2026, after a vulnerability at a third-party email service provider allowed unauthorized access to user names, emails, and location data. The company isolated the affected systems and notified authorities.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/flickr-discloses-data-breach-linked-to-third-party-email-provider-vulnerability-e-d-d-z-5/gD2P6Ple2L

@XposedOrNot += Substack Data Breach

The Substack #databreach occurred in October 2025 and was circulated more widely in February 2026. The incident exposed 665k account holder records containing email addresses along with publicly visible Substack profile information such as publication names and bios.

Exposed data: Email addresses, Publication names, Profile bios (public info)

Potential risks: Targeted phishing, Spam, Privacy exposure

Substack - 663,121 breached accounts - https://www.redpacketsecurity.com/substack-663-121-breached-accounts/

#databreach #HaveIBeenPwnedLatestBreaches #HIBP #OSINT #Security #threatintel #TroyHunt

Spain’s Science Ministry partially shut down IT systems after an incident, suspending online procedures, after a hacker claimed a cyberattack and began leaking/selling allegedly stolen data. #databreach
https://www.bleepingcomputer.com/news/security/spains-ministry-of-science-shuts-down-systems-after-breach-claims/

Flickr says a flaw at a third-party email vendor may have exposed user names, email addresses, IP addresses and locations, and activity logs, but passwords and payment information were not affected. #databreach

https://hackread.com/flickr-data-breach-external-partner-security-flaw/

Alright team, it's been a pretty packed 24 hours in the cyber world! We've got updates on several significant breaches, some deep dives into nation-state tradecraft, critical actively exploited vulnerabilities, and important regulatory shifts. Let's get stuck in:

Recent Cyber Attacks and Breaches ⚠️

- Spain's Ministry of Science has partially shut down its IT systems following a "technical incident". A threat actor, 'GordonFreeman', claimed responsibility, alleging an Insecure Direct Object Reference (IDOR) vulnerability granted them full admin access and allowed the exfiltration of personal records, emails, and application data.
- Romania's national oil pipeline operator, Conpet, confirmed a cyberattack disrupted parts of its IT infrastructure and took its website offline. While oil transport operations (OT systems) remained functional, the Qilin ransomware group has claimed responsibility, listing Conpet on their leak site and alleging the theft of nearly one terabyte of data.
- Photo-sharing platform Flickr is notifying users of a potential data breach stemming from a vulnerability in a third-party email service provider. The incident may have exposed users' real names, email addresses, Flickr usernames, IP addresses, general location data, and account activity, though passwords and payment card numbers were not compromised.
- An Illinois man, Kyle Svara, pleaded guilty to hacking nearly 600 women's Snapchat accounts between May 2020 and February 2021. He used social engineering to phish access codes, then downloaded private photos, which he kept, sold, or traded online. Svara also admitted to hacking accounts at the request of a former university track coach previously convicted of sextortion.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/spains-ministry-of-science-shuts-down-systems-after-breach-claims/
🗞️ The Record | https://therecord.media/romania-conpet-oil-pipeline-ransomware-attack
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/flickr-discloses-potential-data-breach-exposing-users-names-emails/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/06/flickr_emails_users_about_data_breach/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-nearly-600-womens-snapchat-accounts/
🗞️ The Record | https://therecord.media/illinois-man-pleads-guilty-snapchat-nude-photo-hacks

New Threat Research on Threat Actors, Malware, and Techniques 🛡️

- Palo Alto Networks Unit 42 has uncovered TGR-STA-1030, a previously undocumented Asian state-backed cyber espionage group that has breached at least 70 government and critical infrastructure organisations across 37 countries since January 2024. The group uses phishing to deliver a dual-stage Diaoyu Loader, which then deploys Cobalt Strike, and also exploits N-day vulnerabilities in various software.
- Norway's domestic security agency (PST) confirmed that the Chinese state-sponsored espionage campaign, Salt Typhoon, has compromised network devices within Norwegian organisations. This campaign, known for targeting telecommunications and critical infrastructure, highlights an increasing threat from foreign intelligence services, particularly from China, Russia, and Iran, which are employing hybrid tactics to undermine Norway's resilience.
- Cisco Talos researchers have detailed DKnife, a China-nexus gateway-monitoring and adversary-in-the-middle (AitM) framework active since at least 2019. This Linux-based toolkit, comprising seven implants, performs deep packet inspection, manipulates traffic, and delivers malware like ShadowPad and DarkNimbus via routers and edge devices, primarily targeting Chinese-speaking users.
- Threat actors are weaponising a Windows kernel driver from the legitimate forensic tool EnCase to disable security products, despite its digital certificate being revoked over a decade ago. This bring-your-own-vulnerable-driver (BYOVD) technique exploits gaps in Windows' Driver Signature Enforcement, allowing older, unsigned drivers to load and terminate EDR processes before detection.
- Germany's domestic intelligence agency (BfV) and Federal Office for Information Security (BSI) are warning of suspected state-sponsored threat actors targeting high-ranking individuals in Germany and Europe through Signal account hijacking. These attacks use social engineering, not malware, to trick targets into sharing Signal PINs for full account takeover or scanning QR codes to link attacker-controlled devices for chat monitoring.

📰 The Hacker News | https://thehackernews.com/2026/02/asian-state-backed-group-tgr-sta-1030.html
🗞️ The Record | https://therecord.media/norawy-intelligence-discloses-salt-typhoon-attacks
📰 The Hacker News | https://thehackernews.com/2026/02/china-linked-dknife-aitm-framework-targets-routers-for-traffic-hijacking-malware-delivery.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/dknife-linux-toolkit-hijacks-router-traffic-to-spy-deliver-malware/
🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/encase-driver-weaponized-edr-killers-persist
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/germany-warns-of-signal-account-hijacking-targeting-senior-figures/

Vulnerabilities and Active Exploitation 🚨

- CISA is warning that ransomware actors are actively exploiting CVE-2026-24423, a critical remote code execution (RCE) vulnerability in SmarterMail (versions prior to build 9511). The flaw allows unauthenticated RCE via the ConnectToHub API, and CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch or remove the product by February 26, 2026.
- The experimental AI agent social platform 'Moltbook' publicly exposed its entire user database, including secrets, PII, and API keys, due to an unsecured internal database. Furthermore, the underlying OpenClaw agent platform's 'ClawHub' marketplace was found to contain 283 skills (7.1% of the total) that leak sensitive credentials via prompt injection, and 76 malicious payloads designed for credential theft, backdoor installation, and data exfiltration.
- Indirect prompt injection attacks against OpenClaw agents have been demonstrated, allowing attackers to backdoor user machines and steal sensitive data or perform destructive operations. This is particularly concerning due to AI agents' integrations with productivity tools like Google Workspace and Slack, enabling attackers to deliver malicious prompts that can lead to the deployment of C2 beacons for long-term remote access.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-warns-of-smartermail-rce-flaw-used-in-ransomware-attacks/
🕶️ Dark Reading | https://www.darkreading.com/cyber-risk/agentic-ai-moltbook-security-risks
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/05/openclaw_skills_marketplace_leaky_security/

Threat Landscape Commentary 🌍

- Cloudflare reported a significant surge in DDoS attacks in Q4 2025, with volumes jumping 31% from the previous quarter and 58% year-over-year, totalling 47.1 million attacks. The UK experienced an unwelcome leap of 36 places to become the world's sixth-most targeted location, with financial services, telecoms, IT, and gambling/gaming sectors being primary targets.
- A new tool, KEV Collider, has been developed by Tod Beardsley (former CISA KEV section chief) to help security teams better triage CISA's Known Exploited Vulnerabilities (KEV) Catalog. The tool combines KEV data with other metrics like CVSS and EPSS scores, and Metasploit automation status, to provide a more relevant and prioritised view of vulnerabilities, acknowledging that the KEV list isn't a universal "must-patch" for all organisations.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/06/uk_climbs_up_ddos_hit/
🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/data-tool-triage-exploited-vulnerabilities-make-kev-catalog-more-useful

Regulatory Issues and Changes 🏛️

- CISA has issued Binding Operational Directive 26-02, mandating U.S. Federal Civilian Executive Branch (FCEB) agencies to identify and remove end-of-life (EOL) network edge devices that no longer receive security updates from manufacturers. Agencies have three months to inventory these devices and 12-18 months to decommission and replace them, aiming to mitigate significant risks posed by advanced threat actors exploiting unsupported hardware.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-replace-end-of-life-edge-devices/
📰 The Hacker News | https://thehackernews.com/2026/02/cisa-orders-removal-of-unsupported-edge.html

AI for Vulnerability Discovery 🤖

- Anthropic's latest large language model (LLM), Claude Opus 4.6, has demonstrated impressive capabilities by discovering over 500 previously unknown high-severity security flaws in major open-source libraries, including Ghostscript, OpenSC, and CGIF. The model was able to identify these vulnerabilities without task-specific tooling or specialised prompting, showcasing its advanced coding, code review, and debugging skills.

📰 The Hacker News | https://thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity-flaws-across-major-open-source-libraries.html

#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #Vulnerability #RCE #ActiveExploitation #AI #DataBreach #SocialEngineering #DDoS #IncidentResponse #InfoSec #CISA #EDR #BYOVD #SupplyChainSecurity

State-sponsored hackers compromised a beloved developer tool while AI platforms exposed millions of sensitive records.
#cybersecurity #supplychainattack #stateSponsored #botnet #databreach

https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-6-43e

Every few months another data breach hits the news. Most of us shrug — until we see our own email in a breach database.

Here’s what that actually means for your digital life →
https://paulobrien.com/why-have-i-been-pwned-matters-and-what-it-really-tells-you/
#EmailSecurity #DataBreach

Consequence?
→ $5B FTC fine (largest ever)
→ Congressional testimony
→ Stock dropped $134B in ONE day

But also:
→ Stock recovered within months
→ Business model unchanged
→ Surveillance continues

Today Meta makes $164B/year (98% from ads).

Same surveillance.
Different branding.

This isn't a bug. It's the business model.

🔗 https://bit.ly/4abmebj

#CambridgeAnalytica #Facebook #DataBreach #SurveillanceCapitalism #GDPR

Line TV Partner Choco Media Entertainment Reports Data Breach

Choco Media Entertainment, the provider for Line TV, suffered a data breach between January 24 and 26, 2026, exposing user IDs, hashed passwords, and contact details for an undisclosed number of subscribers.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/line-tv-partner-choco-media-entertainment-reports-data-breach-1-7-8-j-n/gD2P6Ple2L

📰 Substack Discloses Data Breach Exposing User Contact Information

Newsletter platform Substack has disclosed a data breach exposing user names, emails, and phone numbers. The company says passwords & financial data were not compromised, but warns users to be wary of phishing. 📧 #DataBreach #Substack #Privacy

🔗 https://cyber.netsecops.io/articles/substack-discloses-data-breach-exposing-user-contact-information/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

📰 Betterment Data Breach Exposes 1.4M Customers After Social Engineering Attack

Fintech platform Betterment discloses a data breach affecting 1.4M users after a social engineering attack. 'ShinyHunters' claims they used voice phishing to steal Okta credentials and launch a crypto scam. 🎣 #DataBreach #Vishing #Fintech

🔗 https://cyber.netsecops.io/articles/betterment-data-breach-exposes-1-4-million-customers-after-social-engineering-attack/?utm_source=mastodon&utm_medi…

The "incident," also known as a data breach and a failure to protect, has potentially compromised "usernames, email addresses, IP addresses, and activity data."

Flicker: Oh, great: "Data Security Incident Notice - Flickr Has You Covered" https://www.reddit.com/r/flickr/comments/1qxb043/oh_great_data_security_incident_notice_flickr_has/

More:

Security Week: Flickr Security Incident Tied to Third-Party Email System https://www.securityweek.com/flickr-security-incident-tied-to-third-party-email-system/ @SecurityWeek #Flickr #databreach

🇺🇸 LulzSec Hackers claims data breach on USA's California Air Resources Board. Including email addresses and phone numbers. #DataBreach #Government #USA #ThreatIntel

#Flickr says a 3rd party email vendor flaw may have exposed user names, emails, IP data, and activity logs of its users.

#CyberSecurity #DataBreach #SmugMug #Privacy

Read: https://hackread.com/flickr-data-breach-external-partner-security-flaw/