This is why NOT to use bi-metrics as your smart phone lock! AND use LockDown mode if you have an iPhone!
https://www.404media.co/fbi-couldnt-get-into-wapo-reporters-iphone-because-it-had-lockdown-mode-enabled/ (login may be required) #Security #iPhone #LockDownMode #Biometrics #404Media #FBI #Spyware #Privacy #PersonalData
Alright team, it's been a busy 24 hours in the cyber world with some critical zero-days under active exploitation, a couple of significant breaches, new insights into nation-state tactics, and a stark warning about broken ransomware. Let's dive in:
Recent Cyber Attacks and Breaches 💸
- Step Finance, a Solana DeFi platform, lost approximately $40 million in digital assets after attackers compromised executive devices. While some assets were recovered, the incident has raised questions, including suspicions of a "rug pull."
- Coinbase confirmed an insider breach where a contractor improperly accessed data for about 30 customers. This highlights the ongoing threat of Business Process Outsourcing (BPO) firms being targeted through bribes, social engineering, or compromised accounts.
- The Police Service of Northern Ireland (PSNI) is offering a universal £7,500 compensation to staff affected by a 2023 data breach that exposed personal details, leading to safety risks and mental health issues for officers.
- Mexico's government is facing allegations from the Chronus Group of a 2.3TB data leak impacting 28% of the population. However, the Agencia de Transformación Digital y Telecomunicaciones (ATDT) has downplayed the claims, stating the data appears to be from older breaches.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/step-finance-says-compromised-execs-devices-led-to-40m-crypto-theft/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/coinbase-confirms-insider-breach-linked-to-leaked-support-tool-screenshots/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/psni_breach_compensation/
🕶️ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations
New Threat Research and Tradecraft 🕵️♀️
- Russia's APT28 (Fancy Bear) weaponised a newly patched Microsoft Office bug (CVE-2026-21509) in just three days. Their "Operation Neusploit" uses RTF documents and localised phishing to deploy credential stealers (MiniDoor) and backdoors (Covenant Grunt via PixyNetLoader).
- Nitrogen ransomware, specifically targeting VMware ESXi, has a critical programming error that corrupts the public key during encryption. This means victims' files cannot be decrypted, even if the ransom is paid, making recovery impossible.
- Microsoft warns that Python-based infostealers are rapidly expanding to target macOS environments. These campaigns use social engineering techniques like "ClickFix" lures and fake installers to distribute malware such as AMOS, MacSync, and DigitStealer, stealing credentials and sensitive data.
- A new EDR killer tool is abusing a legitimate but long-revoked EnCase kernel driver (EnPortv.sys) to disable 59 security tools. This "Bring Your Own Vulnerable Driver" (BYOVD) technique exploits Windows' driver signature enforcement exceptions for older certificates, bypassing protections like PPL.
- New research reveals that Predator spyware can turn off Apple's iOS camera and microphone recording indicators (the green and orange dots). This "elegantly simple" interception mechanism allows the spyware to operate stealthily, defeating a key user-facing security feature.
- While AI agents aren't yet capable of fully autonomous cyberattacks, they are proving highly effective for criminals in various stages of the attack chain. This includes automating vulnerability scanning and writing malicious code, though they still struggle with complex, multi-stage operations without human intervention.
🕶️ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/russian-hackers-weaponize-office-bug-within-days
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/nitrogen_ransomware_broken_decryptor/
📰 The Hacker News | https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/
🗞️ The Record | https://therecord.media/predator-spyware-iphone-camera-microphone-indicators
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/03/autonomous_cyberattacks_not_real_yet/
Actively Exploited Vulnerabilities and Zero-Days ⚠️
- Ivanti's Endpoint Manager Mobile (EPMM) is under active attack due to two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340 (CVSS 9.8). These flaws allow unauthenticated remote code execution, with CISA adding one to its KEV catalog. Patches are available, but a permanent fix is pending.
- CISA has added a critical SolarWinds Web Help Desk (WHD) RCE flaw, CVE-2025-40551 (CVSS 9.8), to its KEV catalog, confirming active exploitation. This untrusted data deserialization vulnerability allows unauthenticated attackers to execute OS commands, with federal agencies given a three-day deadline to patch.
- Two significant vulnerabilities have been found in Google Looker: CVE-2025-12743, an SQL injection allowing internal database data exfiltration, and a complex RCE chain. The RCE could lead to arbitrary code execution and potential cross-tenant access on Google Cloud Platform (GCP). Patching is advised but can be challenging.
- A five-year-old GitLab server-side request forgery (SSRF) flaw, CVE-2021-39935, has been added to CISA's KEV catalog due to active exploitation. This vulnerability allows unauthenticated external users to access the CI Lint API, posing a significant risk to the many exposed GitLab instances.
- CISA has confirmed that the VMware ESXi sandbox escape vulnerability, CVE-2025-22225, is now being actively exploited by ransomware gangs. This flaw, previously a zero-day, allows an arbitrary kernel write and sandbox escape, with Chinese-speaking threat actors suspected of chaining it with other vulnerabilities.
🤫 CyberScoop | https://cyberscoop.com/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit/
📰 The Hacker News | https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/critical_solarwinds_web_help_desk/
🕶️ Dark Reading | https://www.darkreading.com/application-security/google-looker-bugs-cross-tenant-rce-data-exfil
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
Geopolitical Cyber and Regulatory Updates 🌐
- The US military reportedly used cyber weapons to disrupt Iranian air missile defense systems during 2025 strikes on its nuclear program. This "non-kinetic" operation targeted "aim points" in the network to prevent surface-to-air missile launches against American warplanes.
- Ukraine has implemented a mandatory "whitelist" for Starlink satellite internet terminals to counter Russian forces using the technology on attack drones. This measure, in cooperation with SpaceX, aims to make Russian drones harder to detect, jam, or shoot down.
- CISA is working on replacing the Critical Infrastructure Partnership Advisory Council (CIPAC) to foster broader and more specific discussions on cybersecurity and operational technology (OT) threats. They are also developing an AI information-sharing center (AI-ISAC) to coordinate with industry efforts.
- The Eclipse Foundation is mandating pre-publish security checks for extensions submitted to its Open VSX Registry. This proactive shift aims to combat supply chain threats by identifying and quarantining suspicious uploads, such as impersonation, leaked credentials, or known malicious patterns, before publication.
🗞️ The Record | https://therecord.media/iran-nuclear-cyber-strikes-us
🗞️ The Record | https://therecord.media/ukraine-tightens-starlink-controls-counter-russian-drones
🤫 CyberScoop | https://cyberscoop.com/whats-next-for-dhss-forthcoming-replacement-critical-infrastructure-protection-panel-ai-information-sharing/
📰 The Hacker News | https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html
Other Noteworthy News 📰
- Rui-Siang Lin, known as "Pharoah," has been sentenced to 30 years in prison for operating Incognito Market, a dark web narcotics marketplace that facilitated over $105 million in illegal drug sales. Lin also extorted users before shutting down the platform.
- Microsoft is rolling out native Sysmon functionality to Windows 11 systems enrolled in the Windows Insider program. This built-in System Monitor will enhance threat detection and hunting capabilities by logging system events, though it remains disabled by default.
- Cloud providers are rushing to offer "OpenClaw-as-a-service," despite strong warnings from Gartner. OpenClaw, an AI assistant platform, is described as "demonstrably insecure" due to plaintext credential storage and lack of default authentication, posing unacceptable cybersecurity risks.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/taiwanese-man-gets-30-years-for-operating-dark-web-drug-market/
🗞️ The Record | https://therecord.media/incognito-market-sentenced-thirty
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-native-windows-11-sysmon-security-monitoring/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/cloud_hosted_openclaw/
#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #Ransomware #APT28 #Infostealer #MacOS #EDR #Spyware #AI #IncidentResponse #DataBreach #CyberWarfare #Starlink #CISA #InfoSec
Google fined for restrictive agreements on forking Android: GOOD!
FUTO's latest grantee loosens Google's grip on your phone: introducing Marvin Wißfeld of MicroG
Flere menneske-rettigheds-grupper advarer om, at den sanktionerede #spyware producent #NSO Group (#Pegasus) forsøger at knytte sig til politiske initiativer i forbindelse med Pall Mall-processen i et forsøg på at få sanktionerne ophævet og komme tilbage på markedet
https://therecord.media/spyware-maker-pall-mall-process-reputation
#Google oikeasti salakuuntelee puhelimia ja lukee sähköpostit ym.
https://mastodon.ar.al/@aral/116000462944591897
https://newrepublic.com/post/206088/homeland-security-67-year-old-us-citizen-criticized-email
From yesterday, and you guessed it: it's the notorious NSO that should've been dismantled.
"The backlash comes in the wake of a 'transparency report' issued by the spyware maker NSO Group on January 7 that trumpeted the company’s participation in the Pall Mall Process — a diplomatic effort aimed at reining in the misuse of spyware products while recognizing the software is worthwhile when used appropriately to fight crime and terrorism."
The Record: Civil society groups warn spyware makers tied to human rights abuses are inserting themselves into diplomatic initiatives https://therecord.media/spyware-maker-pall-mall-process-reputation @therecord_media #infosec #spyware
Civil society groups accuse NSO Group of using the Pall Mall Process to legitimize spyware practices.
Pegasus-linked abuses reportedly continue.
https://www.technadu.com/spyware-vendors-pall-mall-claims-trigger-civil-society-backlash/619504/
The updated funder tab on Surveillance Watch enables you to explore entities organized by their funding sources. You can identify which funders support the most surveillance and spyware vendors, and use chart mode to filter and sort by tech type.
EU-Arbeitsgruppe gegen Spyware-Missbrauch: Paragon-Skandal in Italien
Europe needs off handcuffware, spyware, datacontrolware.
So does everyone else, its not anti American, because Anericans want techBro enshittification to end too.
Get off corporate 'designed to control you' software. Whether you're Andrea, or the European Commission.
#eu #linux #spyware #freedom #cdnpoli #uspol #ai #Microsoft #google #facebook #enshittification
En polsk 🇵🇱 domstol fandt, at den tidligere medstifter af PiS, Jarosław Kaczyński, ikke havde vanæret en politisk rival
Kaczyński sagde, at det var acceptabelt at bruge #Pegasus #spyware mod en politisk rival, fordi han forsøgte at bevise, at hans rival begik »afskyelige forbrydelser«
Det er en mærkelig dom, fordi det betyder, at den tidligere polske regering havde lov til at bruge #spyware baseret på »fornemmelser« snarere end lovlige grunde - baseret på beviser
https://notesfrompoland.com/2026/01/28/court-rules-kaczynskis-defamation-of-political-opponent-during-pegasus-inquiry-not-socially-harmful/
𝗜𝗿𝗲𝗹𝗮𝗻𝗱 𝗧𝗶𝗹𝘁𝘀 𝗧𝗼𝘄𝗮𝗿𝗱 𝗦𝘁𝗮𝘁𝗲-𝗦𝗮𝗻𝗰𝘁𝗶𝗼𝗻𝗲𝗱 𝗦𝗽𝘆𝘄𝗮𝗿𝗲
The Irish government has announced plans to draft new legislation that would officially permit law enforcement agencies to use spyware.
https://medium.com/pivx/ireland-tilts-toward-state-sanctioned-spyware-07d0dd81982f?postPublishedType=
#PIVX #Cryptocurrency #Spyware
https://medium.com/pivx/ireland-tilts-toward-state-sanctioned-spyware-07d0dd81982f?postPublishedType=initial
Israeli tech used to track, coordinate harrassment and beatings, and ultimately silence critic of Saudi royal family.
GhostChatSpyware Steals Sensitive Data from Android Users Through WhatsApp
GhostChat isamaliciousAndroidspywarethatposesasadatingapp. It
silentlystealscontacts,devicedata,photosanddocuments,sendingthem
toattacker-controlledservers.
Pulse ID: 697e030ba09a108d0b61ac72
Pulse Link: https://otx.alienvault.com/pulse/697e030ba09a108d0b61ac72
Pulse Author: cryptocti
Created: 2026-01-31 13:26:35
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #CyberSecurity #InfoSec #OTX #OpenThreatExchange #SpyWare #Troll #WhatsApp #bot #cryptocti
If for some reason you have one of Bezos' Li'l Snitches in your house and it's rolled out the new voice (a lot younger-sounding, kinda creepy), turn to it now, say its name and tell it to "turn off follow-up mode." The new voice wasn't the only change (of course); it now listens actively to the conversation and inserts comments where no one asked for feedback.
Ideally, you'd throw the hockey puck out the window, but maybe you're staying with a relative and just need to shut the thing up without destroying it. This should do the trick.
WhatsApp is spyware because its encryption is very questionable! The metadata being transferred openly reveals this very fell out over one. This is just marketing that their users should follow thoughtlessly.
»WhatsApp Rolls Out #Lockdown-Style Security Mode to Protect Targeted Users From #Spyware
#Meta on Tuesday announced it's adding Strict Account Settings on #WhatsApp to #secure certain users against advanced cyber attacks because of who they are and what they do«
🧐 https://thehackernews.com/2026/01/whatsapp-rolls-out-lockdown-style.html
Attack on *stan: Your malware, my C2
A suspected state-affiliated threat actor has been targeting Kazakh and Afghan entities in a persistent campaign since at least August 2022. The attackers use a Windows-based RAT called KazakRAT, which allows for payload downloads, host data collection, and file exfiltration. The malware is delivered via .msi files and persists using the Run registry key. C2 communications are unencrypted over HTTP. The campaign also utilizes modified versions of XploitSpy Android spyware. Multiple KazakRAT variants have been observed with minor command-set changes. Victim targeting includes government and financial sector entities, particularly in Kazakhstan's Karaganda region. The operation shows low sophistication but high persistence, with similarities to APT36/Transparent Tribe activities.
Pulse ID: 697c6976da773afd0b4155a1
Pulse Link: https://otx.alienvault.com/pulse/697c6976da773afd0b4155a1
Pulse Author: AlienVault
Created: 2026-01-30 08:19:02
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #CyberSecurity #Government #HTTP #InfoSec #Kazakhstan #Malware #OTX #OpenThreatExchange #RAT #SpyWare #TransparentTribe #Windows #bot #AlienVault
“Netanyahu Tapes Phone Cameras Amid Cyber Espionage Fears”
by Palestine Chronicle Staff
@palestine@fedibird.com
@Palestine@masto.ai
@palestine@lemmy.ml
@uk_politics
@BBC5Live
@BBCRadio4
@BBCNews
@UKLabour
“Netanyahu’s heightened security posture also comes as he remains a wanted war criminal under international law, following the issuance of an arrest warrant by the International Criminal Court (#ICC) over crimes committed during Israel’s genocide in #Gaza”
https://www.palestinechronicle.com/netanyahu-tapes-phone-cameras-amid-cyber-espionage-fears/
