A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attack U.S. CISA adds a flaw in […] A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fintech firm Figure disclosed data breach after employee phishing attackU.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalogSuspected Russian hackers deploy CANFAIL malware against UkraineNew threat actor UAT-9921 deploys VoidLink against enterprise sectorsAttackers exploit BeyondTrust CVE-2026-1731 within hours of PoC releaseGoogle: state-backed hackers exploit Gemini AI for cyber recon and attacksU.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalogOdido confirms massive breach; 6.2 Million customers impactedApolloMD data breach impacts 626,540 peopleLummaStealer activity spikes post-law enforcement disruptionApple fixed first actively exploited zero-day in 2026Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypassVolvo Group hit in massive Conduent data breachReynolds ransomware uses BYOVD to disable security before encryptionSSHStalker botnet targets Linux servers with legacy exploits and SSH scanningU.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalogMicrosoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-daysZeroDayRAT spyware grants attackers total access to mobile devicesSenegal shuts National ID office after ransomware attackDutch agencies hit by Ivanti EPMM exploit exposing employee contact dataChina-linked APT UNC3886 targets Singapore telcosCritical Fortinet FortiClientEMS flaw allows remote code executionBeyondTrust fixes critical pre-auth bug allowing remote code executionEuropean Commission probes cyberattack on mobile device management systemAttackers abuse SolarWinds Web Help Desk to install Zoho agents and VelociraptorRomania’s national oil pipeline firm Conpet reports cyberattackFlickr moves to contain data exposure, warns users of phishingDKnife toolkit abuses routers to spy and deliver malware since 2019 International Press Newsletter Cybercrime Romanian oil pipeline operator Conpet discloses cyberattack Flickr Security Incident Tied to Third-Party Email System Senegal’s File Automation Directorate Hit by Cyberattack, Hackers Claim 139TB Data Breach Odido warns of data breach: millions of customer data stolen in cyber attack BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign Malware Threat Alert: TeamPCP, An Emerging Force in the Cloud Native and Ransomware Landscape Reynolds: Defense Evasion Capability Embedded in Ransomware Payload AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials Fake recruiter campaign targets crypto devs Hacking Active Exploitation of SolarWinds Web Help Desk CVE-2026-1731: Pre-Auth RCE in BeyondTrust Remote Support & PRA Hacker Conversations: Professional Hacker Douglas Day Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here’s What We See So Far 2026-01-14: The Day the telnet Died Intelligence and Information Warfare Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Russia’s hybrid attacks throughout Europe are becoming more dangerous UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering North Korean IT workers are secretly employed in Norwegian companies GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use New threat actor, UAT-9921, leverages VoidLink framework in campaigns Beyond the Battlefield: Threats to the Defense Industrial Base Fake recruiter campaign targets crypto devs Cybersecurity Commission responds to cyber-attack on its central mobile infrastructure The February 2026 Security Update Review Conduent Breach Hits Volvo Group: Nearly 17,000 Employees’ Data Exposed Hacker linked to Epstein removed from Black Hat cyber conference website Fintech lending giant Figure confirms data breach Weaponising AI: The New Cyber Attack Surface Russia tries to block WhatsApp, Telegram in communication blockade Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, newsletter)
Published: 2026-02-15T13:25:33