Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [25 Feb 2026]

admin
Cybersecurity News | Daily Recap [25 Feb 2026]

Daily Recap, Arkanix Stealer surfaced in October 2025 and disappeared by December 2025, packing infostealing capabilities and post-exploit tools like ChromElevator to harvest system, credentials, VPN, and crypto-wallet data. The rest of the recap covers a VMware Aria Operations patch for CVE-2026-22719, Copilot data controls via Purview DLP, a CarGurus breach claimed by ShinyHunters, Reddit’s ICO fine, FBI actions against Southeast Asia scam networks, and Tim Youngblood’s CISO‑in‑residence advisory work. #ArkanixStealer #ChromElevator #VMwareAriaOperations #CVE-2026-22719 #Microsoft365Copilot #PurviewDLP #AugLoop #CarGurus #ShinyHunters #Reddit #FBI #TimothyYoungblood

Malware

  • Arkanix Stealer, a short-lived infostealer that surfaced in October 2025 and disappeared by December 2025, harvested system details, browser/messaging credentials, VPN client data and crypto wallets and included spreading/post‑exploit tools like ChromElevatorArkanix Stealer

Vulnerabilities & Patches

  • Broadcom patched high-severity flaws in VMware Aria Operations including command injection leading to remote code execution (notably CVE-2026-22719) with fixes rolled into VMware Cloud Foundation, vSphere Foundation 9.0.2.0 and Aria Operations 8.18.6 — VMware Aria

AI & Cloud Security

  • Microsoft 365 Copilot will be blocked from processing confidential Word/Excel/PowerPoint files across all storage via expanded Purview DLP deployed through the AugLoop (late Mar–Apr 2026) after a brief Copilot Chat data exposure, and industry guidance urges identity-first and intent-based permissioning for agentic AI to prevent over-scoped privileges — Copilot Controls, AI Identity

Data Breaches

  • The ShinyHunters group published a 6.1GB archive claiming 12.4 million CarGurus records (emails, IPs, names, phones, addresses, account and finance data) with Have I Been Pwned noting ~3.7 million newly exposed entries that raise phishing risks — CarGurus Breach

Regulatory & Privacy Enforcement

  • The UK Information Commissioner’s Office fined Reddit £14.47 million for failing to verify ages and unlawfully processing data of users under 13, citing reliance on self-declaration and missing DPIAs; Reddit plans to appeal — Reddit Fine, Reddit Fine

Law Enforcement & Crime

  • The FBI pledged continued leadership against industrial-scale scam compounds across Thailand, Cambodia and Vietnam after exposing pig‑butchering and crypto investment frauds tied to trafficked workers and highlighting DOJ indictments and a reported $15 billion bitcoin seizure linked to Chen Zhi and the Prince Group — FBI Action

People & Leadership

  • Timothy Youngblood, a self-taught programmer turned CISO at Dell, Kimberly‑Clark, McDonald’s and T‑Mobile, now serves as a CISO‑in‑residence advising startups on enterprise alignment and emerging risks like non‑human identities and agentic AI — Tim Youngblood

Cybersecurity News | Daily Recap – hendryadrian.com