Cybersecurity News | Daily Recap [02 Feb 2026]

hendryadrian.com

hendryadrian.com

International Policy

• Britain and Japan agreed to deepen a cyber strategic partnership to boost cybersecurity and secure critical mineral supply chains amid rising geopolitical pressure – UK-Japan Pact
• India unveiled a long-term digital strategy in the Union Budget 2026–27 prioritizing AI, cloud, semiconductors, data centers and integrated cybersecurity including a tax holiday until 2047 to attract foreign cloud providers – India Budget

Law Enforcement & Takedowns

• U.S. and Bulgaria collaborated to seize and shut down three major online piracy websites as part of an EU crackdown on illicit distribution – Piracy Takedown

Databases & Extortion

• An automated campaign has ransacked over 1,400 unprotected MongoDB instances and threat actors continue targeting roughly 208,500 publicly discoverable MongoDB servers (about 3,100 without auth), leaving ransom notes demanding ~0.005 BTC – MongoDB Ransack, MongoDB Extortion

Supply Chain & Updates

• Attackers abused a compromised developer account on Open VSX to publish malicious updates delivering the GlassWorm loader that exfiltrates macOS credentials, browser data and crypto files via EtherHiding and Solana memos – OpenVSX Attack
• Threat actors compromised eScan antivirus update servers to push a multi-stage payload replacing reload.exe, installing a persistent downloader (fetching CONSCTLX.exe), bypassing AMSI and blocking updates before vendors isolated servers and patched systems – eScan Compromise

Targeted Campaigns

• Threat actor UAT-8099 deployed region-locked variants of BadIIS and a Linux ELF variant across Thailand, Vietnam and neighboring countries, using web shells, PowerShell and the GotoHTTP tool for proxy, injector and SEO-fraud capabilities linked to the WEBJACK campaign – BadIIS Campaign

Data Breaches

• NationStates confirmed a breach after a player escalated a reported vulnerability to achieve RCE on production, exposing emails, MD5 password hashes, IPs, UserAgent strings and portions of user telegrams while the site rebuilds and notifies authorities – NationStates Breach

Microsoft & Platform Changes

• Microsoft will disable NTLM by default in upcoming Windows Server and client releases and urges use of enhanced NTLM auditing, dependency mapping and migration to Kerberos ahead of the multi‑phase removal – Microsoft NTLM
• Microsoft released a fix for a bug that caused the password sign-in option to disappear for some users, restoring expected authentication behavior – Microsoft Fix

Autonomous Threats

• Researchers warn of a “lethal trifecta” of autonomous agent tooling—OpenClaw, Moltbook and Molt Road—enabling credential theft, lateral movement and self‑funded Ransomware 5.0 operations via agent marketplaces and collaboration networks – Autonomous Adversary

Privacy & Consumer

• Apple introduced a Limit Precise Location setting in iOS 26.3 to restrict carriers to approximate location areas instead of street‑level precision, subject to carrier support (e.g., Telekom, EE, BT, Boost, AIS, True) – Apple Location

Miscellaneous

• Daily compiled threat research and recaps for 01 Feb 2026 are available in the weekly roundup – Weekly Recap

Cybersecurity News | Daily Recap – hendryadrian.com