Cybersecurity News | Daily Recap [05 Feb 2026]

Daily Recap, exposed test credentials in a public S3 bucket allowed an attacker to gain full admin control of an AWS environment in 8 minutes via Lambda code injection and privilege escalation, while Google Looker vulnerabilities enabled RCE and data exfiltration in cloud instances and self-hosted deployments. The recap also covers the Harvard Alumni data breach tied to ShinyHunters, the Panera data exposure, the Incognito Market operator’s 30-year sentence, rising ransomware activity from Qilin and CL0P, and notable nation-state and cyberespionage campaigns like Lotus Blossom and Amaranth Dragon. #ShinyHunters #HarvardAlumni #PaneraBread #IncognitoMarket #Qilin #CL0P #LotusBlossom #AmaranthDragon #TRMLabs #AWS #Looker

Cloud Compromises

Exposed test credentials in a public S3 bucket allowed an attacker to gain full admin control of an AWS environment in 8 minutes using Lambda code injection, privilege escalation into a “frick” account and LLM-assisted automation to run costly GPU models – AWS Takeover
Two Google Looker vulnerabilities dubbed LookOut let a user with developer permissions achieve RCE and data exfiltration; Google patched cloud instances but self-hosted deployments must update – Looker Flaws

Breaches & Data Theft

ShinyHunters exploited SSO/vishing to breach Harvard Alumni systems exposing about 115,000 donor records and claimed a separate Panera incident that exposed roughly 5.1 million emails from a leaked 760MB archive – ShinyHunters Breach, Panera Breach
Operator Rui‑Siang Lin (“Pharaoh”) was sentenced to 30 years for running the Incognito Market, a darknet narcotics enterprise exceeding $105 million in sales linked to fentanyl-laced pills and hundreds of thousands of transactions – Incognito Market

CISA & KEV

CISA quietly flipped about 59 vulnerabilities to “known” in its KEV catalog after ransomware exploitation evidence and added flaws affecting SolarWinds, Sangoma FreePBX, GitLab and a patched VMware ESXi (CVE-2025-22225), prompting urgent BOD 22‑01 patching – CISA KEV, KEV Additions, VMware ESXi, GitLab SRF

Vulnerabilities & Exploits

Critical n8n flaws (CVE-2026-25049) let authenticated workflow editors escape sandboxing and achieve RCE; PoCs and public exploits exist—update and rotate keys/credentials – n8n Flaws
Attackers abused a long‑revoked EnCase kernel driver to deploy an EDR killer that detects and terminates 59 security tools after compromising SonicWall SSL VPN credentials, and researchers warn to enable MFA/HVCI/WDAC – EDR Killer
Threat actors compromised NGINX servers to silently redirect user traffic to attacker-controlled sites, exposing users to downstream attacks – NGINX Redirect

Nation‑state & Espionage

SecurityWeek’s Cyber Insights warns of accelerating cyberwar driven by nation‑state pre‑positioning and AI-enabled operations that blur lines between state and criminal actors and complicate attribution – Cyber Insights
The “Static Tundra” campaign targeted Poland’s energy sector with destructive DynoWiper malware, signaling infrastructure sabotage risks – Static Tundra
State‑linked Lotus Blossom hijacked Notepad++ updates to deliver the Chrysalis backdoor via a trojanized installer using obfuscation and structured C2 – Notepad++ Hijack
New cyberespionage group Amaranth Dragon is exploiting a WinRAR flaw to target victims, expanding espionage toolsets – Amaranth Dragon

Ransomware & Crime

Research shows ransomware attacks have surged about 30% since late 2025, driven by supply‑chain targeting and high-volume groups like Qilin and CL0P and new affiliates – Ransomware Surge

Blockchain & Investigations

Blockchain intelligence firm TRM Labs raised $70 million at a $1 billion valuation to scale AI tools for tracing illicit crypto flows and supporting law enforcement – TRM Funding

Identity & Access

Analysis examines the security tradeoffs of non‑human identities (automation/AI accounts), highlighting risks and control challenges for access management – Non‑Human IDs

Cybersecurity News | Daily Recap – hendryadrian.com