Cybersecurity News | Daily Recap [14 Feb 2026]

hendryadrian.com

hendryadrian.com

Malware Campaigns

• Fake recruiters distribute a modular RAT via malicious npm/PyPI packages dubbed Graphalgo, attributed to Lazarus/North Korea, that enables MetaMask theft, token‑protected C2, remote command execution and data exfiltration across 192 packages — affected devs should rotate credentials and reinstall their OS. – Graphalgo RAT
• Threat actors abuse public Claude artifacts and malicious Google Ads in “ClickFix” campaigns to trick macOS users into pasting shell commands that install the MacSync infostealer, with multiple variants and shared C2 infrastructure. – MacSync ClickFix

Data Breaches & Fines

• South Korea’s Personal Information Protection Commission fined Louis Vuitton, Christian Dior Couture, and Tiffany a combined $25 million after breaches exposed data for more than 5.5 million customers linked to ShinyHunters campaigns abusing Salesforce‑related SaaS access, with regulators warning that SaaS use doesn’t transfer data‑protection responsibility. – Luxury Fines

Tools & Vulnerabilities

• Criminal IP is now integrated with IBM QRadar SIEM/SOAR to deliver real‑time IP risk scoring, in‑context investigations and automated SOAR enrichment to speed prioritization and response. – QRadar Integration
• CISA warned that a critical Microsoft SCCM (ConfigMgr) remote code execution vulnerability is being actively exploited in the wild. – SCCM Flaw

Cybersecurity News | Daily Recap – hendryadrian.com