A critical stack-buffer overflow in Grandstream GXP1600 series VoIP phones allows a remote unauthenticated attacker to gain root privileges and silently eavesdrop on calls. Rapid7 published technical details and a Metasploit module demonstrating exploitation of CVE-2026-2329, and Grandstream released firmware 1.0.7.81 to fix the issue; administrators should update immediately. #CVE-2026-2329 #Grandstream
Tag: SSO
Nearly 1 million user records were exposed in a breach at blockchain-powered lender Figure Technology Solutions after an employee fell victim to a social engineering attack. The ShinyHunters group claimed responsibility and published more than 2.4GB of stolen files, with Have I Been Pwned identifying roughly 967,000 affected Figure records, including…
Researchers discovered a new Android banking malware named Massiv that disguises itself as an IPTV app to steal digital identities and access online banking accounts. In a campaign observed by ThreatFabric, Massiv targeted a Portuguese government app integrated with Chave Móvel Digital and uses screen overlays, keylogging, MediaProjection and Accessibility-based UI-tree control to bypass protections, open fraudulent accounts, and enable money laundering and account takeovers. #Massiv #ChaveMovelDigital
At the India AI Impact Summit 2026, global leaders highlighted the need to move AI in education from pilots to large-scale, responsible, and equitable classroom adoption centered on teachers and pedagogy. They called for 2026 to be a year of action emphasizing teacher training, transparent AI literacy policies, interoperable infrastructure, and…
The report analyzes a range of cyber threats against the financial sector, including database leaks, sales of access rights on dark web forums, phishing campaigns, and ransomware incidents affecting major financial organizations. It highlights specific cases involving leaked credentials and datasets (H***, V***, T***), threat actors claiming access (PanchoVilla, Solonik, CLOP),…
Taxes Software Argentina, a Buenos Aires-based tax management software provider, has reportedly been compromised, exposing internal infrastructure and sensitive data for 440 client companies. The threat actor claims to have exploited a misconfigured Nginx server and an exposed Laravel storage directory to leak a 4.7 GB database dump containing AFIP certificates…
![Cybersecurity News | Daily Recap [18 Feb 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [18 Feb 2026]")
Daily Recap, the latest cyber threats cover exploited zero-days like Dell RecoverPoint CVE-2026-22769 used by UNC6201 to deploy GRIMBOLT/SLAYSTYLE with Ghost NICs, and a spectrum of high-impact flaws, supply-chain breaches, and targeted espionage campaigns. The recap also notes active exploitation of TeamT5 CVE-2024-7694, Ivanti EPMM backdoors bypassing patches, Keenadu firmware backdoors, CrescentHarvest espionage, and AI/Cloud risks including Copilot as C2 and Grok deepfakes, plus notable data leaks and enforcement actions. #UNC6201 #GRIMBOLT #SLAYSTYLE #DellRecoverPoint #TeamT5 #IvantiEPMM #Keenadu #CRESCENTHARVEST #Copilot #Grok #Eurail #Cellebrite #DavaIndia #Notepad++ #Chrysalis #PaloAltoNetworks #Koi #VulnCheck
Attack Discovery, Workflows, and Agent Builder were combined to automatically detect, confirm, and triage a Chrysalis backdoor campaign delivered via a Notepad++ update supply-chain compromise, collapsing dozens of alerts into a single verified incident and creating a case and Slack channel with on-call responders already added. The automation verified C2, performed VirusTotal checks, ran ES|QL hunts, and executed incident actions (isolation, user suspension, IOC sweeps) in under four minutes instead of hours. #Chrysalis #LotusBlossom
CISA warns of a critical 9.8-severity vulnerability (CVE-2026-1670) in multiple Honeywell CCTV products that allows unauthenticated attackers to change recovery emails and take over camera accounts. The flaw stems from an exposed unauthenticated API endpoint affecting several mid-level Honeywell camera models; users should minimize network exposure and contact Honeywell support for patch guidance. #Honeywell #CVE-2026-1670
GrayCharlie, active since mid-2023 and overlapping with SmartApeSG, compromises WordPress sites to inject externally hosted JavaScript that redirects visitors to NetSupport RAT payloads delivered via fake browser update pages or ClickFix lures, often resulting in Stealc and SectopRAT follow-on deployments. Insikt Group mapped extensive infrastructure tied to MivoCloud and HZ Hosting Ltd, identified multiple NetSupport RAT C2 clusters and staging domains, and observed a likely supply‑chain compromise impacting numerous US law firm websites. #GrayCharlie #NetSupportRAT
Hackers stole personal and contact information from nearly 1 million accounts after breaching Figure Technology Solutions in a social engineering attack, with Have I Been Pwned reporting data from 967,200 accounts dating to January 2026. Extortion group ShinyHunters claimed responsibility and posted roughly 2.5GB of stolen loan applicant data, and the incident is linked to broader vishing campaigns targeting SSO providers and multiple high‑profile organizations. #Figure #ShinyHunters
At the India AI Impact Summit 2026, leaders from government, industry, and academia argued that scaling AI must be matched by strong governance and cyber readiness. Panelists stressed proactive measures like red teaming and continuous stress-testing to counter industrialized threats such as deepfake audio and preserve public trust. #Deepfake #Cyble…
A critical zero-day, CVE-2026-22769, is being actively exploited in Dell RecoverPoint for Virtual Machines to enable unauthenticated attackers to gain root-level persistence via hardcoded Apache Tomcat credentials. Mandiant and GTIG attribute the campaign to Chinese cluster UNC6201, which has deployed SLAYSTYLE web shells and transitioned from BRICKSTORM to the AOT-compiled backdoor…
Genesis claims to have compromised Community Management Associates, a US-based organization serving residential and master-planned communities, town homes, mixed-use and commercial/retail properties. The group threatens to release sensitive data unless a ransom is paid. #UnitedStates
Researchers uncovered hybrid cryptocurrency investment scams that combine malvertising-driven acquisition with messaging-app-based pig butchering, primarily targeting users in Japan and broader Asia and leveraging more than 23,000 RDGA-generated and lookalike domains. The campaigns use shared website frameworks, lookalike domains (e.g., youtubefind[.]top), and AI/automated chatbots inside legitimate messaging apps to socially engineer victims into sending funds. #RDGA #youtubefind_top