IT Security News Daily Summary 2026-02-20

159 posts were published in the last hour

• 22:34 : PayPal discloses extended data leak linked to Loan App glitch
• 22:34 : PayPal app code error leaked personal info and a ‘few’ unauthorized transactions
• 22:34 : How does NHI impact innovation in cloud-native security solutions
• 22:34 : How does Agentic AI enforce cloud compliance in real-time
• 22:34 : How assured is your data with NHIs in place
• 22:34 : Can Agentic AI improve scalability in secrets management
• 21:32 : PayPal Flaw Exposed Sensitive Data in Lending App for Six Months
• 20:36 : Apache Tomcat Vulnerability Circumvents Access Rules
• 20:36 : DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies
• 20:36 : NDSS 2025 – NodeMedic-FINE: Automatic Detection And Exploit Synthesis For Node.js Vulnerabilities
• 20:36 : Lasso Security Adds Ability to Track AI Agent Behavior
• 20:36 : AI-augmented threat actor accesses FortiGate devices at scale
• 20:9 : AI coding assistant Cline compromised to create more OpenClaw chaos
• 20:9 : ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
• 20:9 : Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies
• 20:9 : Check Point Software Earns Leader & Fast Mover Position in GigaOm Radar for Cloud Network Security
• 20:9 : TDL 016 | Speed, Risk, and Responsibility in the Age of AI | Rafael Ramirez
• 20:5 : IT Security News Hourly Summary 2026-02-20 21h : 2 posts
• 19:34 : Google Blocked 1.75M Harmful Apps From Play Store in 2025
• 19:10 : Wordfence Bug Bounty Program Monthly Report – January 2026
• 18:32 : Over 41% of Popular OpenClaw Skills Found to Contain Security Vulnerabilities
• 18:32 : Metadata Exposes Authors of ICE’s ‘Mega’ Detention Center Plans
• 18:32 : ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data
• 18:31 : Randall Munroe’s XKCD ‘Double-Pronged Extension Cord’
• 18:31 : Windows Malware Distributed Through Pirated Games Infects Over 400,000 Systems
• 18:13 : Ukrainian man jailed for identity theft that helped North Koreans get jobs at US companies
• 18:13 : Cyber Runway to Centre Stage: How Plexal Is Accelerating Innovation and Championing Women Leaders
• 18:13 : Q&A: Organisations Are Spending Millions on Cybersecurity and Still Getting It Wrong
• 17:32 : Microsoft: Critical Security Issue Found in Windows Notepad
• 17:32 : Bridging the Cyber Skills Divide: How Fortinet’s Global Partnerships Empower Local Talent
• 17:31 : Malicious dYdX Packages Drain User Wallets in Supply Chain Attack
• 17:7 : Architecting Zero-Trust Database Access in Kubernetes With Vault Dynamic Secrets
• 17:7 : News brief: Nation-state hackers active on the global stage
• 17:7 : BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
• 17:7 : American Surveillance: Intelligence, Privacy, and the Fourth Amendment
• 17:7 : US Treasury Department offers secure AI advice to financial services firms
• 17:6 : BeyondTrust Remote Support exploitation ramps up with backdoors, remote tools
• 17:5 : IT Security News Hourly Summary 2026-02-20 18h : 7 posts
• 16:32 : Scammers Use Fake Gemini AI Chatbot for Crypto Scam
• 16:32 : Microsoft 365 Copilot Bug Circumvented DLP Controls
• 16:32 : Age verification vendor Persona left frontend exposed, researchers say
• 16:32 : NDSS 2025 – A Comprehensive Study Of Security Risks In Deno And Its Ecosystem
• 16:32 : Dramatic Escalation in Frequency and Power of DDoS Attacks
• 16:7 : Quantum computer breakthrough tracks qubit fluctuations in real time
• 16:7 : NIST’s Quantum Breakthrough: Single Photons Produced on a Chip
• 15:36 : PayPal Data Breach – 6 Months of Users’ Data Leaked Online
• 15:36 : Grandstream VoIP Phones Vulnerability Allows Attackers to Gain Root Privileges
• 15:36 : PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months
• 15:36 : In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI
• 15:36 : Global Cyber Espionage Campaign Hits Governments in 37 Countries
• 15:36 : German Authorities Alert Public to Signal Account Takeover Campaign
• 15:36 : Cyber Briefing: 2026.02.20
• 15:11 : Critical Jenkins Flaw Exposes Build Environments to XSS Attacks
• 15:11 : Silicon Valley Engineers Indicted for Alleged Trade Secret Theft From Google and Tech Firms
• 15:11 : Japanese Chip Supplier Hit By Ransomware
• 15:11 : Africa Scam Crackdown Nets 651 Arrests
• 15:11 : Ukrainian Gets 5 Years In IT Fraud Case
• 15:11 : FBI Reports 1,900 ATM Jackpotting Incidents
• 15:11 : ClickFix Uses Hacked Sites For MIMICRAT
• 14:34 : Ukrainian gets five years for helping North Koreans secure US tech jobs
• 14:34 : Massive Winos 4.0 Campaigns Target Taiwan
• 14:34 : Founder ditches AWS for Euro stack, finds sovereignty isn’t plug-and-play
• 14:34 : Age verification vendor Persona left frontend exposed
• 14:34 : ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
• 14:34 : Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
• 14:7 : A Unified Defense Against MITRE’s Top Injection Attacks
• 14:7 : Critical Vulnerabilities in VS Code Extensions Threaten 128 Million Developer Environments
• 14:7 : Apache Tomcat Vulnerabilities Let Attackers Bypass Security Constraints via HTTP/0.9 Requests
• 14:7 : Critical Jenkins Vulnerability Exposes Build Environments to XSS Attacks
• 14:7 : CharlieKirk Grabber Stealer Attacking Windows Systems to Exfiltrate Login Credentials
• 14:7 : LLMs change their answers based on who’s asking
• 14:7 : ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT
• 14:5 : IT Security News Hourly Summary 2026-02-20 15h : 7 posts
• 13:40 : Google Blocks 1.75 Million Malicious Apps from Entering Play Store
• 13:40 : North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
• 13:40 : Keeper Security Extends KeeperPAM
• 13:40 : Ready to Move On: How to Evaluate, Select, and Deploy Modern Email Security
• 13:40 : Criminals create business website to sell RAT disguised as RMM tool
• 13:18 : Grandstream VoIP Phones Vulnerability Grants Attackers Root Privileges
• 13:17 : Dramatic Escalation Frequency and Power of in DDoS Attacks
• 12:34 : Ring Cancels Its Partnership with Flock
• 12:34 : BeyondTrust Vulnerability Exploited in Ransomware Attacks
• 12:34 : Ex-Google engineers charged with orchestrating high-tech secrets extraction
• 12:22 : CharlieKirk Grabber Malware Targets Windows Systems to Steal Login Credentials
• 12:22 : CISA gives federal agencies three days to patch actively exploited Dell bug
• 12:22 : Ploutus Malware Drains U.S. ATMs Without a Card or Account — FBI Issues Emergency FLASH Alert
• 12:22 : Silicon Valley Engineers Charged With Stealing Trade Secrets From Google and Other Tech Companies
• 12:22 : PoC Released for Critical Chrome 0-day Vulnerability Exploited in the Wild
• 12:22 : LLM-Generated Passwords Expose Major Security Flaws with Predictability, Repetition, and Weakness
• 12:22 : How Enterprise CISOs Design Their Cyber Risk Management Strategy
• 12:22 : Agentic AI in Cybersecurity is a Smarter, Faster Path to Resilience
• 12:22 : Android Malware Hijacks Google Gemini to Stay Hidden
• 11:34 : FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
• 11:34 : Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
• 11:34 : Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026
• 11:26 : FBI Issues Emergency Alert as Ploutus Malware Drains U.S. ATMs Without Cards or Accounts
• 11:26 : Ex-Google engineers accused of helping themselves to chip security secrets
• 11:26 : What the Nike Breach Teaches Us About the Microsegmentation Imperative of Integrating with EDR
• 11:26 : Google cleans house, bans 80,000 developer accounts from the Play Store
• 11:5 : IT Security News Hourly Summary 2026-02-20 12h : 9 posts
• 10:36 : FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025
• 10:36 : Attackers have 16-digit card numbers, expiry dates, but not names. Should org get £500k fine?
• 10:36 : Man gets five years for aiding North Korean IT employment scam
• 10:20 : Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets
• 10:20 : Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence
• 10:20 : Hackers Actively Exploiting Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT
• 10:20 : PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution
• 10:20 : Chip Testing Giant Advantest Hit by Ransomware
• 10:20 : Real-Time Risk Detection with Automated Vulnerability Assessment Tools
• 9:13 : LLM-Generated Passwords Expose Security Risks with Predictability and Weakness
• 9:13 : Former Google Engineers Indicted Over Trade Secret Transfers to Iran
• 9:13 : FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
• 8:34 : PromptSpy abuses Gemini AI to gain persistent access on Android
• 8:34 : Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
• 8:34 : 651 arrested, $4.3 million recovered in African cybercrime sweep
• 8:34 : CISA’s DELL order, Android AI malware, browsers as weak link
• 8:7 : Apple Updates iPhones After Targeted Attacks
• 8:7 : Google Rushes Out Critical Chrome Update to Address Serious PDFium and V8 Vulnerabilities
• 8:7 : Is Poshmark safe? How to buy and sell without getting scammed
• 8:7 : PromptSpy ushers in the era of Android threats using GenAI
• 8:7 : PentAGI – Automated AI-Powered Penetration Testing Tool that Integrates 20+ Security Tools
• 8:7 : Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens and Gain Persistent Access
• 8:7 : Security Compass brings policy-driven security and compliance to agentic AI development
• 8:5 : IT Security News Hourly Summary 2026-02-20 09h : 6 posts
• 7:34 : PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
• 7:34 : Why AISPM Isn’t Enough for the Agentic Era
• 7:13 : How Scammers Use AI to Build Fake Websites
• 7:13 : Hackers Exploit Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT
• 7:13 : Google Issues Emergency Chrome Security Update to Address High-Severity PDFium and V8 Flaws
• 7:13 : The CISO view of fraud risk across the retail payment ecosystem
• 6:34 : ESET Discovers First Android Malware to Abuse Generative AI for Dynamic UI Manipulation
• 6:34 : CISA Warns of Critical Security Vulnerability in Honeywell Cameras
• 6:34 : Quantum security is turning into a supply chain problem
• 6:34 : Applying green energy tax policies to improve cybersecurity
• 6:11 : Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens for Persistent Access
• 6:11 : Uptime Kuma: Open-source monitoring tool
• 6:11 : Three Former Google Engineers Indicted Over Trade Secret Transfers to Iran
• 5:36 : PromptSpy: First Android AI Malware Leverages Google’s Gemini for Decision-Making
• 5:36 : AI Agents Are Quietly Redefining Enterprise Security Risk
• 5:36 : CISA Orders Emergency Patch for Actively Exploited Dell Flaw;
• 5:13 : Snyk CEO bails, wants someone with more AI experience to replace him
• 5:13 : CarMax – 431,371 breached accounts
• 5:13 : New infosec products of the week: February 20, 2026
• 5:5 : IT Security News Hourly Summary 2026-02-20 06h : 1 posts
• 4:13 : Jeffrey Epstein’s Ties to CBP Agents Sparked a DOJ Probe
• 3:31 : Splunk Enterprise for Windows Vulnerability Let Attackers Hijack DLLs and Gain SYSTEM Access
• 2:31 : Hackers Use Fake Oura AI Server to Spread StealC Malware
• 2:20 : ISC Stormcast For Friday, February 20th, 2026 https://isc.sans.edu/podcastdetail/9818, (Fri, Feb 20th)
• 2:20 : Lattice-Based Zero Trust Identity Verification for AI Agents
• 2:5 : IT Security News Hourly Summary 2026-02-20 03h : 2 posts
• 1:34 : A $10K Bounty Awaits Anyone Who Can Hack Ring Cameras to Stop Sharing Data With Amazon
• 1:22 : AI agents abound, unbound by rules or safety disclosures
• 0:11 : Crims create fake remote management vendor that actually sells a RAT
• 23:34 : An FBI ‘Asset’ Helped Run a Dark Web Site That Sold Fentanyl-Laced Drugs for Years
• 23:34 : Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
• 23:5 : IT Security News Hourly Summary 2026-02-20 00h : 11 posts
• 23:4 : VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
• 23:4 : FBI says ATM ‘jackpotting’ attacks are on the rise, and netting hackers millions in stolen cash
• 22:55 : IT Security News Daily Summary 2026-02-19