PayPal has begun notifying a small number of customers about a significant cybersecurity incident in which their personally identifiable information (PII) was exposed for nearly six months due to a software error in its PayPal Working Capital (PPWC) loan application.…
Grandstream VoIP Phones Vulnerability Allows Attackers to Gain Root Privileges
VoIP desk phones are trusted devices, but many are managed like office furniture. A newly disclosed flaw in Grandstream phones shows how a simple network-facing bug can turn a handset into an entry point for eavesdropping and wider access. In…
PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months
PayPal has issued a formal data breach notification disclosing that a coding error in its PayPal Working Capital (PPWC) loan application exposed the personally identifiable information (PII) of an undisclosed number of customers for approximately six months, from July 1,…
In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI
Other noteworthy stories that might have slipped under the radar: Axonius lays off employees, Abu Dhabi conference data leak, HackerOne addresses AI concerns. The post In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI appeared…
Global Cyber Espionage Campaign Hits Governments in 37 Countries
A massive cyber spying effort – linked to a government-backed group operating out of Asia – has breached governmental bodies and essential infrastructure targets in 37 nations, recent findings by Palo Alto Networks reveal. Known under the identifier TGR-STA-1030,…
German Authorities Alert Public to Signal Account Takeover Campaign
The use of secure messaging applications has long been seen as the final line of defense against persistent digital surveillance in an era of widespread digital surveillance. This assumption is now being challenged by Germany’s domestic intelligence service, the…
Cyber Briefing: 2026.02.20
ClickFix spreads MIMICRAT, VoIP zero-day enables eavesdropping, Gemini-powered malware emerges, hospitals and chip firms hit, global scam arrests surge. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.02.20
Critical Jenkins Flaw Exposes Build Environments to XSS Attacks
A popular open-source automation server used by developers worldwide to build, test, and deploy software faces serious security risks from recent flaws. On February 18, 2026, two vulnerabilities were detailed in the core Jenkins software. The most critical issue is…
Silicon Valley Engineers Indicted for Alleged Trade Secret Theft From Google and Tech Firms
Federal authorities arrested three Silicon Valley engineers on Thursday, charging them with conspiring to steal trade secrets from Google and other tech giants. The case highlights growing insider threats in the chip design sector, where foreign adversaries could exploit sensitive…
Japanese Chip Supplier Hit By Ransomware
Advantest, a major Japanese provider of semiconductor testing tools, is currently investigating a ransomware attack that compromised parts of its corporate network. This article has been indexed from CyberMaterial Read the original article: Japanese Chip Supplier Hit By Ransomware
Africa Scam Crackdown Nets 651 Arrests
Sixteen African nations collaborated in an international crackdown on cybercrime known as Operation Red Card 2.0, resulting in 651 arrests and the recovery of over 4.3 million dollars. This article has been indexed from CyberMaterial Read the original article: Africa…
Ukrainian Gets 5 Years In IT Fraud Case
A 29-year-old Ukrainian man received a five-year prison sentence for managing a sophisticated identity theft operation that helped North Korean IT workers secure jobs at American companies. This article has been indexed from CyberMaterial Read the original article: Ukrainian Gets…
FBI Reports 1,900 ATM Jackpotting Incidents
The FBI has issued a warning regarding a significant rise in ATM jackpotting, noting that over twenty million dollars was stolen in 2025 alone. This article has been indexed from CyberMaterial Read the original article: FBI Reports 1,900 ATM Jackpotting…
ClickFix Uses Hacked Sites For MIMICRAT
Security researchers have uncovered a sophisticated ClickFix campaign that hijacks legitimate websites to infect users with a novel remote access trojan known as MIMICRAT. This article has been indexed from CyberMaterial Read the original article: ClickFix Uses Hacked Sites For…
Ukrainian gets five years for helping North Koreans secure US tech jobs
Polish arrest leads to extradition and federal prison sentence Ukrainian national Oleksandr Didenko will spend the next five years behind bars in the US for his involvement in helping North Korean IT workers secure fraudulent employment.… This article has been…
Massive Winos 4.0 Campaigns Target Taiwan
FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving attacker infrastructure This article has been indexed from FortiGuard Labs Threat Research Read the original article: Massive Winos 4.0 Campaigns Target…
Founder ditches AWS for Euro stack, finds sovereignty isn’t plug-and-play
Attempt to go ‘Made in EU’ offers big tech escapees a reality check where lower cloud bills come with higher effort Building a startup entirely on European infrastructure sounds like a nice sovereignty flex right up until you actually try…
Age verification vendor Persona left frontend exposed
Behind a basic age check, researchers say Persona’s system runs extensive identity, watchlist, and adverse-media screening. The post Age verification vendor Persona left frontend exposed appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the…
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). “The campaign demonstrates a high level of operational sophistication: compromised sites spanning…
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. “On February 17,…
A Unified Defense Against MITRE’s Top Injection Attacks
This is how I created a Go library to address 41 actively exploited vulnerabilities. The Problem That Keeps Security Teams Up at Night On December 11, 2025, MITRE released its annual 2025 CWE Top 25 Most Dangerous Software Weaknesses list,…
Critical Vulnerabilities in VS Code Extensions Threaten 128 Million Developer Environments
Three critical vulnerabilities have been found in four popular Visual Studio Code extensions. These extensions have been downloaded over 128 million times. The vulnerabilities are identified as CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717. The findings from the OX Security Research team, later…
Apache Tomcat Vulnerabilities Let Attackers Bypass Security Constraints via HTTP/0.9 Requests
Apache Tomcat has disclosed CVE-2026-24733, a Low-severity security constraint bypass that can be triggered via HTTP/0.9 requests when certain access-control rules are configured in a specific way. The Apache Tomcat security team identified the issue, and the original advisory was…
Critical Jenkins Vulnerability Exposes Build Environments to XSS Attacks
Security Advisory has revealed multiple vulnerabilities in Jenkins Core, including a stored Cross-Site Scripting (XSS) flaw that could expose build environments to severe security risks. The issues, identified as CVE-2026-27099 and CVE-2026-27100, were responsibly disclosed under the Jenkins Bug Bounty Program sponsored by the European…