ALL POSTS

Key Findings Apple is testing end-to-end encrypted Rich Communications Services (RCS) messaging in the iOS and iPadOS 26.4 developer beta. The feature is still in beta and not yet available to all devices or carriers. Encrypted conversations are labeled as such and cannot be read while in transit between devices. RCS encryption is currently only available for testing between Apple devices and not with other platforms like Android. The RCS encryption is based on the Messaging

Key Findings In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses, and partial credit card data. Canada Goose stated that the data "appears to relate to past customer transactions" and originated from a breach at a third party in August 2025. The most recent transaction date in the

Key Findings In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender, date of birth, religion, spouse name, estimated income, and donation history. The attackers sent in

Key Findings Microsoft warns of a new ClickFix variant that tricks users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. Attackers use cmd.exe to perform a DNS lookup against a hard-coded external server, and the `Name:` response is extracted and executed as the second-stage payload. This DNS-based approach allows attackers to signal and deliver payloads via their own infrastructure, reducing reliance on web

Key Findings Security researchers have uncovered details of a new mobile spyware platform called ZeroDayRAT that is being sold openly on Telegram. ZeroDayRAT provides comprehensive remote control capabilities over compromised Android and iOS devices, including real-time surveillance and data theft. The malware supports Android versions 5 through 16 and iOS up to version 26, allowing it to target a wide range of mobile devices. ZeroDayRAT is distributed through social engineer

Key Findings Microsoft has disclosed details of a new version of the ClickFix social engineering tactic that uses DNS lookups to retrieve malware payloads. The attack tricks users into running commands through the Windows Run dialog that perform a DNS lookup to an external server controlled by the attackers. The DNS response is then executed as the second-stage payload, allowing the threat actors to reach infrastructure under their control and establish a new validation layer

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability in BeyondTrust Remote Support (RS) and older Privileged Remote Access (PRA) products to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2026-1731, has a CVSS score of 9.9 and could allow an unauthenticated attacker to execute remote commands without logging in. BeyondTrust released security updates on February 6, 2026, to address the critical vulnera

Key Findings 287 different Chrome browser extensions are actively stealing the web histories of roughly 37.4 million people These extensions, often disguised as "harmless tools" like ad blockers or search assistants, are feeding user data to a network of global corporations and data brokers The research team identified many of these tools sending user data in plain text and using "obfuscation" techniques to hide their tracks, scrambling history into codes before sending it of

Key Findings Blockchain-based lending firm Figure confirmed a data breach after an employee fell victim to a social engineering attack Hackers were able to access and steal a limited number of files, including personally identifiable information (PII) of Figure's customers The cybercrime group ShinyHunters claimed responsibility for the breach and released about 2.5GB of stolen data, which included names, addresses, birth dates, and phone numbers Figure has started notifying

Key Findings: Interoperability in healthcare introduces significant security and privacy risks, as every data exchange connection becomes a potential failure point. Misconfigured integrations, outdated protocols, or weak identity controls can lead to unauthorized access and exposure of sensitive medical data. Healthcare breaches increasingly involve data interception, unauthorized access to shared systems, or abuse of trusted data exchange workflows rather than traditional ma

Key Findings Google Threat Intelligence Group (GTIG) has identified a previously undocumented threat actor, possibly affiliated with Russian intelligence services, that has been targeting Ukrainian organizations with the CANFAIL malware. The threat actor has primarily targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments, but has also shown growing interest in aerospace, manufacturing with military/drone ties,

Key Findings: Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have targeted the defense industrial base (DIB) sector. The adversarial targeting is centered around four key themes: striking defense entities in the Russia-Ukraine War, approaching employees and exploiting the hiring process, using edge devices/appliances for initial access, and supply chain risk from manufacturing breaches. Notable threat actors

Key Findings Cisco Talos has discovered a new threat actor, UAT-9921, using a modular attack framework called VoidLink to target organizations in the technology and financial services sectors. VoidLink is a Linux-focused, highly capable attack framework that can compile and deploy plugins on-demand, potentially enabling AI-driven tool creation in the future. UAT-9921 is believed to have been active since at least 2019, even before the use of VoidLink, and has been observed in

Key Findings Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed "graphalgo" in reference to the first package published in the npm registry, and it's assessed to be active since May 2025. The campaign includes a well-orchestrated story around a company i

Key Findings North Korea-linked threat actor UNC2970 used Google's Gemini AI model to conduct reconnaissance on its targets, including searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information. Other state-backed hacking groups, including UNC6418 (unattributed), Temp.HEX or Mustang Panda (China), APT31 or Judgement Panda (China), APT41 (China), UNC795 (China), and APT42 (Iran), have also integrated G

Key Findings Ivanti released security patches for its Endpoint Manager (EPM) product, addressing two critical vulnerabilities. The most severe flaw, CVE-2026-1603, is a high-severity authentication bypass (CVSS 8.6) that allows remote unauthenticated attackers to access stored credentials. The second vulnerability, CVE-2026-1602, is a medium-severity SQL injection flaw (CVSS 6.5) that could enable data theft by authenticated attackers. There is no evidence of these vulnerabil

Key Findings Apple has fixed an actively exploited zero-day vulnerability in its ecosystem, including iOS, macOS, and other devices. The vulnerability, tracked as CVE-2026-20700, is a memory corruption flaw in Apple's Dynamic Link Editor (dyld) that allows attackers to execute arbitrary code. The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated, targeted attacks by nation-state actors or commercial spyware v

Key Findings Apple released emergency updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to address an actively exploited zero-day vulnerability (CVE-2026-20700) The vulnerability is a memory corruption issue in Apple's Dynamic Link Editor (dyld) that could allow attackers to execute arbitrary code The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated nation-state or commercial spyware attacks Apple

Key Findings: A critical vulnerability in MongoDB allows unauthenticated attackers to crash database servers The flaw, tracked as CVE-2022-29464, has a CVSS score of 8.7 and can lead to Denial of Service (DoS) conditions The vulnerability is caused by a memory exhaustion issue that can be triggered without any authentication Background MongoDB is a popular open-source NoSQL database management system that is widely adopted by organizations for its flexibility and scalability.

Key Findings North Korea-linked threat actor UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive victims UNC1069 has a history of conducting social engineering campaigns for financial gain using fake meeting invites and posing as investors from reput