Cybersecurity.watch

CyberheistNews Vol 16 #07 Uncovering the Sophisticated Phishing Campaign Bypassing M365 MFA

authentication, microsoft, phishing, vulnerability

Feb 19 2026

Phishing campaign bypassing M365 MFA detected, compromising accounts by exploiting OAuth 2.0 flows. Attackers trick users into authenticating on legitimate Microsoft domains, stealing access tokens for persistent access to data. Key sectors targeted include tech, manufacturing, and finance. Immediate mitigation requires auditing OAuth apps and reviewing email logs. Additionally, there’s discussion on automation in incident response, AI-driven email security, and the evolution of romance scams using deepfake technology. New voice phishing kits enable real-time control over attacks, raising concerns over email security gaps in organizations.

https://blog.knowbe4.com/cyberheistnews-vol-16-07-uncovering-the-sophisticated-phishing-campaign-bypassing-m365-mfa

UK.gov Launches Cyber ‘lockdown’ Campaign as 80% of Orgs Hit

cloud security, compliance, regulation

Feb 19 2026

UK government launches cyber lockdown campaign urging businesses to enhance digital defenses, as report shows 82% of organizations experienced cyber incidents. Only 30% adhere to Cyber Essentials standards. Campaign aims to raise awareness among SMEs about the risks and importance of basic cybersecurity measures. Free resources offered to assist businesses in improving security practices.

https://www.theregister.com/2026/02/17/govt_launches_cyber_lockdown_push/

Manipulating AI Memory for Profit: The Rise of AI Recommendation Poisoning

ai, threats

Feb 19 2026

AI Recommendation Poisoning exploits AI memory to influence recommendations by embedding hidden instructions in prompts. Companies use malicious URLs in “Summarize with AI” buttons, instructing AIs to remember them favorably, leading to biased outputs. The trend poses risks as poisoned AIs provide slanted advice on critical topics, affecting users' decisions without their awareness. Microsoft has begun implementing protections against these attacks, but research indicates widespread attempts across various industries to manipulate AI assistants.

https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/

Chinese Hackers Exploiting Dell Zero-day Flaw Since Mid-2024

breach, server, vulnerability

Feb 19 2026

Chinese hackers have been exploiting a critical Dell security flaw, identified as CVE-2026-22769, in their RecoverPoint for Virtual Machines since mid-2024. The UNC6201 group uses hardcoded credentials for unauthorized access, deploying sophisticated malware like Grimbolt to infiltrate VMware networks. To mitigate these attacks, Dell advises affected customers to apply recommended remediations.

https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/

What Your Bluetooth Devices Reveal About You

operational technology, privacy, threats, tools

Feb 18 2026

Bluetooth devices leak personal data. The author built Bluehood, a scanner to analyze Bluetooth presence patterns and understand data exposure risks. Key points include the unintended information leaked by always-on Bluetooth devices, lack of control over Bluetooth settings in many devices, and potential privacy tools needing Bluetooth for functionality. Bluehood passively monitors devices, creating heatmaps and identifying patterns. The main takeaway: users need to be aware of their Bluetooth habits to make informed privacy decisions.

https://blog.dmcc.io/journal/2026-bluetooth-privacy-bluehood/

Password Managers Don’t Protect Secrets if Pwned

password, threats

Feb 18 2026

Research exposes vulnerabilities in popular password managers (Bitwarden, LastPass, Dashlane) claiming zero-knowledge encryption, enabling potential password exposure if servers are compromised. Bitwarden was most affected, with 12 attack methods detailed; LastPass and Dashlane followed with 7 and 6 respectively. The study urges enhanced security practices and clear communications from providers regarding risks and protections. Vendors acknowledged flaws and are addressing them, but similar vulnerabilities may apply to others in the industry.

https://www.theregister.com/2026/02/16/password_managers/

Eurail Says Stolen Traveler Data Now up for Sale on Dark Web

breach, incident, privacy

Feb 18 2026

Eurail's stolen customer data is for sale on the dark web after a breach revealed sensitive records, including names and bank details. The company is investigating the extent of the breach and has notified data protection authorities. Affected customers should be alert for phishing attempts and update their passwords.

https://www.bleepingcomputer.com/news/security/eurail-says-stolen-traveler-data-now-up-for-sale-on-dark-web/

Are Hackers Trying to Utilize Gemini AI’s Capabilities for Malicious Purposes?

ai, google, threats

Feb 18 2026

Hackers are attempting to exploit Gemini AI for cyberattacks, as highlighted in a Google Threat Intelligence report. While direct cloning hasn’t succeeded, state-sponsored groups are using AI tools for sophisticated hacks. The private sector is also interested in Gemini’s proprietary technology for development, raising concerns about intellectual property theft. Despite growing reliance on AI, Americans remain distrustful, fearing privacy violations and data exploitation.

https://www.pandasecurity.com/en/mediacenter/are-hackers-trying-to-utilize-gemini-ais-capabilities-for-malicious-purposes/

Infostealer Malware Found Stealing OpenClaw Secrets for First Time

ai, malware

Feb 18 2026

Infostealer malware has been detected stealing sensitive data from OpenClaw, an AI assistant framework, marking a new trend in targeting personal AI configurations. The stolen files include API keys and login information, with a potential full compromise of victims' digital identities. Hudson Rock identified the malware as having similarities to the Vidar infostealer. As OpenClaw gains traction, its configuration files, containing sensitive authentication secrets, are increasingly being targeted by cybercriminals.

https://www.bleepingcomputer.com/news/security/infostealer-malware-found-stealing-openclaw-secrets-for-first-time/

Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

malware, microsoft, threats

Feb 17 2026

Microsoft revealed a new ClickFix attack utilizing nslookup for malware staging. Attackers trick users into running DNS lookups to retrieve malicious payloads, circumventing security measures by having victims infect their own machines. This technique has evolved into various forms and leverages DNS traffic as a stealthy method of signaling to malicious infrastructure. The attack can lead to further malware deployment, including remote access trojans and information stealers, particularly targeting both Windows and macOS users amidst rising incidents of cryptocurrency theft.

https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html

EU Parliament Blocks AI Features Over Cyber, Privacy Fears

ai, cloud, eu, regulation

Feb 17 2026

EU Parliament disables AI features on devices due to cybersecurity and data protection concerns, as risks from cloud data sharing are evaluated. Lawmakers advised caution with personal devices too.

https://www.politico.eu/article/eu-parliament-blocks-ai-features-over-cyber-privacy-fears/

New Clickfix Exploit Tricks Users Into Changing DNS Settings for Malware Installation

malware, threats

Feb 17 2026

New Clickfix exploit uses DNS hijacking to install malware by deceiving users into executing malicious commands. Victims paste scripts from fake error messages, triggering DNS lookups to fetch payloads, ultimately delivering ModeloRAT while blending in with normal traffic to avoid detection.

https://cybersecuritynews.com/new-clickfix-attack-uses-dns-hijacking/

How Global Cybercrime Syndicates Are Stealing Hearts — and Billions

ai, scams, social engineering

Feb 17 2026

Global cybercrime syndicates are exploiting romance scams, using AI to create convincing online identities to deceive victims, particularly during Valentine's season. In 2024, Americans lost over $16 billion to cybercrime, with one in seven adults affected by romance schemes. These scams, targeting older demographics, leverage trust and urgency to manipulate victims, often moving conversations off safer platforms. Law enforcement faces challenges due to the international nature of these operations, but agencies like the FBI are forming global partnerships to combat them. Vigilance is necessary for online daters, as pressure tactics are common indicators of scams.

https://www.politico.com/news/2026/02/14/how-global-cybercrime-syndicates-are-stealing-hearts-and-billions-00780481

Naming and Shaming: How Ransomware Groups Tighten the Screws on Victims

ransomware, threats, trends

Feb 17 2026

Ransomware tactics have evolved from simple file encryption to combining data theft with threats of public exposure via dedicated leak sites (DLSs). These sites, emerging in 2019, amplify pressure on victims by publicly showcasing stolen data and demanding payment. This approach increases risks including reputational damage, regulatory fines, and follow-on cybercrimes. Victims face urgency and fear as they navigate decisions under pressure, often leading to repeated attacks even after ransom payment. Effective defenses require advanced security measures, access controls, regular software updates, resilient backups, and employee training to mitigate risks associated with ransomware threats.

https://www.welivesecurity.com/en/ransomware/naming-shaming-ransomware-groups-tighten-screws-victims/

2026 State of Enterprise Infostealer Identity Exposure

breach, report, threats

Feb 17 2026

In 2025, enterprise identity exposure intensified, with enterprise identity logs increasing from 8% to 11% of all logs. Microsoft Entra ID credentials appeared in 79% of these logs, making them the most compromised. Over 18% of identity logs contained credentials for multiple providers, expanding the potential impact of a single breach.

https://flare.io/learn/resources/2026-enterprise-infostealer-identity-exposure/