threats

New Gmail Account Attack Warning—Hackers Abuse Critical Security Check

, , ,

Hackers are targeting Gmail users with a malicious fake Google Account Security Checkup tool that grants attackers access to sensitive information, including push notifications, contacts, GPS location, and clipboard contents. This attack uses deception to trick users into following prompts that compromise their account security. To protect themselves, users should only use the official Google Account Security Checkup tool through official channels, such as typing the URL directly into their browser.

https://www.forbes.com/sites/daveywinder/2026/03/01/check-your-gmail-account-security-now-ongoing-attacks-reported/

US‑Israel‑Iran Conflict May Trigger Unprecedented Cyberattacks

US-Israel-Iran tensions may lead to extensive cyberattacks disrupting critical infrastructure and financial systems. Cyberwarfare is increasingly integrated into military strategies, as past incidents demonstrate its potential for widespread damage without physical destruction. Experts warn that the ongoing conflict could escalate into coordinated attacks on various sectors, stressing the need for robust cybersecurity measures like zero-trust architecture.

https://www.khaleejtimes.com/world/asia/usisraeliran-trigger-unprecedented-cyberattacks?amp=1

Iran Cyberattack Blackout and War Risks

Iran faced a near-total internet blackout amid a cyberattack during military strikes, disrupting critical infrastructure and communication. Internet traffic dropped to 4% of normal levels as Iranian news outlets went offline and security systems failed, highlighting the integration of cyber warfare with traditional military actions. Analysts view cyberattacks as a tool for Iran to retaliate without escalating to full-scale war, presenting several potential response strategies, including cyberattacks, maritime threats, and support for militias. The incident underscores the rising importance of cybersecurity in global conflicts and advises individuals to enhance personal digital security measures during such tensions.

https://cyberguy.com/news/iran-cyberattack-blackout-war-risks/

Software Vulnerabilities Are Being Weaponized Faster Than Ever

, , ,

VulnCheck reports that software vulnerabilities are being weaponized rapidly, with a 16.5% increase in exploits linked to 10,500 CVEs in 2025, partly due to AI-generated proof-of-concept code. Less than 1% of vulnerabilities were exploited, complicating threat assessment for security teams. Notably, over 50% of ransomware CVEs were zero-days. Major vulnerabilities include React2Shell (236 exploits) and a Microsoft Sharepoint flaw (36 exploits).

https://www.cybersecuritydive.com/news/software-vulnerabilities-are-being-weaponized-faster-than-ever/813096/

Threat Intelligence Supply Chain Is Full of Weak Links

,

Researchers from Georgia Tech found the threat intelligence supply chain vulnerable to adversarial actions and proposed improvements for data sharing. China's recent ban on foreign security software strains the global threat intelligence ecosystem, which was already weak. The study identified shortcomings in data sharing among infosec vendors, revealing most vendors conduct shallow analysis and delay information dissemination. A proposed system could enhance trust and data provenance, enabling better global cooperation in cybersecurity amidst geopolitical tensions.

https://www.theregister.com/2026/02/25/threat_intelligence_supply_chain_research/

Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer

, , ,

A new variant of Atomic macOS Stealer (AMOS) is being distributed through malicious OpenClaw skills, exploiting AI agentic workflows to trick users into installing the malware. The malware, disguised as a harmless skill, uses a fake dialogue box to request the user’s password and then exfiltrates sensitive data, including Apple and KeePass keychains, user documents, and system information. TrendAI™ Managed Detection and Response (MDR) customers are protected from this threat.

https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html

Fake Zoom Meeting “Update” Silently Installs Surveillance Software

, ,

Fake Zoom meeting website installs surveillance software, Teramind, on Windows without user consent. Visitors encounter a fraudulent Zoom interface that prompts an automatic update, leading to malicious file download. The stealthily installed software monitors user activity without knowledge, resembling legitimate business surveillance tools. Users are advised not to open suspicious files from the site and to check for unauthorized installations. This exploit illustrates the rising trend of attackers using legitimate software for illicit purposes.

https://www.malwarebytes.com/blog/scams/2026/02/fake-zoom-meeting-update-silently-installs-surveillance-software

Connected and Compromised: When IoT Devices Turn Into Threats

, ,

IoT devices, often lacking sufficient security features, pose significant risks to both home and enterprise networks. Reused passwords, lack of encryption, and poor data storage practices make these devices vulnerable to credential theft and unauthorized access. While vendors are moving towards more secure devices, the sheer number of existing IoT devices means it will take years to fully mitigate these risks.

https://www.darkreading.com/iot/connected-compromised-iot-devices-turn-threats

Emoji Smuggling: Hiding Malicious Code in Plain Sight

,

TLDR: Emoji smuggling uses Unicode characters to hide malware from security systems, exploiting gaps in text detection, leveraging look-alike characters, emojis as code, invisible characters, and direction trickery. Attackers bypass security filters, making detection difficult. Defenses include input normalization, context-aware security, monitoring, user education, and security design. As AI and LLMs evolve, they face challenges from Unicode attacks, complicating security. Understanding these techniques is crucial for effective defenses against evolving threats.

https://sosintel.co.uk/emoji-smuggling-hiding-malicious-code-in-plain-sight/

Android Malware Taps Gemini to Navigate Infected Devices

, , , ,

Android malware named PromptSpy employs generative AI (Gemini) for adaptive navigation on infected devices. It mainly functions to deploy remote access via VNC, utilizing natural language prompts to interact with user interfaces, enhancing the malware's versatility across different devices. Developed by Chinese speakers, PromptSpy is still largely theoretical, with no live telemetry reports from ESET, but suspected distribution domains hint at potential real-world application. The malware can intercept security codes, record screens, and prevent uninstallation, indicating a disturbing evolution in Android threats.

https://www.theregister.com/2026/02/19/genai_malware_android/

Hackers Target Microsoft Entra Accounts in Device Code Vishing Attacks

, , , ,

Hackers are targeting Microsoft Entra accounts using device code phishing and voice vishing, compromising accounts through legitimate Microsoft OAuth flows without needing traditional phishing methods. This allows attackers to gain valid authentication tokens and access victims' accounts, enabling corporate data theft. The ShinyHunters gang is suspected to be behind these attacks, with recommendations for organizations to monitor OAuth apps, revoke suspicious consents, and consider disabling device code flows when unnecessary.

https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/

Manipulating AI Memory for Profit: The Rise of AI Recommendation Poisoning

,

AI Recommendation Poisoning exploits AI memory to influence recommendations by embedding hidden instructions in prompts. Companies use malicious URLs in “Summarize with AI” buttons, instructing AIs to remember them favorably, leading to biased outputs. The trend poses risks as poisoned AIs provide slanted advice on critical topics, affecting users' decisions without their awareness. Microsoft has begun implementing protections against these attacks, but research indicates widespread attempts across various industries to manipulate AI assistants.

https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/

What Your Bluetooth Devices Reveal About You

, , ,

Bluetooth devices leak personal data. The author built Bluehood, a scanner to analyze Bluetooth presence patterns and understand data exposure risks. Key points include the unintended information leaked by always-on Bluetooth devices, lack of control over Bluetooth settings in many devices, and potential privacy tools needing Bluetooth for functionality. Bluehood passively monitors devices, creating heatmaps and identifying patterns. The main takeaway: users need to be aware of their Bluetooth habits to make informed privacy decisions.

https://blog.dmcc.io/journal/2026-bluetooth-privacy-bluehood/

Password Managers Don’t Protect Secrets if Pwned

,

Research exposes vulnerabilities in popular password managers (Bitwarden, LastPass, Dashlane) claiming zero-knowledge encryption, enabling potential password exposure if servers are compromised. Bitwarden was most affected, with 12 attack methods detailed; LastPass and Dashlane followed with 7 and 6 respectively. The study urges enhanced security practices and clear communications from providers regarding risks and protections. Vendors acknowledged flaws and are addressing them, but similar vulnerabilities may apply to others in the industry.

https://www.theregister.com/2026/02/16/password_managers/

Are Hackers Trying to Utilize Gemini AI’s Capabilities for Malicious Purposes?

, ,

Hackers are attempting to exploit Gemini AI for cyberattacks, as highlighted in a Google Threat Intelligence report. While direct cloning hasn’t succeeded, state-sponsored groups are using AI tools for sophisticated hacks. The private sector is also interested in Gemini’s proprietary technology for development, raising concerns about intellectual property theft. Despite growing reliance on AI, Americans remain distrustful, fearing privacy violations and data exploitation.

https://www.pandasecurity.com/en/mediacenter/are-hackers-trying-to-utilize-gemini-ais-capabilities-for-malicious-purposes/

Scroll to Top