@www.hendryadrian.com@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Site URL: www.hendryadrian.com
Feed URL: www.hendryadrian.com/feed
Posts: 156
Followers: 1
Hacked! Record 2026-03-02
https://www.hendryadrian.com/hacked-record-2026-03-02/
Published: March 3, 2026 12:10
There were 2 defacement incidents targeting websites in Nigeria and Indonesia. The attackers were '-1' and NizamXploit, respectively targeting msmeclinics.gov.ng and mimambaululumjambi.sch.id #Nigeria #Indonesia...
Alleged Sale of 81,000 Customer Records from Dutch Ski Retailer SkiWebShop
Published: March 3, 2026 12:09
Threat actor Wadjet is advertising the alleged sale of SkiWebShop customer data, claiming 81,436 unique email addresses and 70,020 unique phone numbers. The dataset spans multiple European countries and contains detailed billing and account information;…
Threat Actor Selling Compromised EU Police Email Accounts for $1,000 Each to Enable Fraudulent Emergency Data Requests
Published: March 3, 2026 12:08
A threat actor using the handle lucy is selling compromised email accounts from police departments in first-world EU countries for $1,000 each. Buyers are instructed to use these accounts to submit fraudulent emergency data requests and impersonate EU law…
DomainTools Investigations | Doppelgänger / RRN Disinformation Infrastructure Ecosystem 2026
Published: March 3, 2026 12:04
The Doppelgänger / Reliable Recent News (RRN) ecosystem is a professionally managed, cloud-native disinformation infrastructure that uses large-scale media brand impersonation, automated domain generation, TLD substitution, CDN fronting, and centralized…
The patch reality gap: How fast SMBs really patch and what are the risks
Published: March 3, 2026 12:03
Acronis H2 2025 telemetry shows median Microsoft patch install time of 185 hours (7.7 days) with a long P90 tail of 926 hours (38.6 days), while third‑party patches are faster on median (136 hours) but still exhibit a substantial long tail. The report…
OAuth redirection abuse enables phishing and malware delivery
https://www.hendryadrian.com/oauth-redirection-abuse-enables-phishing-and-malware-delivery/
Published: March 3, 2026 12:02
Microsoft Defender researchers observed phishing campaigns that abuse OAuth’s built-in redirection and silent authentication behavior (e.g., prompt=none and invalid scope) to redirect government and public-sector users to attacker-controlled landing pages…
CyberStrikeAI tool adopted by hackers for AI-powered attacks
https://www.hendryadrian.com/cyberstrikeai-tool-adopted-by-hackers-for-ai-powered-attacks/
Published: March 3, 2026 12:01
Researchers report that the open-source AI security testing platform CyberStrikeAI was observed running on the same IP infrastructure used by the threat actor who breached hundreds of Fortinet FortiGate devices. Team Cymru's analysis links CyberStrikeAI to…
Android gets patches for Qualcomm zero-day exploited in attacks
https://www.hendryadrian.com/android-gets-patches-for-qualcomm-zero-day-exploited-in-attacks/
Published: March 3, 2026 12:01
Google released March 2026 Android security updates addressing 129 vulnerabilities, including an actively exploited zero-day in a Qualcomm display component (CVE-2026-21385). Qualcomm says the flaw is an integer overflow in the graphics subcomponent…
UH Cancer Center data breach affects nearly 1.2 million people
https://www.hendryadrian.com/uh-cancer-center-data-breach-affects-nearly-1-2-million-people/
Published: March 3, 2026 12:00
A ransomware gang breached the University of Hawaii Cancer Center's Epidemiology Division in August 2025, stealing data for nearly 1.2 million individuals. Compromised files included names, Social Security numbers, driver's license and voter registration…
Star Citizen game dev discloses breach affecting user data
https://www.hendryadrian.com/star-citizen-game-dev-discloses-breach-affecting-user-data/
Published: March 3, 2026 12:00
Cloud Imperium Games disclosed a January 21, 2026 breach that allowed attackers read-only access to backup systems containing limited user account details. The company says no passwords or financial data were accessed and there is no evidence of public…
Amazon: Drone strikes damaged AWS data centers in Middle East
https://www.hendryadrian.com/amazon-drone-strikes-damaged-aws-data-centers-in-middle-east/
Published: March 3, 2026 11:59
Amazon confirmed drone strikes damaged three AWS data centers in the United Arab Emirates and one in Bahrain, causing an extensive outage that is disrupting dozens of cloud services. The company is restoring physical infrastructure and implementing…
SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains
Published: March 3, 2026 11:59
Arctic Wolf attributes a year-long SloppyLemming campaign (Jan 2025–Jan 2026) against government and critical infrastructure in Pakistan and Bangladesh that used two attack chains to deploy BurrowShell and a Rust-based keylogger. The intrusions relied on…
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
https://www.hendryadrian.com/google-confirms-cve-2026-21385-in-qualcomm-android-component-exploited/
Published: March 3, 2026 11:58
Google disclosed a high-severity vulnerability (CVE-2026-21385) in an open-source Qualcomm Graphics component used in Android devices that has been exploited in the wild. The March 2026 Android update includes a patch for this flaw among 129 fixes, and…
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
Published: March 3, 2026 11:58
Microsoft warns of OAuth-based phishing campaigns that abuse legitimate redirect features to funnel victims to attacker-controlled landing pages without stealing tokens. The attacks target government and public-sector organizations and deliver malware via…
RedAlert Trojan Campaign: Fake Emergency Alert App Spread via SMS Spoofing Israeli Home Front Command | CloudSEK
Published: March 3, 2026 11:54
The RedAlert campaign distributes a trojanized version of the official Israeli Home Front Command "Red Alert" app via targeted SMS phishing, tricking users into sideloading a malicious APK that mirrors the legitimate UI while embedding a multi-stage…
Ngong Ping 360 Hit by Cyberattack; Investigation Ongoing and Data Protection Measures Implemented
Published: March 3, 2026 08:17
Ngong Ping 360 experienced a cyber attack and the incident is currently under investigation. The company has implemented measures to protect its users' data. #NgongPing360 #np360
Cyber Attack Halts Langenzersdorf Municipality in Lower Austria
https://www.hendryadrian.com/cyber-attack-halts-langenzersdorf-municipality-in-lower-austria/
Published: March 3, 2026 08:16
On 27 February 2026 the Municipality of Langenzersdorf was hit by a cyber attack that made its internal network unavailable and forced the suspension of town hall operations. Security experts are working to restore systems while the municipality asks…
Den kulturelle skolesekken Data Breach Exposes 1.3M Records
https://www.hendryadrian.com/den-kulturelle-skolesekken-data-breach-exposes-1-3m-records/
Published: March 3, 2026 08:14
Norway’s national arts program Den kulturelle skolesekken (DKS), managed by Kulturtanken, was allegedly breached with an actor claiming to have exfiltrated a database and posting samples on a cybercrime forum. The leak reportedly contains 1,389,534 rows of…
Unauthorized AI Agent Execution Code Published to OpenVSX in Aqua Trivy VS Code Extension
Published: March 3, 2026 08:12
Versions 1.8.12 and 1.8.13 of the Aqua Trivy VS Code extension published to OpenVSX contained injected code that launched local AI coding assistants (Claude, Codex, Gemini, GitHub Copilot CLI, Kiro CLI) in permissive modes to perform broad system…
Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
Published: March 3, 2026 07:42
Google will adopt Merkle Tree Certificates (MTCs) in Chrome to make HTTPS certificates resilient against future quantum attacks while avoiding bulky post-quantum X.509 chains. The company is collaborating with Cloudflare and the PLANTS working group to…
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Published: March 3, 2026 07:41
Cybersecurity researchers disclosed a now-patched Chrome vulnerability (CVE-2026-0628) in the WebView-based Gemini Live side panel that could let malicious extensions escalate privileges and access local files, camera, and microphone. The bug, dubbed Glic…
Alleged India-linked espionage campaign targeted Pakistan, Bangladesh, Sri Lanka
Published: March 3, 2026 07:40
An espionage campaign running from January 2025 targeted government agencies and critical infrastructure in Pakistan, Bangladesh and Sri Lanka, using social-engineered emails and 112 Cloudflare domains to stage malicious documents. Arctic Wolf attributed…
University of Hawaiʻi Cancer Center confirms data leak following ransomware attack
Published: March 3, 2026 07:40
The University of Hawaiʻi Cancer Center disclosed a ransomware attack on its epidemiology division that exposed up to 1.2 million records, including SSNs, driver’s license numbers, voter registration data, and some health-related information.…
Cyber Command disrupted Iranian comms, sensors, top general says
https://www.hendryadrian.com/cyber-command-disrupted-iranian-comms-sensors-top-general-says/
Published: March 3, 2026 07:37
U.S. Cyber Command and U.S. Space Command carried out coordinated cyber and space operations that disrupted Iranian communications and sensor networks to support Operation Epic Fury. The efforts helped enable a joint U.S.-Israeli bombing campaign that…
Madison Square Garden Data Breach Confirmed Months After Hacker Attack
https://www.hendryadrian.com/madison-square-garden-data-breach-confirmed-months-after-hacker-attack/
Published: March 3, 2026 07:36
Madison Square Garden confirmed a data breach after the Cl0p extortion group exploited zero-day vulnerabilities in Oracle’s E-Business Suite as part of a campaign that affected more than 100 organizations. Cl0p leaked over 210GB of stolen archive files…
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
https://www.hendryadrian.com/openclaw-vulnerability-allowed-websites-to-hijack-ai-agents/
Published: March 3, 2026 07:35
A flaw in the OpenClaw AI assistant's local gateway allowed attackers to hijack agents by luring developers to malicious websites without installing extensions or requiring further user interaction. Because the WebSocket gateway bound to localhost exempted…
Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant
https://www.hendryadrian.com/vulnerability-allowed-hijacking-chromes-gemini-live-ai-assistant/
Published: March 3, 2026 07:35
A vulnerability in Chrome's Gemini Live side panel could have allowed malicious extensions to inject JavaScript, hijack the AI assistant, and spy on users or exfiltrate data. Palo Alto Networks reported CVE-2026-0628 and Google patched the issue in Chrome…
University of Hawaii Cancer Center Breach Exposes SSNs of 87,000+ Participants
Published: March 3, 2026 07:34
The University of Hawaii’s Cancer Center suffered a 2025 ransomware attack that encrypted and potentially exfiltrated historical research files, exposing Social Security numbers, driver’s license numbers, and voter registration data. The breach impacted…
Infected by GTA 5 Cheats: How an Infostealer Infection Unmasked a North Korean Agent
Published: March 3, 2026 07:33
Researchers analyzing Hudson Rock cybercrime telemetry found a suspected DPRK IT worker’s machine infected with the LummaC2 infostealer, and its exfiltrated logs revealed an undocumented Indonesian proxy node tied to a broad "Vueyi" fraud operation. The…
Cybersecurity News | Daily Recap [02 Mar 2026]
https://www.hendryadrian.com/cybersecurity-news-daily-recap-02-mar-2026/
Published: March 3, 2026 07:26
Daily Recap, North Korea actors published 26 steganographic npm packages (StegaBin) that pull Vercel-hosted C2s from Pastebin to deploy credential stealers and a RAT, while APT37 expanded tooling with LNKs and implants (Restleaf, ThumbSBD, VirusTask,…
Ransom! Grupo D’arc (MAR-2026)
https://www.hendryadrian.com/ransom-grupo-darc-mar-2026/
Published: March 2, 2026 13:12
Qilin claims responsibility for a ransomware incident targeting Grupo D'arc in Mexico. The claim provides attribution with limited detail #Mexico
Ransom! Southold Town Senior ServicesSouthold Police Department (MAR-2026)
Published: March 2, 2026 13:11
Rhysida claims a ransomware incident affecting Southold Town Senior Services and the Southold Police Department, disrupting access to forms, online payments, and resident notifications. The Town of Southold, New York is assessing the breach and working to…
North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Published: March 2, 2026 13:06
Researchers disclosed a new iteration of the Contagious Interview campaign — tracked as StegaBin and attributed to the North Korean Famous Chollima cluster — that published 26 malicious npm packages masquerading as developer tools to deliver a…
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
Published: March 2, 2026 13:05
A recently patched high-severity MSHTML vulnerability (CVE-2026-21513) may have been exploited by the Russia-linked threat actor APT28, according to Akamai's findings. The flaw allows crafted HTML or LNK files to bypass browser protections and invoke…
How to Protect Your SaaS from Bot Attacks with SafeLine WAF
https://www.hendryadrian.com/how-to-protect-your-saas-from-bot-attacks-with-safeline-waf/
Published: March 2, 2026 13:05
Most SaaS teams misread sudden traffic growth as organic success while bots inflate sign-ups, scrape APIs, and drive up server costs. SafeLine is a self‑hosted WAF and reverse proxy that uses semantic request analysis, anti‑bot challenges, rate limiting,…
Cyberattack briefly disrupts Russian internet regulator and defense ministry websites
Published: March 2, 2026 13:04
Russia’s internet regulator Roskomnadzor and the Russian Defense Ministry experienced a large, brief multi-vector DDoS attack that disrupted access to their websites and related infrastructure, including the Main Radio Frequency Center (GRFC). Roskomnadzor…
North Korean APT Targets Air-Gapped Systems in Recent Campaign
https://www.hendryadrian.com/north-korean-apt-targets-air-gapped-systems-in-recent-campaign/
Published: March 2, 2026 13:03
APT37 (aka ScarCruft/Ruby Sleet/Velvet Chollima) deployed five new tools in the Ruby Jumper campaign to compromise air-gapped systems using LNK-triggered PowerShell and a decoy Arabic document. The attack chain uses RestLeaf with Zoho WorkDrive for C2 to…
Microsoft warns of RAT delivered through trojanized gaming utilities
https://www.hendryadrian.com/microsoft-warns-of-rat-delivered-through-trojanized-gaming-utilities/
Published: March 2, 2026 12:57
Microsoft Defender researchers uncovered a campaign that tricks users into running trojanized gaming utilities (Xeno.exe and RobloxPlayerBeta.exe) distributed through browsers and chat platforms, leading to the deployment of a remote access trojan. A…
North Korea’s APT37 Expands Toolkit to Breach Air-Gapped Networks
https://www.hendryadrian.com/north-koreas-apt37-expands-toolkit-to-breach-air-gapped-networks/
Published: March 2, 2026 12:57
A North Korea–linked group, APT37, has deployed a new "Ruby Jumper" campaign that uses malicious LNK files and a suite of implants to infect systems and bridge air-gapped networks via removable USB media. The operation leverages newly documented tools —…
AWS Expands Security Hub Into a Cross-Domain Security Platform
https://www.hendryadrian.com/aws-expands-security-hub-into-a-cross-domain-security-platform/
Published: March 2, 2026 12:56
AWS has launched Security Hub Extended to unify its own tools like Inspector and GuardDuty with a curated set of third-party vendors under a single-pane mini-SOC. The service uses the Open Cybersecurity Schema Framework (OCSF) for pre-normalized findings,…
Nick Andersen Appointed Acting Director of CISA
https://www.hendryadrian.com/nick-andersen-appointed-acting-director-of-cisa/
Published: March 2, 2026 12:56
Nick Andersen has been appointed acting director of the United States' Cybersecurity and Infrastructure Security Agency (CISA), replacing Madhu Gottumukkala who is leaving for a senior role at the Department of Homeland Security. Gottumukkala's departure…
Chilean National Extradited to U.S. Over Stolen Credit Card Data Trafficking Scheme
Published: March 2, 2026 12:55
A Chilean national, Alex Rodrigo Valenzuela Monje (aka VAL4K), was extradited to the United States and arraigned on charges alleging he ran Telegram-based carding channels that sold tens of thousands of stolen payment cards. Court documents claim his…
Ring Camera Doorbell Ad Triggers Privacy Concerns and Public Criticism in America
Published: March 2, 2026 12:55
Ring’s Super Bowl commercial for its camera doorbells sparked major backlash across the United States, prompting subscription cancellations, threatened lawsuits, and the end of a partnership with ALPR firm Flock. The controversy highlighted broader privacy…
CISA Warns RESURGE Malware Can Remain Dormant on Ivanti Connect Secure Devices
Published: March 2, 2026 12:54
CISA's updated analysis reveals RESURGE malware remains dormant on compromised Ivanti Connect Secure devices, enabling stealthy, persistent access that evades routine detection. The malware exploits CVE-2025-0282 and leverages advanced ECC encryption,…
AkzoNobel Suffers Data Breach by Anubis Ransomware Group
https://www.hendryadrian.com/akzonobel-suffers-data-breach-by-anubis-ransomware-group/
Published: March 2, 2026 12:09
The Anubis ransomware group claims it breached AkzoNobel and exfiltrated sensitive corporate and client data from one of the company’s branches. AkzoNobel allegedly refused to pay the ransom, and the stolen files reportedly include client contacts, NDAs,…
Fundação Getulio Vargas (FGV) Suffers Ransomware Attack
https://www.hendryadrian.com/fundacao-getulio-vargas-fgv-suffers-ransomware-attack/
Published: March 2, 2026 12:07
The Dragonforce ransomware group claims to have breached Fundação Getulio Vargas (FGV), a leading Brazilian educational and research institution. The actor alleges approximately 1.52 TB of organizational data were exfiltrated, including personal…
Rhysida Ransomware Attack Hits Southold Police and Senior Services
https://www.hendryadrian.com/rhysida-ransomware-attack-hits-southold-police-and-senior-services/
Published: March 2, 2026 12:06
The Rhysida ransomware group claims to have breached Southold Town Senior Services and the Southold Police Department in New York. The actor says the stolen data is being auctioned to a single buyer with a 10 BTC starting price and a seven-day timer,…
BE-ATEX Data Breach Exposes Customer and Employee Information
https://www.hendryadrian.com/be-atex-data-breach-exposes-customer-and-employee-information/
Published: March 2, 2026 12:05
BE-ATEX, a French gas detection and safety equipment company, has reportedly been compromised after an unknown user on a cybercrime forum claimed to have scraped data from its internal administrative panel and shared screenshots of the dashboard and…
Ransom! Ricopia (MAR-2026)
https://www.hendryadrian.com/ransom-ricopia-mar-2026/
Published: March 2, 2026 06:10
thegentlemen's ransomware claim alleges they have compromised Ricopia in Spain, threatening access to the company's systems and data. Ricopia is a long-standing tech services firm with over 100 experts who help businesses upgrade technology and work…
Ransom! Afezo (MAR-2026)
https://www.hendryadrian.com/ransom-afezo-mar-2026/
Published: March 2, 2026 06:09
The ransomware claim states that Afezo B.V. was victimized by the threat actor thegentlemen. It describes encrypted systems and potential data leakage affecting their urban sewer and infrastructure projects in Amsterdam and the Zaanstreek. #Netherlands
Ransom! lke-group.com (MAR-2026)
https://www.hendryadrian.com/ransom-lke-group-com-mar-2026/
Published: March 2, 2026 01:48
Incransom claims to have breached lke-group.com, a Germany-based provider of custom transport equipment, encrypting systems and threatening exposure of sensitive data. The claim indicates disruption to LKE Group's operations and potential impact on its…
Ransom! AkzoNobel (MAR-2026)
https://www.hendryadrian.com/ransom-akzonobel-mar-2026/
Published: March 2, 2026 01:47
A claim alleges that AkzoNobel, a leading global paints and coatings company, was breached in a data incident attributed to the threat actor Anubis. The ransomware claim suggests data exfiltration and potential disruption, with the Netherlands as the…
Ransom! abramssales.com (MAR-2026)
https://www.hendryadrian.com/ransom-abramssales-com-mar-2026/
Published: March 2, 2026 00:23
A ransomware claim targets abramssales.com in the United States, attributed to threat actor incransom. Abrams Architectural Products, Inc., founded in 2001 and employing about 50 people, is a leading distributor, fabricator, and installer of architectural…
Ransom! denmark.k12.wi.us (MAR-2026)
https://www.hendryadrian.com/ransom-denmark-k12-wi-us-mar-2026/
Published: March 2, 2026 00:22
A ransomware claim targets denmark.k12.wi.us in the United States, attributed to threat actor incransom, impacting Denmark High School in Wisconsin, an education entity employing about 200 people and reporting approximately $18.2 million in revenue. The…
Hacked! Record 2026-03-01
https://www.hendryadrian.com/hacked-record-2026-03-01/
Published: March 2, 2026 00:18
There was 1 defacement incident targeting the website iestptrt.edu.pe, affecting Peru. The attacker involved was Mr.XycanKing. #Peru...
Ransom! City of Seal Beach and Seal Beach Police Department (MAR-2026)
https://www.hendryadrian.com/ransom-city-of-seal-beach-and-seal-beach-police-department-mar-2026/
Published: March 2, 2026 00:15
The City of Seal Beach and the Seal Beach Police Department reported a ransomware incident attributed to the threat actor Qilin, disrupting municipal operations. The claim centers on encrypted files and a ransom demand, with limited public details on…
Ransom! http://ramet-trom.co.il/ (MAR-2026)
https://www.hendryadrian.com/ransom-http-ramet-trom-co-il-mar-2026/
Published: March 2, 2026 00:14
Ransomware claim indicates that the victim at http://ramet-trom.co.il/ experienced the exfiltration of about 1 terabyte of data, including blueprints and contracts, attributed to the threat actor incransom. The claim notes that this group is not recognized…
Threat Research | Weekly Recap [01 Mar 2026]
https://www.hendryadrian.com/threat-research-weekly-recap-01-mar-2026/
Published: March 2, 2026 00:10
Cybersecurity Threat Research 'Weekly' Recap highlights burgeoning risks from agentic AI in SOCs, OpenClaw backdoors, and AI‑augmented malware experiments, spanning supply‑chain abuse, developer‑targeting campaigns, phishing, and OT/edge security…
Samsung TVs to stop collecting Texans’ data without express consent
https://www.hendryadrian.com/samsung-tvs-to-stop-collecting-texans-data-without-express-consent/
Published: March 2, 2026 00:10
Samsung and the State of Texas reached a settlement requiring Samsung to halt collecting or processing Automated Content Recognition (ACR) viewing data from Texas consumers without obtaining their express consent and to update its privacy disclosures. The…
ClawJacked attack let malicious websites hijack OpenClaw to steal data
https://www.hendryadrian.com/clawjacked-attack-let-malicious-websites-hijack-openclaw-to-steal-data/
Published: March 2, 2026 00:09
The OpenClaw AI agent had a high-severity vulnerability dubbed "ClawJacked" that let a malicious website silently brute-force a locally running gateway and take control of the platform. Oasis Security reported the issue and OpenClaw released a fix in…
Cybersecurity News | Daily Recap [28 Feb 2026]
https://www.hendryadrian.com/cybersecurity-news-daily-recap-28-feb-2026/
Published: March 1, 2026 23:58
Daily Recap, North Korea-linked operators use removable drives and Zoho WorkDrive C2 in the Ruby Jumper campaign to deploy RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK and FOOTWINE to bridge air-gapped networks and exfiltrate data. The recap also covers…
Hackers Weaponize Claude Code in Mexican Government Cyberattack
https://www.hendryadrian.com/hackers-weaponize-claude-code-in-mexican-government-cyberattack/
Published: March 1, 2026 14:17
Anthropic’s Claude Code assistant was abused in a cyberattack against Mexico’s government systems, compromising ten government bodies and a financial institution beginning with the tax authority in late December 2025. Gambit Security says attackers sent…
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
Published: March 1, 2026 04:47
A high-severity OpenClaw vulnerability codenamed ClawJacked allowed attacker-controlled websites to connect to a local OpenClaw gateway, brute-force its password, auto-register as a trusted device, and fully control AI agents. OpenClaw issued a patch in…
Cybersecurity News | Daily Recap [27 Feb 2026]
https://www.hendryadrian.com/cybersecurity-news-daily-recap-27-feb-2026/
Published: February 28, 2026 21:35
Daily Recap, governance and policy shifts are tightening security posture in the UK with a Vulnerability Monitoring Service and a refreshed Cyber Profession that cut fix times from ~50 days to 8 and reduced critical backlog by 75%, alongside DNS risk…
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
https://www.hendryadrian.com/4-8m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/
Published: February 28, 2026 21:31
South Korea’s National Tax Service accidentally published a photo showing the handwritten mnemonic recovery phrase for a seized Ledger cold wallet, allowing an attacker to transfer roughly 4 million Pre‑Retogeum (PRTG) tokens—about $4.4–4.8 million—out of…
QuickLens Chrome extension steals crypto, shows ClickFix attack
https://www.hendryadrian.com/quicklens-chrome-extension-steals-crypto-shows-clickfix-attack/
Published: February 28, 2026 21:31
A Chrome extension called QuickLens was hijacked after a change of ownership and a malicious update (v5.8) stripped site security headers, gained elevated permissions, and injected scripts from a command-and-control server to run on every page. Those…
Ransom! hicare (FEB-2026)
https://www.hendryadrian.com/ransom-hicare-feb-2026/
Published: February 28, 2026 14:37
A ransomware claim involving hicare in the United States has been attributed to the threat actor nightspire. Data is not available at this time #UnitedStates
Ransom! PriceTable (FEB-2026)
https://www.hendryadrian.com/ransom-pricetable-feb-2026/
Published: February 28, 2026 14:37
Nightspire claims a ransomware attack on PriceTable in the United States. Data is not available now #UnitedStates
StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer
Published: February 28, 2026 14:31
Socket detected a coordinated typosquatting npm campaign dubbed "StegaBin" that published 26 malicious packages which use Pastebin-based character-level steganography to hide Vercel C2 infrastructure and deliver a multi-stage installer that ultimately…
Why 2026 is the Year to Upgrade to an Agentic AI SOC
https://www.hendryadrian.com/why-2026-is-the-year-to-upgrade-to-an-agentic-ai-soc/
Published: February 28, 2026 14:24
Agentic AI is moving from pilots to production in enterprise SOCs in 2026, enabling automated triage, correlated attack discovery, and auditable response while governance and tooling mature. Elastic positions its platform — including Attack Discovery,…
Ransom! J.R. Martin & Associates (FEB-2026)
https://www.hendryadrian.com/ransom-j-r-martin-associates-feb-2026/
Published: February 28, 2026 14:13
J.R. Martin & Associates, a high-quality, comprehensive accounting and tax service in the United States, reports a ransomware claim attributed to the threat actor 'pear'. The claim involves encryption of data and potential extortion against the firm.…
Ransom! Skibiel Law ( FEB-2026)
https://www.hendryadrian.com/ransom-skibiel-law-feb-2026/
Published: February 28, 2026 14:12
Skibiel Law in the United States reports a ransomware claim attributed to the threat actor 'pear' that impacted Georgia Work Injury And Personal Injury Lawyers. The incident underscores pear's activity targeting U.S. law firms. #UnitedStates
Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement
Published: February 28, 2026 14:08
Researchers found that Google Cloud API keys, many embedded in client-side code as billing identifiers, can be abused to authenticate to Gemini endpoints and expose uploaded files and cached data. Truffle Security and Quokka reported thousands of exposed…
Canadian Tire Data Breach Impacts 38 Million Accounts
https://www.hendryadrian.com/canadian-tire-data-breach-impacts-38-million-accounts/
Published: February 28, 2026 14:07
More than 38 million e-commerce accounts were affected by an October 2025 data breach at Canadian Tire that exposed personal customer information and was later listed on Have I Been Pwned. The leaked dataset included names, email addresses, PBKDF2-hashed…
Ransom! Aegis Project Controls (FEB-2026)
https://www.hendryadrian.com/ransom-aegis-project-controls-feb-2026/
Published: February 28, 2026 14:05
DragonForce claims to have exfiltrated 214GB of Aegis Project Controls' files, including military-critical facilities, biosecurity laboratories, and other critical infrastructure, threatening to publish them and jeopardize US national security if not paid.…
Ransom! Whipflip (FEB-2026)
https://www.hendryadrian.com/ransom-whipflip-feb-2026/
Published: February 28, 2026 14:05
Whipflip in the United States is the victim of a ransomware claim attributed to nightspire. Data is not available now.. #UnitedStates
Inside a fake Google security check that becomes a browser RAT
https://www.hendryadrian.com/inside-a-fake-google-security-check-that-becomes-a-browser-rat/
Published: February 28, 2026 10:34
A phishing site impersonating a Google Account security page uses a Progressive Web App (PWA) and service worker to harvest contacts, push notifications, GPS, clipboard contents, intercept OTPs, scan local networks, and proxy traffic through the victim's…
The Threat of Cyber Attacks against Indonesia 2026
https://www.hendryadrian.com/the-threat-of-cyber-attacks-against-indonesia-2026/
Published: February 28, 2026 10:23
Indonesia faces an increasingly complex cyber threat landscape in 2026, with scams, mobile malware, state-sponsored espionage, and ransomware targeting government, banking, telecom, and critical infrastructure. Threat actors are expanding operations across…
Ransom! HEMIC – Hawaii Employers’ Mutual Insurance Co (FEB-2026)
https://www.hendryadrian.com/ransom-hemic-hawaii-employers-mutual-insurance-co-feb-2026/
Published: February 28, 2026 10:09
HEMIC, the Hawaii Employers' Mutual Insurance Co., a Honolulu-based workers' compensation insurer founded in 1996, reported a ransomware claim attributed to SilentRansomGroup. The incident allegedly affected its information systems and operations,…
Ransom! US.MAD DOG CONSTRUCTION (FEB-2026)
https://www.hendryadrian.com/ransom-us-mad-dog-construction-feb-2026/
Published: February 28, 2026 10:08
Nightspire claims ransomware activity against US.MAD DOG CONSTRUCTION in the United States, data is not available now. No additional details have been released #UnitedStates
Ransom! Plaza Home Mortgage (FEB-2026)
https://www.hendryadrian.com/ransom-plaza-home-mortgage-feb-2026/
Published: February 28, 2026 10:03
The SilentRansomGroup claims a ransomware incident against Plaza Home Mortgage in the United States, threatening data exposure unless a ransom is paid. Plaza Home Mortgage, founded in 2000, offers conventional fixed-rate, conventional ARM, FHA, and VA…
Ransom! keliweb (FEB-2026)
https://www.hendryadrian.com/ransom-keliweb-feb-2026/
Published: February 28, 2026 09:55
Threat actor vect is negotiating with keliweb, an IT sector victim in Italy, after claiming access to 200GB of data in a ransomware incident. The IT sector victim faces a 28d 7h deadline for negotiations #Italy
Ransom! Casas del Mediterraneo (FEB-2026)
https://www.hendryadrian.com/ransom-casas-del-mediterraneo-feb-2026/
Published: February 28, 2026 09:54
Vect claims a ransomware incident against Casas del Mediterraneo in Spain's Real Estate sector, involving about 200GB of data. Negotiations are ongoing, with a deadline of 29d 7h. #Spain
Hacked! Record 2026-02-27
https://www.hendryadrian.com/hacked-record-2026-02-27/
Published: February 28, 2026 09:50
There were 2 defacement incidents targeting Bangladesh and Brazil. The attackers involved were Hassanov and m4ir0x. #Bangladesh #Brazil...
Ransom! jdaas (MMM-YYYY, example JAN-2026 from this date 2026-02-28 03:10:37.647061)
Published: February 28, 2026 09:49
A ransomware claim from threat actor vect targets the IT sector victim 'jdaas' in India, with negotiations ongoing. It threatens backups, source codes, financial records, and other sensitive data totaling 600GB, with a deadline of 20d 7h. #India
Ransom! SK-Telecom – Data reuploaded (FEB-2026)
https://www.hendryadrian.com/ransom-sk-telecom-data-reuploaded-feb-2026/
Published: February 28, 2026 09:48
SK-Telecom reports that data has been reuploaded by the threat actor coinbasecartel from KR. [AI generated] SK Telecom is a leading South Korean wireless telecommunication services provider, covering mobile phone services, broadband Internet services, and…
IT Security Incident at Konstanz City Administration
https://www.hendryadrian.com/it-security-incident-at-konstanz-city-administration/
Published: February 28, 2026 09:42
An IT security incident targeted a mobile device management system used by the Konstanz city administration. Administrative operations were not affected, and only a small number of employee records appear to have been compromised; citizen, customer and…
900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks
https://www.hendryadrian.com/900-sangoma-freepbx-instances-compromised-in-ongoing-web-shell-attacks/
Published: February 28, 2026 09:39
The Shadowserver Foundation has found that more than 900 Sangoma FreePBX instances remain infected with web shells after attackers began exploiting a post-authentication command injection vulnerability (CVE-2025-64328) in December 2025. Fortinet links the…
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams
https://www.hendryadrian.com/doj-seizes-61-million-in-tether-linked-to-pig-butchering-crypto-scams/
Published: February 28, 2026 09:36
The U.S. Department of Justice seized $61 million in Tether tied to pig butchering cryptocurrency investment scams and traced the funds to addresses used to launder proceeds stolen from victims. Authorities say organized syndicates operating from scam…
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute
Published: February 28, 2026 09:35
Anthropic was designated a "supply chain risk" by the Department of War after negotiations collapsed over requests to prohibit its AI model Claude from being used for mass domestic surveillance and fully autonomous weapons. The designation triggered…
Instagram to start alerting parents when children search for terms relating to self-harm
Published: February 28, 2026 09:35
Meta will notify parents if their child repeatedly searches Instagram for language related to self-harm or suicide within a short time frame, and the system will expand beyond the U.S., U.K., Australia and Canada later this year. The company is also…
Samsung updates ACR privacy practices after Texas sues TV manufacturers
Published: February 28, 2026 09:34
Texas Attorney General Ken Paxton said Samsung agreed to stop collecting and processing Automated Content Recognition (ACR) viewing data from Texas consumers without first obtaining consent, resolving a lawsuit the state filed in December. Samsung will…
Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology
Published: February 28, 2026 09:33
President Donald Trump ordered all federal agencies to phase out Anthropic technology after a public dispute between the company and the Pentagon over military use and AI safety. The standoff — which includes threats of contract termination, supply-chain…
CISA warns that RESURGE malware can be dormant on Ivanti devices
https://www.hendryadrian.com/cisa-warns-that-resurge-malware-can-be-dormant-on-ivanti-devices/
Published: February 28, 2026 09:28
CISA has released new technical details on RESURGE, a persistent implant that exploited the CVE-2025-0282 zero-day to compromise Ivanti Connect Secure devices. The implant remains latent until a specific inbound TLS connection using CRC32 TLS…
Europol-led crackdown on The Com hackers leads to 30 arrests
https://www.hendryadrian.com/europol-led-crackdown-on-the-com-hackers-leads-to-30-arrests/
Published: February 28, 2026 09:28
Europol's yearlong Project Compass operation led to 30 arrests and tied 179 suspects to "The Com," a decentralized online collective that targets children and teenagers. The investigation across 28 countries identified 62 victims, safeguarded four, exposed…
APT37 hackers use new malware to breach air-gapped networks
https://www.hendryadrian.com/apt37-hackers-use-new-malware-to-breach-air-gapped-networks/
Published: February 28, 2026 09:28
North Korean state-backed group APT37 is running a campaign called Ruby Jumper that uses removable drives to bridge air-gapped systems for data exfiltration and covert surveillance. Researchers at Zscaler identified a five-tool toolkit — RESTLEAF,…
Cybersecurity News | Daily Recap [26 Feb 2026]
https://www.hendryadrian.com/cybersecurity-news-daily-recap-26-feb-2026/
Published: February 27, 2026 18:17
Daily Recap, U.S. sanctions target Operation Zero and its owner Sergey Zelenyuk after investigators found the broker bought stolen zero‑day exploits from a jailed ex-L3Harris exec, Peter Williams, whose theft caused $35 million in losses and asset…
Hacked! Record 2026-02-26
https://www.hendryadrian.com/hacked-record-2026-02-26/
Published: February 27, 2026 18:16
There were 9 defacement incidents targeting websites in Brazil, Bosnia and Herzegovina, and Afghanistan. The intrusions were carried out by attackers identified as m4ir0x and aDriv4, affecting multiple municipal and government sites. #Brazil…
Manage your Elastic security stack as code with the Elastic Stack Terraform provider — Elastic Security Labs
Published: February 27, 2026 18:01
The Elastic Stack Terraform provider now enables security-as-code by letting teams manage detection rules, exception lists, prebuilt rules, ML anomaly detection jobs, synthetics monitors, and AI connectors in HCL for versioned, peer-reviewed workflows.…
Hook, line, and vault: A technical deep dive into the 1Phish kit | Datadog Security Labs
Published: February 27, 2026 17:59
The 1Phish phishing kit evolved from a simple credential harvester in September 2025 into a multi-stage, MFA-aware, REST-API-driven phishing application by February 2026 that captures emails, secret keys, passwords, OTPs, and recovery codes while employing…
~ 56 additional posts are not shown ~