Recently leaked Windows zero-days now exploited in attacks Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions.

Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions.

Microsoft rolls out fast-track to reinstate Windows hardware dev accounts Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out without warning.

Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out without warning.

Exclusive: Russia-linked hackers compromised scores of Ukrainian prosecutors’ email accounts, data shows Russia-linked hackers broke into more than 170 email accounts belonging to prosecutors and investigators across Ukraine during the last several ​months, according to data reviewed by Reuters, a campai...

Fancy Bear (APT28) hackers compromised at least 284 inboxes between September 2024 and March 2026.

“In Romania, the hackers compromised at least 67 email accounts maintained by the ​Romanian Air Force, including several ⁠belonging to NATO airbases”

www.reuters.com/world/russia...

Hackers exploiting Acrobat Reader zero-day flaw since December Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December.

Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December.

CERT-EU: European Commission hack exposes data of 30 EU entities The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities.

The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities.

Medtech giant Stryker fully operational after data-wiping attack Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group.

Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group.

NASA’s mission to orbit the Moon is being interrupted by Outlook (New) and Outlook (classic) both refusing to open 😂

Hackers compromise Axios npm package to drop cross-platform malware Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems.

Hackers hijacked the npm account for Axios, a JavaScript HTTP client with 100M+ weekly downloads, and published malicious versions that delivered RAT malware to Linux, Windows, and macOS systems.

www.bleepingcomputer.com/news/securit...

Dutch Finance Ministry takes treasury banking portal offline after breach The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago.

The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago.

European Commission investigating breach after Amazon cloud hack The European Commission is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure.

The European Commission is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure.

The Orbán mafia has tried to undermine TISZA, Hungary's strongest party, using a range of methods. In addition to infiltration, blackmail, and threats, this has included the use of illegal intelligence tools by @PM_ViktorOrban 's inner circle, including Candiru, an Israeli-developed spyware and successor to Pegasus. We have reason to believe that the Hungarian intelligence services, in cooperation with Eastern powers, deployed this originally military-grade spyware on TISZA's systems and network. The intelligence services specifically targeted TISZA's IT security experts because they had uncovered the use of Candiru.

Hungarian opposition leader Peter Magyar has accused the ruling government of using the Candiru spyware against his TISZA party

x.com/magyarpeterM...

Oracle pushes emergency fix for critical Identity Manager RCE flaw Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992.

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992.

FBI links Signal phishing attacks to Russian intelligence services The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts.

The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts.

FBI seizes Handala data leak site after Stryker cyberattack The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices.

The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices.

Stryker attack wiped tens of thousands of devices, no malware needed Last week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices.

The Handala hacktivist group (which claimed the cyberattack on medical technology giant Stryker last week) used the wipe command in Microsoft’s Intune cloud-based endpoint management service to erase data from nearly 80,000 devices.

www.bleepingcomputer.com/news/securit...

Starbucks discloses data breach affecting hundreds of employees Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.

Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.

ShinyHunters claims ongoing Salesforce Aura data theft attacks Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances.

Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances.

Ericsson US discloses data breach after service provider hack Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers.

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers.

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously. 1/7

FBI investigates breach of surveillance and wiretap systems The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants.

The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants.

Wikipedia hit by self-propagating JavaScript worm that vandalized pages The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis.

FBI seizes LeakBase cybercrime forum, data of 142,000 members The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data.

The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data.

CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements An internal DHS document obtained by 404 Media shows for the first time CBP used location data sourced from the online advertising industry to track phone locations. ICE has bought access to similar t...

SCOOP: An internal DHS document obtained by 404 Media shows for the first time CBP used location data sourced from the online advertising industry to track phone locations.

This surveillance can happen through all sorts of apps, such as video games, news apps, weather trackers, and dating apps.

Amazon: Drone strikes damaged AWS data centers in Middle East Amazon has confirmed that three Amazon Web Services (AWS) data centers in the United Arab Emirates (UAE) and one in Bahrain have been damaged by drone strikes, causing an extensive outage that is still affecting dozens of cloud computing services.

Amazon has confirmed that three Amazon Web Services (AWS) data centers in the United Arab Emirates (UAE) and one in Bahrain have been damaged by drone strikes, causing an extensive outage that is still affecting dozens of cloud computing services.

Across party lines and industry, the verdict is the same: CISA is in trouble One year into the second Trump administration, CISA faces a 33% loss in personnel and shuttered divisions. Experts warn of "decimated" capabilities and a leadership vacuum as the agency struggles to m...

Seeing the lengthy list of changes/cutbacks to CISA catalogued in this one piece makes it clear there is little left of it. The agency is less than a decade old and struggled for years to find its footing before it started to make progress. But all advances it made have been gutted in last 12 months

Meta Takes Legal Action Against Scam Advertisers We've filed multiple lawsuits against deceptive advertisers in Brazil, China, and Vietnam, and continue to work aggressively to find and disrupt scams on our platforms.

In an unexpected twist of events, Meta says they're taking legal action "to combat scams" and filed "lawsuits against deceptive advertisers in Brazil and China that used celeb-bait and a Vietnam-based advertiser who used cloaking and led a subscription fraud scheme."

about.fb.com/news/2026/02...

Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023 Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks.

Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks.

Two stories next to each other: from CNN 'Pentagon threatens to make Anthropic a pariah if it refuses to drop Al guardrails', and from New Scientist: 'Als can't stop recommending nuclear strikes in war game simulations Leading Als from OpenAl, Anthropic and Google opted to use nuclear weapons in simulated war games in 95 per cent of cases'

Just leaving these two stories next to each other.:
'AIs can’t stop recommending nuclear strikes in war game simulations' & 'Pentagon threatens to make Anthropic a pariah if it refuses to drop AI guardrails'
www.newscientist.com/article/2516... edition.cnn.com/2026/02/24/t...

Weird cyber story from Russia: a Moscow resident Ruslan Satuchin faces criminal charges for allegedly contacting Conti under the pretense of the FSB & extorting money for protection. Now he's investigated for fraud

No word of legal action against Conti

www.rbc.ru/society/25/0...

Bybit exploit 12 months on: the DPRK threat continues The Bybit hack was an inflection point, not a culmination. Elliptic research reveals how DPRK operatives may now be creating cryptoasset projects, not just infiltrating them.

It's been a year since North Korean hackers stole $1.5 billion from Bybit, and they completely got away with it, ha ha ha.

Bybit exploit 12 months on: the DPRK threat continues

www.elliptic.co/blog/bybit-e...