CyberSecurity Newsletter February 2nd, 2026
In this week’s news: DOJ releases details alleged talented hacker working for Jeffrey Epstein , EFF calls out major tech companies on encryption promises, Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access, eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware, Exposed MongoDB instances still targeted in data extortion attacks, U.S. convicts ex-Google engineer for sending AI tech data to China and Mandiant details how ShinyHunters abuse SSO to steal cloud data
An FBI informant said in 2017 that Jeffrey Epstein had a “personal hacker,” according to a Justice Department document released Friday.
https://securityaffairs.com/187515/laws-and-regulations/doj-releases-details-alleged-talented-hacker-working-for-jeffrey-epstein.html
A U.S. federal jury has convicted Linwei Ding, a former software engineer at Google, for stealing AI supercomputer data from his employer and secretly sharing it with Chinese tech firms. Ding was originally indicted in March 2024 after he lied and didn’t sincerely cooperate with Google’s internal investigation, leading to his arrest in California.
https://www.bleepingcomputer.com/news/security/us-convicts-ex-google-engineer-for-sending-ai-tech-data-to-china/
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes.
https://www.bleepingcomputer.com/news/security/mandiant-details-how-shinyhunters-abuse-sso-to-steal-cloud-data/
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.
https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html
Illegal cryptocurrency flows reached a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024. This sharp 145% increase is being reported by blockchain intelligence experts at TRM Labs, who noted that it comes despite the illicit activity share of the total on-chain volume actually falling slightly from 1.3% in 2024 to 1.2% in 2025.
https://www.bleepingcomputer.com/news/security/crypto-wallets-received-a-record-158-billion-in-illicit-funds-last-year/
Morphisec identified an active supply chain compromise affecting MicroWorld Technologies’ eScan antivirus product. Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise and consumer endpoints globally.
https://www.morphisec.com/blog/critical-escan-threat-bulletin/
A threat actor is targeting exposed MongoDB instances in automated data extortion attacks demanding low ransoms from owners to restore the data. The attacker focuses on the low-hanging fruit, databases that are insecure due to misconfiguration that permits access without restriction. Around 1,400 exposed servers have been compromised, and the ransom note demanded a ransom of about $500 in Bitcoin.
https://www.bleepingcomputer.com/news/security/exposed-mongodb-instances-still-targeted-in-data-extortion-attacks/
Production-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.
https://github.com/FuzzingLabs/mcp-security-hub
United States government has officially gained ownership of over $400 million in assets. These funds, comprising digital currencies, real estate, and cash, are linked to the notorious dark web service Helix.
https://hackread.com/us-seizes-400m-helix-dark-web-crypto-mixer/
Praetorion introduces LLM Service Fingerprinting called Julius:
https://www.praetorian.com/blog/introducing-julius-open-source-llm-service-fingerprinting
The Electronic Frontier Foundation (EFF) has introduced a new campaign called Encrypt It Already, focused on expanding the use of end-to-end encryption in consumer technology products and services.
https://www.helpnetsecurity.com/2026/01/30/electronic-frontier-foundation-encrypt-it-already/
SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution.
https://securityaffairs.com/187496/security/smartertools-patches-critical-smartermail-flaw-allowing-code-execution.html
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses.
https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html
Microsoft has updated the timeline for transitioning the Microsoft Sentinel experience from the Azure portal to the Microsoft Defender portal from July 1, 2026 to March 31, 2027. The updated schedule extends access by nearly nine months.
https://www.helpnetsecurity.com/2026/01/30/microsoft-transitioning-sentinel-to-defender-timeline/
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-ntlm-by-default-in-future-windows-releases/