In this week’s news:EU says TikTok faces large fine over "addictive design", AI Agents’ Most Downloaded Skill Is Discovered to Be an Infostealer, State actor targets 155 countries in 'Shadow Campaigns' espionage op, 10 web hacking techniques of 2025, Flickr moves to contain data exposure, UK Construction Firm Hit by Prometei Botnet, Romania’s Oil Pipeline Operator Hacked, Bithumb Mistakenly Sends 620,000 Bitcoin ($40B) to Customer Accounts, Italian university La Sapienza still offline to mitigate recent cyber attack, Payments platform BridgePay confirms ransomware attack behind outage and a A malware framework that remained hidden for years has been discovered by security researchers 

Subscribe to this newsletter

Read our blog

In a sophisticated intersection of AI hype and malicious intent, a new threat has emerged targeting developers and AI power-users. Recent research from Jason Meller and the security team at 1Password has highlighted a campaign involving a fraudulent VS Code extension that impersonates “Moltbot,” a popular AI coding assistant.
https://www.infostealers.com/article/ai-agents-most-downloaded-skill-is-discovered-to-be-an-infostealer/

An Illinois man pleaded guilty to hacking nearly 600 women's Snapchat accounts to steal nude photos that he kept, sold, or traded online, including accounts he compromised at the request of a former university track coach who was later convicted of sextortion.
https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-nearly-600-womens-snapchat-accounts/

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.
https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html

The European Commission said today that TikTok is facing a fine because its addictive features, including infinite scroll, autoplay, push notifications, and personalized recommendation systems, are breaching the EU's Digital Services Act (DSA).
https://www.bleepingcomputer.com/news/security/european-commission-says-tiktok-facing-fine-over-addictive-design/

Newsletter platform Substack has confirmed it suffered a security incident, leading to the compromise of users’ email addresses and phone numbers.The CEO said his security team detected the incident on February 3, noticing “evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers and other internal metadata.”
https://www.infosecurity-magazine.com/news/substack-confirms-data-breach/

Flickr warned users about a possible data breach caused by a flaw in a third-party email service. The issue may have exposed names, email addresses, IPs, and account activity. The company pointed out that the security breach did not expose passwords or payment data. Flickr shut down the affected system within hours.
https://securityaffairs.com/187753/data-breach/flickr-moves-to-contain-data-exposure-warns-users-of-phishing.html

A UK construction firm discovered a digital “tenant from hell” hiding on its Windows Server. Security experts from the eSentire Threat Response Unit (TRU) identified the intruder as Prometei, a Russian-linked botnet active since 2016. While its main job is mining Monero cryptocurrency, TRU’s research revealed that it also excels at stealing passwords and taking remote control of systems.
https://hackread.com/uk-construction-firm-prometei-botnet-windows-server/

A malware framework that remained hidden for years has been discovered by security researchers at Cisco Talos. The researchers were hunting for samples of DarkNimbus, a backdoor linked to the MOONSHINE exploit kit which have both been known about since 2023, , when they found a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework they had never seen before.
https://www.infosecurity-magazine.com/news/china-malware-kit-targets-routers/

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform.
https://www.bleepingcomputer.com/news/security/payments-platform-bridgepay-confirms-ransomware-attack-behind-outage/

Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts. The university has mainly communicated via social media, offering limited details and no clear timeline for full restoration.
https://securityaffairs.com/187702/cyber-crime/italian-university-la-sapienza-still-offline-to-mitigate-recent-cyber-attack.html

On 6 February 2026, a routine promotional payout went wrong at South Korean cryptocurrency exchange Bithumb, when a system configuration error credited users with large Bitcoin balances instead of the small rewards that had been intended.
https://hackread.com/bithumb-sends-bitcoin-to-customer-accounts/

The Romanian national oil pipeline operator, Conpet, recently confirmed a major cyberattack. The notorious Qilin ransomware group has claimed responsibility, alleging they have stolen nearly 1TB of sensitive data, including financial records and internal documents.
https://www.infostealers.com/article/romanias-oil-pipeline-operator-hacked-how-an-infostealer-infection-paved-the-way-for-qilins-ransomware-attack/

A state-sponsored threat group has compromised dozens of networks of government and critical infrastructure entities in 37 countries in global-scale operations dubbed 'Shadow Campaigns'. Between November and December last year, the actor also engaged in reconnaissance activity targeting government entities connected to 155 countries.
https://www.bleepingcomputer.com/news/security/state-actor-targets-155-countries-in-shadow-campaigns-espionage-op/

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution.
https://www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-commands/

Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.
https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html

DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks.
https://securityaffairs.com/187716/malware/dknife-toolkit-abuses-routers-to-spy-and-deliver-malware-since-2019.html

Portswigger’s annual Top 10 new web hacking techniques published:
https://portswigger.net/research/top-10-web-hacking-techniques-of-2025

Eugene Lim makes the case for Negative Day Vulnerabilities because of AI:
https://spaceraccoon.dev/discovering-negative-days-llm-workflows/

Praetorion releases Augustus, an open-source LLM vulnerability scanner that tests large language models against 210+ adversarial attacks:
https://www.praetorian.com/blog/introducing-augustus-open-source-llm-prompt-injection