PayPal blamed an application error for the exposure of customer personal information for nearly 6 months.
The post PayPal Data Breach Led to Fraudulent Transactions appeared first on SecurityWeek.
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP
The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.
The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share
The activity, first observed on January 26, 2026, has resulted in the deployment of new malware families that share
Arkanix Stealer pops up as short-lived AI info-stealer experiment
An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. […]
Predator spyware hooks iOS SpringBoard to hide mic, camera activity
Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. […]
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries.
That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026.
“No exploitation of FortiGate
That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026.
“No exploitation of FortiGate
Amazon: AI-assisted hacker breached 600 FortiGate firewalls in 5 weeks
Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. […]
Critical Grandstream Phone Vulnerability Exposes Calls to Interception
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges.
The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek.
Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning
Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user’s software codebase for vulnerabilities and suggest patches.
The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers.
“It scans codebases for security vulnerabilities and suggests targeted
The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers.
“It scans codebases for security vulnerabilities and suggests targeted
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerabilities in question are listed below –
The vulnerabilities in question are listed below –
CVE-2025-49113 (CVSS score: 9.9) – A deserialization of untrusted data vulnerability that allows remote code
Japanese tech giant Advantest hit by ransomware attack
Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. […]