Daily Digest

Russian APT Exploits Patched Office Flaw in Days; Chinese Spies Hijack Notepad++ Updates

Russian APT Exploits Patched Office Flaw in Days; Chinese Spies Hijack Notepad++ Updates

February 4, 2026
9 articles (9 new)
27 min read

Summary

The cybersecurity landscape on February 4th, 2026, is dominated by sophisticated state-sponsored attacks. The Russian APT28 group was caught weaponizing a freshly patched Microsoft Office zero-day vulnerability (CVE-2026-21509) within days, targeting European entities. In a separate, long-running campaign, a Chinese APT compromised the Notepad++ update mechanism in a six-month supply chain attack. Other major incidents include the resurfacing of a massive AT&T customer dataset with 176 million records, a widespread DDoS campaign by pro-Russian hacktivists, and critical vulnerability disclosures for Django and Ingress-NGINX.

Filter by Category

New Articles (9)

CISA Criticized for Silently Updating KEV Catalog with Ransomware Data

INFORMATIONAL

CISA Faces Scrutiny for Lack of Notification on Ransomware Vulnerability Updates in KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is facing criticism for its practice of silently updating its Known Exploited Vulnerability (KEV) catalog. In 2025, the agency updated 59 entries to indicate that the flaws were being used in ransomware attacks, but it did not issue any notifications for these changes. Security experts argue that this lack of communication is a significant missed opportunity for defenders, who use the ransomware designation as a key factor in prioritizing patching.

February 4, 2026
4 min read
CISAKEVRansomwareVulnerability ManagementPolicy +1 more
CISA Criticized for Silently Updating KEV Catalog with Ransomware Data

Massive AT&T Customer Dataset with 148M SSNs Resurfaces in Criminal Circles

HIGH

AT&T Data Breach: 176 Million Records with SSNs and Personal Info Circulating Privately

A massive and highly sensitive dataset allegedly containing the personal information of AT&T customers has resurfaced and is being circulated in criminal forums. The data trove reportedly includes approximately 176 million records, featuring over 133 million full names and addresses, and, most critically, up to 148 million full and partial Social Security numbers. The re-emergence of this consolidated data poses a severe and renewed risk of identity theft, phishing, and fraud for millions of individuals.

February 4, 2026
5 min read
Data BreachAT&TPIISSNIdentity Theft +1 more
Massive AT&T Customer Dataset with 148M SSNs Resurfaces in Criminal Circles

LinkedIn Phishing Campaign Targets Executives Using Legitimate Pen-Testing Tools

MEDIUM

Attackers Abuse LinkedIn Private Messages to Target Executives with Hard-to-Detect Malware

A new phishing campaign discovered by ReliaQuest is abusing LinkedIn's private messaging feature to target executives and IT professionals. The attackers use social engineering to trick victims into downloading and running a malicious archive file. The attack's novelty lies in its use of a legitimate, open-source Python script designed for penetration testing. This 'living off the land' technique makes the malicious activity difficult to distinguish from normal administrative tasks, significantly reducing the risk of detection by security software.

February 4, 2026
4 min read
PhishingLinkedInSocial EngineeringLiving off the LandPython
LinkedIn Phishing Campaign Targets Executives Using Legitimate Pen-Testing Tools

Fake LINE Messenger Installer Spreads ValleyRAT Malware

MEDIUM

Silver Fox APT Group Distributes ValleyRAT via Trojanized LINE Installer

A malware campaign attributed to the Silver Fox APT group is distributing the ValleyRAT remote access trojan by disguising it as an installer for the popular LINE messaging app. The campaign, which primarily targets Chinese-speaking users, uses the trojanized software as a lure to infect systems. Once installed, ValleyRAT establishes persistence and focuses on stealing user credentials, leveraging advanced evasion techniques to remain undetected.

February 4, 2026
4 min read
MalwareValleyRATSilver FoxAPTTrojan +1 more
Fake LINE Messenger Installer Spreads ValleyRAT Malware

Critical Flaws in Django Framework Expose Sites to DoS and SQL Injection

CRITICAL

Django Releases Patches for Critical Denial-of-Service and SQL Injection Vulnerabilities

The maintainers of the Django web framework have released important security updates to address critical vulnerabilities. The flaws could allow remote attackers to conduct Denial-of-Service (DoS) and potential SQL injection attacks against web applications built with the framework. Due to the severity of these issues, which could lead to service disruption and data compromise, administrators are strongly urged to patch their Django instances immediately.

February 4, 2026
4 min read
DjangoVulnerabilitySQL InjectionDoSPatch Management +1 more
Critical Flaws in Django Framework Expose Sites to DoS and SQL Injection

Critical RCE Flaw in Ingress-NGINX Threatens Kubernetes Clusters

CRITICAL

Ingress-NGINX Vulnerability Allows Attackers to Execute Arbitrary Code

A critical vulnerability has been discovered in the widely used Ingress-NGINX controller for Kubernetes. The flaw could allow a remote attacker to achieve arbitrary code execution within the context of the ingress controller. A successful exploit could lead to a full compromise of the ingress, enabling traffic interception, data theft, and providing a powerful foothold for lateral movement into the underlying Kubernetes cluster environment. Users are urged to patch immediately.

February 4, 2026
5 min read
KubernetesIngressNGINXVulnerabilityRCE +1 more
Critical RCE Flaw in Ingress-NGINX Threatens Kubernetes Clusters

Samsung's February 2026 Update Fixes 37 Flaws in Galaxy Devices

HIGH

Samsung Issues February 2026 Security Update, Patching 37 Vulnerabilities

Samsung has released its February 2026 security update for its Galaxy smartphones, tablets, and foldable devices. The update addresses a total of 37 vulnerabilities. This includes 25 patches from Google for the core Android OS and 12 Samsung-specific patches (SVEs) for its One UI software. The Samsung-specific fixes address flaws rated as high and moderate severity, including an access control vulnerability in the 'Emergency Sharing' feature. Users are advised to install the update promptly.

February 4, 2026
3 min read
SamsungAndroidPatch ManagementMobile SecurityVulnerability
Samsung's February 2026 Update Fixes 37 Flaws in Galaxy Devices

Google Patches Multiple Vulnerabilities in February 2026 Pixel Update

HIGH

Google Releases February 2026 Security Update for Pixel Devices

Google has released its monthly security update for all supported Pixel devices as part of its February 2026 patch cycle. The update addresses numerous security vulnerabilities detailed in the Android and Pixel-specific security bulletins. Installing the update will bring all supported Pixel devices to the 2026-02-05 patch level, ensuring they are protected against the latest discovered threats. The update also includes various functional improvements.

February 4, 2026
3 min read
GooglePixelAndroidPatch ManagementMobile Security +1 more
Google Patches Multiple Vulnerabilities in February 2026 Pixel Update

UK Law Criminalizing AI-Generated Deepfake Intimate Images Takes Effect

INFORMATIONAL

New UK Law Makes Creation of AI-Generated Intimate Images a Criminal Offense

A new law in the United Kingdom is set to come into force on February 6, 2026, making it a criminal offense to create or share AI-generated 'deepfake' intimate images of an adult without their consent. The law, part of the Data (Use and Access) Act 2025, amends the Sexual Offences Act 2003 to specifically address the malicious use of artificial intelligence to create harmful and abusive content. This legislative action is a direct response to the growing problem of non-consensual deepfake pornography.

February 4, 2026
3 min read
AIDeepfakeLawRegulationUK +1 more
UK Law Criminalizing AI-Generated Deepfake Intimate Images Takes Effect

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.