Major Data Breaches at Figure and French Government Expose Millions; Novel AI-Powered Malware Emerges

ESET Discovers 'PromptSpy,' a Novel Android Malware Abusing Generative AI for UI Manipulation

Security researchers at ESET have uncovered 'PromptSpy,' a groundbreaking Android malware that integrates Google's Gemini AI to achieve persistence and evade removal. This marks the first known instance of malware weaponizing a large language model (LLM) in its core operational loop. PromptSpy sends UI data to Gemini, which returns instructions on how to navigate the device's interface to 'pin' the malicious app, preventing users from easily closing it. While its current goal is to deploy a VNC for remote access, PromptSpy's use of AI to dynamically adapt to different Android devices represents a significant and concerning evolution in mobile threat capabilities.

promptspyandroid malwaregenerative aigoogle geminimobile security +1 more

5 min read

PromptSpy: First Android Malware to Weaponize Google's Gemini AI for Stealth and Persistence

CISA KEV Catalog Updated with Actively Exploited BeyondTrust and SolarWinds RMM Flaws

CRITICAL

CISA Mandates Patching for Critical RMM Vulnerabilities in BeyondTrust and SolarWinds Products Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities in Remote Monitoring and Management (RMM) tools from BeyondTrust and SolarWinds to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that threat actors are actively exploiting these flaws in the wild, likely for initial access and ransomware deployment. CISA has mandated a three-day patching deadline for federal agencies. The vulnerabilities, including a CVSS 9.9 flaw in SolarWinds Web Help Desk (CVE-2026-1731), provide privileged access into networks, making them high-priority targets for attackers and defenders alike.

cisakevbeyondtrustsolarwindsrmm +2 more

CISA KEV Catalog Updated with Actively Exploited BeyondTrust and SolarWinds RMM Flaws

Ransomware Attack Cripples University of Mississippi Medical Center, Forcing Clinic Closures

CRITICAL

University of Mississippi Medical Center Suffers Major Disruption from Ransomware Attack, Patient Care Impacted

The University of Mississippi Medical Center (UMMC) has been hit by a severe ransomware attack, causing widespread disruption to its IT systems and patient care. The attack disabled the electronic health records (EHR) system, forcing the medical center to cancel surgeries and appointments and revert to manual paper-based processes. Clinics across the state have been shut down as UMMC works to contain the threat and restore operations. This incident is a stark reminder of the devastating impact of ransomware on the healthcare sector, where IT outages can directly threaten patient safety.

ransomwarehealthcareummcehrpatient safety +1 more

5 min read

Ransomware Attack Cripples University of Mississippi Medical Center, Forcing Clinic Closures

Semiconductor Giant Advantest Hit by Ransomware, Investigates Impact on Supply Chain

Advantest Corporation, a Key Semiconductor Equipment Maker, Investigates Ransomware Attack

Advantest Corporation, a leading Japanese manufacturer of semiconductor testing equipment, has detected and is investigating a ransomware intrusion on its internal IT network. The company acted to isolate the affected systems to prevent the malware from spreading and has launched a full investigation to assess the scope and impact. As a critical supplier in the global semiconductor industry, this attack raises concerns about potential disruptions to the technology supply chain and the theft of valuable intellectual property. The ransomware group responsible has not yet been named.

advantestransomwaresemiconductorsupply chainmanufacturing

Semiconductor Giant Advantest Hit by Ransomware, Investigates Impact on Supply Chain

Warlock Ransomware Hits SmarterTools by Exploiting Flaw in its Own Email Server Software

SmarterTools Breached by Warlock Ransomware via Unpatched SmarterMail Vulnerability (CVE-2026-23760)

In an ironic turn, software company SmarterTools was breached by the Warlock ransomware group, who exploited a known vulnerability (CVE-2026-23760) in SmarterTools' own SmarterMail email server software. The attackers leveraged the authentication bypass flaw for initial access, then deployed ransomware and used a malicious installer for the Velociraptor DFIR tool to establish persistence. The incident, first detected in late January 2026, is a stark reminder that all organizations, including software vendors themselves, must practice diligent patch management for internet-facing systems.

warlockransomwaresmartertoolssmartermailcve-2026-23760 +1 more

Warlock Ransomware Hits SmarterTools by Exploiting Flaw in its Own Email Server Software

Critical Flaw in Grandstream VoIP Phones (CVE-2026-21486) Allows Silent Eavesdropping

Vulnerability in Grandstream VoIP Phones (CVE-2026-21486) Could Allow Attackers to Intercept Calls

A significant vulnerability, CVE-2026-21486, has been disclosed in popular VoIP phones from Grandstream. The flaw could be exploited by remote attackers to gain access to internal device interfaces and, most critically, to silently eavesdrop on private phone conversations. This poses a serious privacy and security risk for businesses and individuals using the affected devices. Users are urged to seek out and apply firmware updates from Grandstream immediately to mitigate the threat of having their sensitive communications compromised.

voipgrandstreamvulnerabilityeavesdroppingprivacy +1 more

3 min read

Honeywell CCTV Cameras Have Critical Auth Bypass Flaw, Allowing Video Hijacking

CRITICAL

Critical Authentication Bypass Vulnerability Disclosed in Multiple Honeywell CCTV Camera Models

A critical authentication bypass vulnerability has been reported in multiple Honeywell CCTV camera models. The flaw, disclosed on February 19, 2026, could allow a remote, unauthenticated attacker to hijack user accounts and gain complete access to the cameras. This would enable them to view live and recorded video feeds, manipulate camera settings, or disable surveillance entirely, posing a severe risk to physical security and privacy. Users of Honeywell CCTV systems are urged to monitor for an official advisory and patch from the manufacturer.

honeywellcctvvulnerabilityauthentication bypassiot +1 more

Honeywell CCTV Cameras Have Critical Auth Bypass Flaw, Allowing Video Hijacking

Updated Articles (2)

Starbucks Discloses Data Breach Affecting 889 Employees via Phishing Attack

MEDIUM

Phishing Campaign Against Starbucks' 'Partner Central' Portal Compromises Data of 889 Employees

Update:

Further investigation into the Starbucks data breach affecting 889 employees has revealed that the incident was not a direct phishing attack on Starbucks' own staff. Instead, threat actors successfully compromised a third-party business partner through a phishing campaign. The attackers then leveraged the vendor's legitimate access to the Starbucks Partner Central portal to exfiltrate sensitive employee data, including SSNs and financial details. This clarifies the attack vector as a supply chain compromise, highlighting the risks associated with third-party access to internal systems. The impact on affected employees remains severe, with high risk of identity theft and financial fraud.

February 12, 2026

Updated: February 20, 2026

StarbucksData BreachPhishingPIISSN

Starbucks Discloses Data Breach Affecting 889 Employees via Phishing Attack

FCC Warns US Telecoms of Soaring Ransomware Threat, Mandates Stronger Defenses

MEDIUM

U.S. FCC Puts Telecoms on Notice Over Fourfold Increase in Ransomware Attacks Since 2021

Update:

The FCC's latest advisory reinforces its warning to the telecom sector, adding critical recommendations such as implementing Multi-Factor Authentication (MFA) for all remote access and privileged accounts, and maintaining reliable, offline, and frequently tested data backups. It also emphasizes the need for aggressive patching and comprehensive risk assessments. Crucially, the update details potential enforcement actions for non-compliance, including intense investigations, significant fines, and class-action lawsuits, underscoring the heightened regulatory scrutiny and consequences for providers failing to secure their networks.

February 19, 2026

Updated: February 20, 2026