CISA Warns of Active Ransomware Attacks Exploiting Critical BeyondTrust and Dell Zero-Day Flaws

PayPalData BreachSoftware BugVulnerabilityPII +2 more

PayPal Discloses Data Breach After Software Bug Exposes User PII for Six Months

Kaplan Data Breach Exposed SSNs and Driver's Licenses of Over 200,000 Individuals

HIGH

Kaplan North America Concludes Breach Investigation, Confirms Theft of SSNs and Driver's Licenses

Educational services provider Kaplan North America has concluded its investigation into a 2025 cyberattack, confirming that files containing highly sensitive personal information were stolen. The breach, which occurred between October and November 2025, resulted in the exfiltration of names, Social Security numbers, and driver's license numbers. Regulatory filings show the breach impacted at least 173,676 residents in Texas, 26,612 in South Carolina, and 19,075 in Maine, with the total number likely being much higher. Kaplan is now notifying affected individuals and offering one year of identity protection services.

February 21, 2026

KaplanData BreachPIISSNIdentity Theft +1 more

Kaplan Data Breach Exposed SSNs and Driver's Licenses of Over 200,000 Individuals

DHS Pressures Google, Meta, Reddit to Unmask Anonymous Critics of ICE

MEDIUM

DHS Issues Hundreds of Subpoenas to Tech Firms Demanding Identities of ICE Critics

The Department of Homeland Security (DHS) has reportedly issued hundreds of administrative subpoenas to major tech companies, including Google, Meta, Reddit, and Discord, demanding the personal details of anonymous social media users. The targeted accounts are those that post critical commentary about Immigration and Customs Enforcement (ICE) or share publicly available information about the agency's operations. This move to unmask online critics using subpoenas that do not require a judge's approval has sparked significant concern among civil liberties advocates and resistance from the tech companies, raising questions about protected speech and privacy.

February 21, 2026

DHSICEPrivacyFirst AmendmentSurveillance +3 more

DHS Pressures Google, Meta, Reddit to Unmask Anonymous Critics of ICE

Updated Articles (4)

Fintech Firm Figure Technologies Breached by ShinyHunters; 1 Million Customer Records Leaked

HIGH

Figure Technologies Confirms Data Breach After Employee Targeted in Phishing Attack, ShinyHunters Leaks 2.5GB of Customer Data

New reports confirm the public data leak by ShinyHunters occurred on February 21, 2026, affecting approximately 967,000 customers of Figure Technology Solutions. While previous reports detailed a social engineering attack as the initial access vector, recent information indicates the specific method of initial compromise has not been officially disclosed, leading to conflicting accounts regarding the breach's origin.

February 15, 2026

ShinyHuntersData BreachPhishingSocial EngineeringFintech +2 more

5 min read

Fintech Firm Figure Technologies Breached by ShinyHunters; 1 Million Customer Records Leaked

Convergence of Identity and Data Security Creates New Attack Vectors, Netwrix Warns

INFORMATIONAL

Netwrix Report: Attackers to Exploit Identity and Data Security Convergence

Following Netwrix's warning about emerging threats from identity and data security convergence and the rise of agentic AI, several vendors have launched new products. Redpanda and Virtana introduced solutions for AI agent governance and observability, enabling secure interaction with enterprise data. Impart Security released a programmable bot protection product to counter sophisticated AI-powered bot threats. These developments indicate the industry is actively building defenses against the predicted attack vectors, offering tools for secure AI adoption and enhanced bot management.

January 29, 2026

identity securitydata securityIAMAIautomation +1 more

5 min read

Convergence of Identity and Data Security Creates New Attack Vectors, Netwrix Warns

AI's Role in Malware Evolves from Assistant to Embedded Threat Component

INFORMATIONAL

AI in Malware Evolves from Development Assistant to Embedded Evasion Component

The UAE Cyber Security Council successfully disrupted a series of sophisticated, AI-powered cyberattacks targeting critical infrastructure. These attacks, described as having a 'terrorist nature,' involved ransomware, network infiltration, and large-scale phishing campaigns. Officials highlighted the attackers' use of AI to develop offensive tools, marking a 'qualitative shift' in threats. This incident provides a concrete, real-world example of the AI-integrated malware and advanced evasion techniques previously theorized, demonstrating the practical application of AI in cyber warfare and validating the evolving threat landscape.

February 18, 2026

AIMalwareThreat IntelligencePolymorphic MalwareDefense Evasion

AI's Role in Malware Evolves from Assistant to Embedded Threat Component

Semiconductor Giant Advantest Hit by Ransomware, Investigates Impact on Supply Chain

HIGH

Advantest Corporation, a Key Semiconductor Equipment Maker, Investigates Ransomware Attack

Advantest Corporation has provided a more detailed timeline for its ransomware incident, stating the attack was initially detected on February 15, 2026. The company issued a public statement confirming the breach on February 19, 2026. Advantest has engaged external cybersecurity forensics firms to assist with the ongoing investigation. The primary focus remains on determining the full scope of the intrusion, including whether any sensitive data, such as intellectual property or customer and employee information, was exfiltrated by the attackers. The incident continues to highlight significant supply chain risks.

February 20, 2026