Privacy | Breaking Cybersecurity News | The Hacker News

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise activity is becoming more deliberate, structured, and persistent. The objective is less about disruption and more about staying embedded long enough to extract value. There’s also growing overlap between cybercrime, espionage tradecraft, and opportunistic intrusion. Techniques are bleeding across groups, making attribution harder and defense baselines less reliable. Below is this week’s ThreatsDay Bulletin — a tight scan of the signals that matter, distilled into quick reads. Each item adds context to where threat pressure is building next. Notepad RCE via Markdown L...

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is becoming less visible while impact scales later. Several findings also show how attackers are industrializing their work — shared infrastructure, repeatable playbooks, rented access, and affiliate-style ecosystems. Operations are no longer isolated campaigns. They run more like services. This edition pulls those fragments together — short, precise updates that show where techniques are maturing, where exposure is widening, and what patterns are forming behind the noise. Startup espionage expansion Operation Nomad Leopard Targets Afghanistan In a sign that the threat actor has moved beyond government targets, th...

Mozilla on Monday announced a new controls section in its Firefox desktop browser settings that allows users to completely turn off generative artificial intelligence (GenAI) features. "It provides a single place to block current and future generative AI features in Firefox," Ajit Varma, head of Firefox, said . "You can also review and manage individual AI features if you choose to use them. This lets you use Firefox without AI while we continue to build AI features for those who want them." Mozilla first announced its plans to integrate AI into Firefox in November 2025, stating it's fully opt-in and that it's incorporating the technology while placing users in the driver's seat. The new feature is expected to be rolled out with Firefox 148, which is scheduled to be released on February 24, 2026. At the outset, AI controls will allow users to manage the following settings individually - Translations Alt text in PDFs (adding accessibility descrip...

This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day. Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being worked on. Trusted platforms turning into weak spots. What looks routine on the surface often isn’t. There’s no single theme driving everything — just steady pressure across many fronts. Access, data, money, and trust are all being tested at once, often without clear warning signs. This edition pulls together those signals in short form, so you can see what’s changing before it becomes harder to ignore. Major cybercrime forum takedown FBI Seizes RAMP Forum The U.S. Federal Bureau of Investigation (FBI) has seized the notorious RAMP cybercrime forum. Visitors to the forum's Tor site and its clearnet domain, ramp4u...

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for enhanced security. Once this security mode is enabled, some of the account settings will be locked to the most restrictive options, while simultaneously blocking attachments and media from people not in a user's contacts. "This lockdown-style feature bolsters your security on WhatsApp even further with just a few taps by locking your account to the most restrictive settings like automatically blocking attachments and media from unknown senders, silencing calls from people you don’t know, and restricting other settings that may limit how the app works," Meta said . The f...

TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok's Chinese parent company, ByteDance, selling the majority of its stake to a group of majority-American investors, while it will retain a 19.9% stake in the business. The Chinese government hasn't commented publicly on the agreement. "The majority American owned Joint Venture will operate under defined safeguards that protect national security through comprehensive data protections, algorithm security, content moderation, and software assurances for U.S. users," it added. "It will safeguard the U.S. content ecosystem through robust trust and safety policies and content moderation w...

Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them. What stands out is how little friction attackers now need. Some activity focused on quiet reach and coverage, others on timing and reuse. The emphasis wasn’t speed or spectacle, but control gained through scale, patience, and misplaced trust. The stories below trace where that trust bent, not how it broke. Each item is a small signal of a larger shift, best seen when viewed together. Spear-phishing delivers custom backdoor Operation Nomad Leopard Targets Afghanistan Government entities in Afghanistan have been at the receiving end of a spear-phishing campaign dubbed Operation Nomad Leopard that employs bogus administrative documents as decoys to distribute a backdoor named FALSECUB by means o...

You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the information about you that’s already out there—without your permission? Your name. Home address. Phone number. Past jobs. Family members. Old usernames. It’s all still online, and it’s a lot easier to find than you think. The hidden safety threat lurking online Most people don’t realize how much of their personal life is sitting on public websites, data broker platforms, and sketchy directories. These sites don’t just sell your info to marketers—they make it available to anyone with internet access. And that’s when things can get dangerous. Exposed personal information can lead to: Doxxing incidents where personal info is leaked online Harassment that moves from your inbox to your doorstep Stalkers and scammers are building a profile on you using old addresses and phone numbers Strangers showing up where you live or work. It’s not just creep...

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Unauthenticated RCE risk Security Flaw in Redis A high-severity security flaw has been disclosed in Redis (CVE-2025-62507, CVSS score: 8.8) that could potentially lead to remote code execution by means of a stack buffer overflow. It was fixed in version 8.3.2. JFrog's analysis of the flaw has revealed that the vulnerability is triggered when using the new Redis 8.2 XACKDEL command, which was introduced to simplify and optimize stream cleanup. Specifically, it resides in the implementation of xackdelCommand(), a function responsible for parsing and processing the list of stream IDs supplied by the user. "The core ...

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024.  Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%). Download the complete 43-page analysis → TL;DR A critical disconnect emerges in the 2026 research: While 81% of security leaders call web attacks a top priority, only 39% have deployed solutions to stop the bleeding. Last year's research found 51% unjustified access. This year it's 64% — and accelerating into public infrastructure. What is Web Exposure? Gartner coined ‘Web Exposure Management’ to describe security risks from third-party applications: analytics, marketing pixels, CDNs, and payment tools. Each connection expands your attack surface; a single vendor compromise can trigger a massive ...

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Honeypot Traps Hackers Hackers Fall for Resecurity's Honeypot Cybersecurity company Resecurity revealed that it deliberately lured threat actors who claimed to be associated with Scattered LAPSUS$ Hunters ( SLH ) into a trap, after the group claimed on Telegram that it had hacked the company and stolen internal and client data. The company said it set up a honeytrap account populated with fake data designed to resemble real-world business data and planted a fake account on an underground marketplace for compromised credentials after it uncovered a threat actor attempting to conduct malicious activity targeting its resou...

Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records and wellness apps, including Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails, Instacart, and Peloton, to get tailored responses, lab test insights, nutrition advice, personalized meal ideas, and suggested workout classes. The new feature is rolling out for users with ChatGPT Free, Go, Plus, and Pro plans outside of the European Economic Area, Switzerland, and the U.K. "ChatGPT Health builds on the strong privacy, security, and data controls across ChatGPT with additional, layered protections designed specifically for health -- including purpose-built encryption and isolation to keep health conversations protected and compartmentalized," OpenAI said in a statem...