Chinese cyberspies breach Singapore's four largest telcos
The Chinese threat actor tracked as UNC3886 breached Singapore's four largest telecommunication service providers, Singtel, StarHub, M1, and Simba, at least once last year. The hackers also gained limited access to critical systems but did not pivot deep enough to disrupt services. In response to the intrusions, which were disclosed in July 2025, Singapore deployed 'Operation Cyber Guardian' to limit the adversary's activity on the telco's networks, but very few details were shared at the time. READ MORE...
More than 135,000 OpenClaw instances exposed to internet in latest vibe-coded disaster
It's a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster. This time around, SecurityScorecard's STRIKE threat intelligence team is sounding the alarm over the sheer volume of internet-exposed OpenClaw instances it discovered, which numbers more than 135,000 as of this writing. When combined with previously known vulnerabilities and breaches, STRIKE warns that there's a systemic security failure in the open-source AI agent space. READ MORE...
Nearly 17,000 Volvo staff dinged in supplier breach
Nearly 17,000 Volvo employees had their personal data exposed after cybercriminals breached Conduent, an outsourcing giant that handles workforce benefits and back-office services. A filing with the Maine Attorney General shows Volvo Group North America learned in late January that employee data had been exposed through systems run by Conduent. The disclosure confirms 16,991 people across the US were affected, including three in Maine. READ MORE...
AI chat app leak exposes 300 million messages tied to 25 million users
An independent security researcher uncovered a major data breach affecting Chat & Ask AI, one of the most popular AI chat apps on Google Play and Apple App Store, with more than 50 million users. The researcher claims to have accessed 300 million messages from over 25 million users due to an exposed database. These messages reportedly included, among other things, discussions of illegal activities and requests for suicide assistance. READ MORE...
Warlock Gang Breaches SmarterTools Via SmarterMail Bugs
SmarterTools recently disclosed a breach that occurred as a result of vulnerabilities the company addressed last month. The software company's product was compromised by Warlock, a ransomware group that first emerged last year. CVE-2026-24423 is an unauthenticated remote-code execution vulnerability in the ConnectToHub API method of mail server SmarterMail. The vulnerability enables an attacker to point a SmarterMail instance to a malicious HTTP server managed by the threat actor. READ MORE...
BeyondTrust Patches Critical RCE Vulnerability
BeyondTrust has rolled out patches for a critical-severity vulnerability in Remote Support (RS) and Privileged Remote Access (PRA) that could lead to unauthenticated remote code execution (RCE). Tracked as CVE-2026-1731 (CVSS score of 9.9), the issue can be exploited via specially crafted requests to execute operating system commands as the site user. "Successful exploitation requires no authentication or user interaction and may lead to system compromise," BeyondTrust notes in its advisory. READ MORE...
SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities
SAP on Tuesday announced the release of 27 new and updated security notes, including two that address critical-severity vulnerabilities. The first critical security note released on SAP's February 2026 security patch day addresses CVE-2026-0488 (CVSS score of 9.9), a code injection bug in CRM and S/4HANA. Impacting the Scripting Editor component of the applications, the flaw can be exploited by authenticated attackers to execute arbitrary SQL statements. READ MORE...
Ransomware group breached SmarterTools via flaw in its SmarterMail deployment
SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed vulnerability in that solution. Derek Curtis, the firm's Chief Operating Officer, said that the breach happened on January 29, 2026. The attack ended up affecting the company's office network and a network at a datacenter hosting labs for quality control work. READ MORE...
Fallout from latest Ivanti zero-days spreads to nearly 100 victims
Ivanti customers, including major government agencies, face mounting pressure as attackers expand their scope of targets to exploit a pair of vulnerabilities the vendor disclosed late January after in-the-wild attacks already occurred. The Netherlands' Dutch Data Protection Authority and the Council for the Judiciary confirmed both agencies were impacted by attacks linked to the Ivanti Endpoint Manager Mobile (EPMM) zero-day vulnerabilities. READ MORE...
- ...in 1893, musician and comedian Jimmy Durante, known for his gravelly voice and distinctive "Schnozzola", is born in Manhattan, NY. Ha-cha-cha-cha!
- ...in 1929, film and television composer Jerry Goldsmith ("Star Trek: The Motion Picture", "Patton", "Planet of the Apes") is born in Los Angeles, CA.
- ...in 1942, RCA Victor awards bandleader Glenn Miller the first gold record, for his orchestra's recording of "Chattanooga Choo Choo".
- ...in 1996, IBM supercomputer Deep Blue beats chess grandmaster Garry Kasparov, becoming the first AI to best a human world champion.
