A Chinese nation-state threat actor targeted a Dell hard-coded credential vulnerability for two years, emphasizing the danger of what happens when a product comes pre-compromised. Yesterday, Google Cloud's Mandiant detailed CVE-2026-22769, a CVSS 10 vulnerability, in Dell RecoverPoint for Virtual Machines, a data protection product sold by the tech giant. Researchers said suspected China-nexus threat cluster UNC6201 "has exploited this flaw since at least mid-2024." READ MORE...
CarGurus allegedly suffered a data breach with 1.7 million corporate records stolen, according to a notorious cybercrime crew that posted the online vehicle marketplace on its leak site on Wednesday. "This is a final warning to reach out by 20 Feb 2026 before we leak along with several annoying (digital) problems that'll come your way," ShinyHunters wrote in its announcement, seen by The Register and shared on social media. READ MORE...
Betterment LLC is an investment advisor registered with US Securities and Exchange Commission (SEC). The company disclosed a January 2026 incident in which an attacker used social engineering to access a third-party platform used for customer communications, then abused it to send crypto-themed phishing messages and exfiltrate contact and identity data for more than a million people. What makes this particularly concerning is the depth of the exposed information. READ MORE...
Deutsche Bahn, Germany's national rail operator, has been dealing with a large-scale distributed denial-of-service (DDoS) attack that has disrupted some of its IT systems. Regular status updates from Deutsche Bahn indicated that the attack began on February 17 and continued into February 18. According to the rail giant, the attack came in waves and its scale is substantial. The DDoS attack disrupted Deutsche Bahn's information and ticketing systems. READ MORE...
Adidas has confirmed it is investigating a third-party breach at one of its partner companies after digital thieves claimed they stole information and technical data from the German sportswear giant. "We have been made aware of a potential data protection incident at one of our independent licensing partners and distributor for martial arts products," an Adidas spokesperson told The Register. "This is an independent company with its own IT systems." READ MORE...
Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the device authorization flow to trick victims into authenticating. READ MORE...
A new Android banking malware, which researchers named Massiv, is posing as an IPTV app to steal digital identities and access online banking accounts. The malware relies on screen overlays and keylogging to obtain sensitive data and can take remote control of a compromised device. In a campaign observed by researchers at fraud detection and mobile threat intelligence company ThreatFabric, Massiv targeted a Portuguese government app. READ MORE...
OpenClaw is rarely out of the news, but not necessarily under that name. This 'autonomous personal assistant' started life as Clawdbot, changed its name to Moltbot, and is now OpenClaw. All references to any of these names refer to the same product. On February 14, 2026, Peter Steinberger - the developer of OpenClaw - announced he is joining OpenAI. OpenClaw is transitioning into the OpenClaw Foundation with OpenAI providing financial and technical support. READ MORE...
A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 researchers discovered. "The vulnerability is present in the device's web-based API service, and is accessible in a default configuration," Rapid7 researcher Stephen Fewer noted. CVE-2026-2329 stems from improper bounds checking in a web management endpoint. READ MORE...
Archival storage poses lots of challenges. We want media that is extremely dense and stable for centuries or more, and, ideally, doesn't consume any energy when not being accessed. Lots of ideas have floated around-even DNA has been considered-but one of the simplest is to etch data into glass. Microsoft Research announced Project Silica, a working demonstration of a system that can read and write data into small slabs of glass with a density of over a Gigabit per cubic millimeter. READ MORE...