The European Commission's mobile device management platform was hacked but the incident was swiftly contained and no compromise of mobile devices was detected, EU's executive branch announced on Friday. The intrusion was detected on January 30, 2026, by CERT-EU, the cybersecurity team protecting all European Union institutions, bodies, and agencies. The Commission's swift response ensured the incident was contained and the system cleaned within 9 hours," the EC stated. READ MORE...
Two Connecticut men face federal charges for allegedly defrauding FanDuel and other online gambling sites of $3 million over several years using the stolen identities of approximately 3,000 victims. 29-year-olds Amitoj Kapoor and Siddharth Lillaney, both of Glastonbury, Connecticut, were arrested Thursday following a 45-count indictment returned by a federal grand jury and were each released on a $300,000 bond. READ MORE...
The creators of security software have encountered an unlikely foe in their attempts to protect us: modern compilers. Today's compilers boil down code into its most efficient form, but in doing so they can undo safety precautions. "Modern software compilers are breaking our code," said René Meusel, sharing his concerns in a FOSDEM talk on February 1. Meusel manages the Botan cryptography library and is also a senior software engineer at Rohde & Schwarz Cybersecurity. READ MORE...
A slew of malware attacks against open source software components have compromised thousands of software packages and repositories, but the practical damage these attacks have caused organizations is harder to quantify. The longer term and indirect costs of these attacks may prove most significant for organizations. Open source components and software have long been a well-established source of threat activity. READ MORE...
A convincing lookalike of the popular 7-Zip archiver site has been serving a trojanized installer that silently converts victims' machines into residential proxy nodes-and it has been hiding in plain sight for some time. A PC builder recently turned to Reddit in a panic after realizing they had downloaded 7-Zip from the wrong website. Following a YouTube tutorial they were instructed to download 7-Zip from 7zip[.]com, unaware that the legitimate project is hosted exclusively at 7-zip.org. READ MORE...
Mere data exfiltration is no longer a lucrative approach for ransomware groups, and threat actors may increasingly rely on encryption to regain leverage, Coveware notes in a new report. Following a series of highly successful data-exfiltration-only attacks conducted by known groups such as Cl0p, other ransomware groups adopted the trend, stealing victims' data without encrypting it. More recent campaigns are proof that the approach no longer delivers return on investment, Coveware says. READ MORE...
Attacks targeting internet-accessible SolarWinds Web Help Desk (WHD) instances for initial access may have exploited recently patched vulnerabilities as zero-days, Microsoft says. As part of a multi-stage intrusion in December 2025, hackers compromised the vulnerable WHD deployments to spawn PowerShell and download and execute additional payloads. However, Microsoft says it could not confirm whether the hackers exploited new or older SolarWinds vulnerabilities. READ MORE...
Frustrated by fake citations and flowery prose packed with "out-of-left-field" references to ancient libraries and Ray Bradbury's Fahrenheit 451, a New York federal judge took the rare step of terminating a case this week due to a lawyer's repeated misuse of AI when drafting filings. District judge Katherine Polk Failla ruled that the extraordinary sanctions were warranted after an attorney kept responding to requests to correct his filings with documents containing fake citations. READ MORE...