Iran

Iran intelligence backdoored US bank, airport networks • The Register - Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies’ networks - including a bank, software firm, and airport, among others - since the beginning of February, with more activity in the days following the US and Israeli military strikes, according to security researchers. Plus, the compromised software company supplies its tech to defense and aerospace industries among others, and has a presence in Israel.

OpenAI: Chinese agent used ChatGPT for smear ops • The Register - Chinese Gov Agent using ChatGPT to plan smear campaigns, write situation reports. Interesting look into how bad guys are bad guying.

Perplexity Comet browser hole was exploitable via cal invite • The Register - The second thing is that we show that once the 1Password extension is installed in the Comet browser and is unlocked, we can actually instruct Comet to go to the extension URL and then hijack your 1Password account – full takeover of your 1Password account, which is the worst thing that can happen," said Bargury.

China remains embedded in US energy networks ‘for the purpose of taking it down’ - Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025. “Nothing that they were taking was useful for intellectual property,” Lee said. “Everything they were doing and learning was only useful for disrupting or causing destruction at those sites. Voltzite was embedded in that infrastructure for the purpose of taking it down.”

US lawyers file privacy class action against Lenovo • The Register - “When a user lands on the homepage of Website, [sic] the Website loads numerous first and third-party tracking implementations that measure and record user data,” it says, including the likes of TikTok, Facebook, Microsoft, and Google. This allows Lenovo to collect bulk personal data, it claims, and “Lenovo knowingly permits access to, or transfer of, such bulk US sensitive personal data to entities or persons that qualify as covered persons under the DOJ Rule, including its foreign parents that are directly or indirectly controlled by persons in China, such as the Lenovo Group.”

Nitrogen can’t unlock its own ransomware after coding error • The Register - Don’t rely on threat actors to be your backup, they may not even be able to unlock the data!

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers - “They are typically distributed via phishing emails and collect login credentials, session cookies, authentication tokens, credit card numbers, and crypto wallet data.”

General

Vulnerability exploits now dominate intrusions • The Register - A functional proof-of-concept exploit for React2Shell began circulating online within 30 hours of disclosure, for example.

Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch - Marquis said it believes that its August 2025 ransomware attack happened because the company’s firewall service provider SonicWall had its own data breach that exposed critical security information about its customers’ firewalls.

ShinyHunters claims Okta customer breaches, leaks data • The Register - On Friday, the criminals leaked data allegedly stolen from market-intel broker Crunchbase, streaming platform SoundCloud, and financial-tech firm Betterment, and confirmed to The Register that they gained access to two of the three - Crunchbase and Betterment - by voice-phishing Okta single-sign-on codes.

DRAM shortage may drive firewall prices higher: analysts • The Register - Reports last week out of the Korea Economic Daily stated two of the country’s producers of DRAM are planning to raise prices by up to 70 percent this quarter. When combined with the 50 percent increase during 2025, the price of memory could double in cost year-over-year by mid-2026.

Resecurity traps cybercrim in honeypot • The Register - “In our scenario, our goal was to allow the threat actor to conduct activity and feed them with synthetic data to observe their attack path and infrastructure,” the Resecurity team wrote. It Worked.

Stalkerware maker pleads guilty to sale of snooping software • The Register - Fleming is due to be sentenced later this year, when he’ll be facing up to 15 years in prison, a fine of $250,000, forfeiture of all property that was involved in the offense, and additional penalties.

Crims punish Wired subscribers by publishing personal info • The Register - The current leak is centered around readers of Wired magazine. The miscreants published 2.3 million emails, which had the names of 285,000 subscribers, 108,000 home addresses, and 32,000 phone numbers.

Have I Been Pwned: Check if your email address has been exposed in a data breach - Use this. Sign up your family. Use unique passwords in a password manager.