China remains embedded in US energy networks ‘for the purpose of taking it down’ - Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025. “Nothing that they were taking was useful for intellectual property,” Lee said. “Everything they were doing and learning was only useful for disrupting or causing destruction at those sites. Voltzite was embedded in that infrastructure for the purpose of taking it down.”
China-linked snoops have been exploiting Dell 0-day since mid-2024, using ‘ghost NICs’ to avoid detection - After abusing the bug to exploit the Dell appliances, UNC6201 then created “ghost NICs” – hidden, temporary network ports on existing virtual machines running on an ESXi server – to burrow deeper into victims’ VMware virtual infrastructure
You can jailbreak an F-35 just like an iPhone, says Dutch defense chief - Speaking to Bild, within the context of the US pausing military aid to Ukraine – to which it supplied F-16 aircraft – Schranzhofer said the idea of a remote “kill switch” was “more than just a rumor.”
Notepad++ declares hardened update process ’effectively unexploitable’ - Version 8.9.2 adds verification of the signed XML returned by notepad-plus-plus.org. Combined with verification of the signed installer, introduced in version 8.8.9, the update process now validates both the instructions and the payload - the basis for the “unexploitable” claim.
Your AI-generated password isn’t random, it just looks that way Seemingly complex strings are actually highly predictable, crackable within hours - The researchers took to Claude, running the Opus 4.6 model, and prompted it 50 times, each in separate conversations and windows, to generate a password. Of the 50 returned, only 30 were unique (20 duplicates, 18 of which were the exact same string), and the vast majority started and ended with the same characters.
Texas sues TP-Link over China links and security vulnerabilities - TP-Link’s networking and smart home devices are manufactured and developed by Chinese subsidiaries owned and managed by the company. The petition claims the facilities in Vietnam perform only final assembly, with the vast majority of components imported from China and Vietnam-sourced parts accounting for less than one percent of the devices’ components.
Fraudster hacked hotel system, paid 1 cent for luxury rooms, Spanish cops say - Days later, however, when the site transferred the actual amount paid to the hotel, the payment-validation scam surfaced, indicating that the crook paid just one cent for rooms costing €1,000 ($1,179) per night.
NASA repurposes Mars Helicopter’s ancient Snapdragon SoC to help Perseverance rover navigate - NASA has revealed it repurposed the processor the Perseverance rover used to communicate with the Ingenuity Mars Helicopter, to help the rolling robot navigate the Red Planet autonomously “for potentially unlimited distances.”The aerospace agency revealed the hack last week in a post that says it used the rover’s Helicopter Base Station (HBS) because its processor is 100 times faster than the rover’s other kit. NASA Post
Ex-Google engineers accused of helping themselves to chip security secrets - Authorities say the alleged scheme went beyond simple downloads, with steps taken to hide the activity, including destroying records, submitting false statements, and even photographing screens rather than moving documents directly.
ShinyHunters demands $1.5M not to leak Vegas casino and resort chain data - On Friday, the cybercrime crew listed the hospitality company on its blog, claiming to have stolen more than 800,000 records containing employees’ Social Security numbers and other private details. The extortionists set a February 23 deadline for Wynn to “reach out” and threatened to leak the data, “along with several annoying (digital) problems that’ll come your way,” if the resort chain did not comply with the demands.
European Data Soverignty May Be Harder Than Expected - He tried building his startup entirely on European infrastructure. Here’s the stack he landed on, what was harder than expected, and what you still can’t avoid.
AI coding assistant Cline compromised to create more OpenClaw chaos - Someone compromised open source AI coding assistant Cline CLI’s npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers’ machines without their knowledge but took no malicious actions.
Android malware taps Gemini to navigate infected devices - “The AI model and prompt are predefined in the code and cannot be changed,” he wrote. “Since Android malware often relies on UI navigation, leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, which can greatly expand the pool of potential victims.”
Crims hit a $20M jackpot via malware-stuffed ATMs - Of the 1,900 such incidents reported since 2020, more than 700 occurred in 2025 alone
Attackers have 16-digit card numbers, expiry dates, but not names. Now org gets £500k fine - The malware went unnoticed for nine months, hoovering up 5.6 million payment card details and the personal information belonging to around 14 million people, the ICO confirmed when issuing its MPN.
Microsoft says Office bug exposed customers’ confidential emails to Copilot AI - The bug allowed Copilot Chat to read and outline the contents of emails since January, even if customers had data loss prevention policies to prevent ingesting their sensitive information into Microsoft’s large language model.
Americans are destroying Flock surveillance cameras - Oh no…stop…don’t…
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies - Notably, all of this works without requiring an API key or a registered account, thereby rendering traditional approaches like key revocation or account suspension useless.
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs - The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview.
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens - The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded into the packages comes with capabilities to siphon system information, access tokens, environment secrets, and API keys from developer environments and automatically propagate by abusing stolen npm and GitHub identities to extend its reach.
Palantir, Which Is Powering ICE, Says Immigration Crackdown May Hurt Hiring - “Further, if we are not able to recruit, hire, or retain the talent we need because of increased regulation of immigration or work visas, including limitations placed on the number of visas granted, changes to application processes or fees, limitations on the type of work performed or location in which the work can be performed, and new or higher minimum salary requirements, it could be more difficult to staff our personnel on customer engagements and could increase our costs,” Palantir’s latest 10-K, filed on Tuesday, reads. “Additionally, laws and regulations, such as restrictive immigration laws, may limit our ability to recruit outside of the United States. We seek to retain and motivate existing personnel through our compensation practices, company culture, and career development opportunities. If we fail to attract new personnel or to retain our current personnel, our business and operations could be harmed,” the filing continues.
Meta Director of AI Safety Allows AI Agent to Accidentally Delete Her Inbox - “Nothing humbles you like telling your OpenClaw ‘confirm before acting’ and watching it speedrun deleting your inbox,” Yue said. “I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.”
Hackers target Microsoft Entra accounts in device code vishing attacks - Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the device authorization flow to trick victims into authenticating. Vishing = Voice Phishing, phone calls to socially engineer people into turning over needed info, e.g.; a one time code
Predator spyware hooks iOS SpringBoard to hide mic, camera activity - Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. The malware does not exploit any iOS vulnerability but leverages previously obtained kernel-level access to hijack system indicators that would otherwise expose its surveillance operation.