The UK's National Cyber Security Centre has warned British businesses with Middle East operations to boost their cyber defenses against Iranian hackers following recent US-Israeli military strikes. While Iran's political and military leadership has been devastated, including the death of Supreme Leader Ayatollah Ali Khamenei, the NCSC says Iranian cyber actors "almost certainly" maintain attack capabilities.

The agency sees "heightened risk" for UK firms with Middle East offices or supply chains, though direct threats to Britain remain unchanged. Iran previously launched major cyber attacks between 2012-2014 against US banks, Saudi Aramco, and Las Vegas casinos.

Cybersecurity experts note Iran isn't as sophisticated as China or Russia but remains dangerous. CrowdStrike reports seeing threatening Iranian activity, including denial-of-service attacks attempting to overwhelm servers with traffic.

Source: The Guardian

Madison Square Garden has officially confirmed a data breach months after the Cl0p ransomware group targeted its Oracle E-Business Suite system in August 2025. The hackers exploited zero-day vulnerabilities and stole over 210GB of data from MSG's third-party hosted system, including names and Social Security numbers of customers.

The breach was part of a larger cybercrime campaign that hit more than 100 organizations using Oracle's enterprise software. Cl0p publicly named MSG as a victim in November and leaked the stolen data after the company apparently refused to pay ransom demands.

MSG Entertainment is now notifying affected individuals, with at least 11 Maine residents confirmed impacted, though the total number of victims remains unclear.

Source: Security Week

Security researchers have published exploit code for CVE-2026-2441, a critical Chrome vulnerability that Google confirmed is being actively exploited by attackers. The zero-day flaw affects Chrome's Blink rendering engine and allows hackers to execute malicious code just by tricking users into visiting a compromised website.

Google rushed out an emergency patch within two days after researcher Shaheen Fazim reported the bug on February 11, 2026. The vulnerability stems from a use-after-free error in Chrome's CSS font handling that can crash the browser and potentially lead to full system compromise when combined with other exploits.

The U.S. CISA has added this flaw to its known exploited vulnerabilities list. Chrome users need to update immediately to version 145.0.7632.75 or later.

Source: Cybersecurity News

Spanish police arrested a 20-year-old man who allegedly hacked a hotel booking website to reserve luxury rooms for just one cent instead of up to €1,000 per night. The suspect was caught at a Madrid hotel where he'd racked up over €20,000 in charges across multiple stays.

Police say he manipulated the payment validation system through a cyber attack, making it authorize transactions for €0.01 while appearing legitimate. The scam was discovered when the actual penny payments were transferred to hotels. Investigators tracked him down in just four days after a booking site reported suspicious activity. He was staying in a €4,000-per-night Madrid suite when arrested.

Source: BBC

Blockchain lender Figure Technology Solutions suffered a massive data breach affecting nearly 967,000 users after an employee fell for a social engineering attack. The ShinyHunters hacker group claims responsibility, posting over 2.4GB of stolen files on their dark web site.

The compromised data includes names, birth dates, email addresses, home addresses, and phone numbers of Figure customers. The Nasdaq-listed fintech company specializes in blockchain-based home equity loans and mortgages.

ShinyHunters says Figure was targeted as part of a broader Okta campaign using voice phishing to compromise single sign-on accounts. Other victims include Betterment, Crunchbase, and Panera Bread.

Source: Security Week

Cybercriminals are increasingly targeting industrial organizations, with 119 ransomware groups tracked in 2025 compared to 80 in 2024, according to Dragos researchers. Over 3,300 industrial organizations worldwide were hit by ransomware attacks, nearly double the 1,693 affected in 2024.

Manufacturing led as the most targeted sector, followed by transportation, oil and gas, electricity, and communications. Attackers primarily exploited remote-access portals like VPNs using stolen credentials obtained through phishing, malware, or dark web purchases.

The average "dwell time" before ransomware deployment was 42 days, allowing criminals to move quietly between IT and operational technology systems. One group used compromised VPN access to target SCADA virtual machines, causing operational delays despite not directly touching industrial equipment.

Dragos CEO Robert M. Lee warns that without comprehensive monitoring, future technologies like AI and distributed energy will create even greater security blind spots.

Source: Infosecurity Magazine

Kaspersky discovered "Keenadu" malware embedded in Android device firmware from multiple small manufacturers, affecting 13,000 devices globally as of February. The malware infiltrates every app on infected devices through Android's core Zygote process, giving attackers complete remote access.

The supply chain attack occurred when compromised firmware reached devices either pre-installed or through legitimate security updates. Russia has the most affected users, followed by Japan, Germany, Brazil, and the Netherlands.

Currently used for ad fraud, Keenadu can hijack browser searches, monitor Chrome queries, and manipulate shopping carts on Amazon, Shein, and Temu. Worryingly, researchers found connections between Keenadu and three major Android botnets: BADBOX, Triada, and Vo1d.

For firmware-level infections, complete firmware replacement is the only solution. Users should stop using infected devices until fixed.

Source: Dark Reading

Marks and Spencer has been reeling from a major cyber attack for over a week, costing millions in lost sales and hitting its share price. Security experts tell the BBC that ransomware called DragonForce was used, with fingers pointing at the Scattered Spider hacking group - some reportedly teenagers - who previously hit MGM Las Vegas.

The attack knocked out online ordering, paused deliveries, and left store shelves empty. M&S paused online orders Friday and won't say what happened or who's responsible. Cybersecurity experts say this looks like ransomware - malware that locks systems until criminals are paid a ransom.

Recovery is complex and slow for major retailers dependent on interconnected systems for everything from inventory to payments. Experts advise M&S customers to change passwords on other sites if they reused their M&S credentials.

Source: BBC

Cybercriminals are exploiting identity weaknesses more than ever, with identity-based attacks accounting for nearly two-thirds of network breaches in 2024, according to Palo Alto Networks' Unit 42 annual report.

Social engineering led the charge, responsible for one-third of the 750 incidents Unit 42 investigated. Attackers also used compromised credentials, brute-force attacks, and overly permissive access policies to break into systems.

The problem extends beyond initial access—identity issues played a role in nearly 90% of all incidents. Once attackers gain legitimate credentials, they're nearly invisible to security systems since their activity appears authorized.

Ransomware payments jumped 87% to a median of $500,000, while attackers moved faster than ever, stealing data within two days in most cases.

Source: CyberScoop

Google rushed out an emergency Chrome update after discovering attackers are actively exploiting a critical zero-day vulnerability. The flaw, CVE-2026-2441, is a use-after-free bug in Chrome's CSS handling that lets hackers execute malicious code remotely.

Researcher Shaheen Fazim reported the vulnerability just five days ago on February 11, 2026. Attackers are already weaponizing it in the wild, likely combining it with other exploits to break out of Chrome's security sandbox and gain system-level access on Windows, Mac, and Linux.

The patched versions are now rolling out: 145.0.7632.75/.76 for Windows and Mac, 144.0.7559.75 for Linux. Users should update immediately through Chrome's settings or let auto-updates handle it. Organizations need to prioritize this patch and watch for suspicious network activity.

Source: Cybersecurity News