Odido, the Netherlands' biggest mobile phone operator, disclosed a massive data breach affecting up to 6.2 million customers last week. Hackers accessed the company's customer contact system, stealing names, addresses, email addresses, bank account numbers, birth dates, and passport or driver's license numbers.

While Odido emphasized that passwords, call records, and billing data weren't compromised, cybersecurity experts warn the stolen information could fuel convincing phishing attacks and identity fraud. The company quickly ended unauthorized access and brought in external security experts to strengthen defenses.

Odido is warning customers to watch for suspicious calls, texts, and fake invoices appearing to come from the company. Affected users will be contacted directly by Odido.

Source: Infosecurity Magazine

Attackers are actively exploiting CVE-2026-1731, a critical vulnerability in BeyondTrust's self-hosted systems that allows complete domain takeover without authentication. The flaw lets hackers execute operating system commands remotely through crafted HTTP requests, earning a devastating 9.8 CVSS score.

Threat actors are deploying SimpleHelp remote access tools and creating privileged domain accounts with Enterprise Admin rights. Arctic Wolf researchers found attackers using reconnaissance commands to map Active Directory networks before spreading across multiple hosts via PSExec and Impacket tools.

Cloud customers received automatic patches on February 2, 2026, but self-hosted users running Remote Support 25.3.1 or Privileged Remote Access 24.3.4 must manually apply updates immediately. CISA warns older versions need upgrades first before patching.

Source: Cybersecurity News

A major data breach at business services provider Conduent has exposed personal information of nearly 17,000 Volvo Group North America employees. Hackers accessed Conduent's network from October 2024 to January 2025, stealing names, addresses, Social Security numbers, birth dates, and medical data. The Safepay ransomware group claimed responsibility for the February attack.

The breach's scope keeps expanding dramatically. Initially affecting 10 million people, recent updates show over 20 million individuals impacted across multiple states. Texas alone saw numbers jump from 4 million to 15 million affected residents.

Volvo only learned about the incident in January 2026, highlighting delays in breach notifications. This marks the second third-party breach hitting Volvo recently, following a September ransomware attack on Swedish IT company Miljödata.

Source: SecurityWeek

The city of Peabody is notifying residents about a data breach that occurred last summer. Hackers gained access to city systems on June 13, 2025, but officials didn't discover the breach until July 7. Mayor Ted Bettencourt's office confirmed the hack is real after some residents initially thought notification letters were scams.

Cybersecurity expert Peter Tran calls cities a "treasure trove" for hackers, noting that budget constraints often leave municipalities with weaker security than private companies. He recommends residents freeze their credit, set up fraud alerts, and change passwords.

Resident Skip O'Neil, who lived in Peabody decades ago, received a notification letter and spent an hour checking his accounts. The city is reviewing security policies and hasn't received reports of information misuse yet.

Source: CBS Boston

Cybercriminals began exploiting a critical BeyondTrust vulnerability just 24 hours after proof-of-concept code went public on February 10. The flaw, CVE-2026-1731, allows unauthenticated remote code execution in BeyondTrust Remote Support and Privileged Remote Access products used widely in enterprise environments.

Hacktron AI researchers found roughly 11,000 exposed instances online, including 8,500 on-premises deployments. GreyNoise detected attacks from multiple IP addresses, with one Frankfurt-based VPN accounting for 86% of reconnaissance activity.

The same threat actors previously targeted SonicWall, MOVEit, Apache, and Sophos vulnerabilities. BeyondTrust released patches on February 6, but the rapid exploitation highlights the critical need for immediate updates in enterprise remote access systems.

Source: SecurityWeek

Two critical zero-day vulnerabilities in Ivanti's Endpoint Manager Mobile solution sparked a fresh wave of cyberattacks targeting European government agencies in late January. CVE-2026-1281 and CVE-2026-1340, both scoring 9.8/10 on the CVSS scale, enabled remote code execution on compromised systems.

The European Commission, Dutch and Finnish government agencies fell victim within days of Ivanti's January 29 disclosure. The EU attack lasted nine hours, exposing staff names and mobile numbers, while Finland's breach affected 50,000 individuals' personal data.

Researchers traced 83% of subsequent attacks to a single IP address that remained active as of February 12. This marks another chapter in Ivanti's troubled security history, raising questions about why critical organizations continue relying on repeatedly compromised infrastructure despite the mounting risks.

Source: Dark Reading

Dozens of Northern Ireland police officers who were victims of a major 2023 data breach have had their names published again - this time on the NI Courts website while pursuing compensation claims.

The Department of Justice quickly removed the court listings as a precautionary measure after being alerted. Justice Minister Naomi Long insisted no error was made, explaining that court lists are routinely published unless lawyers request anonymity from judges.

UUP leader Jon Burrows said 41 officers were named and the information spread virally on WhatsApp. Police Federation chair Liam Kelly called it "another avoidable and embarrassing error."

The original 2023 breach exposed nearly 10,000 PSNI staff details. Officers have been offered £7,500 compensation each from a £119m fund.

Source: BBC News

The National Cyber Security Centre has issued an urgent alert to operators of Britain's critical infrastructure following coordinated cyber-attacks on Poland's energy systems in December. Jonathan Ellison, NCSC's director for national resilience, warned that attacks disrupting essential services aren't "far-fetched" and urged immediate action.

The warning covers energy, water, transport, health, and telecommunications sectors. NCSC defines severe threats as deliberate attacks aimed at shutting down operations, damaging industrial control systems, or erasing data to prevent recovery.

Recommended defenses include patching vulnerabilities, implementing multi-factor authentication, and strengthening network monitoring. The upcoming Cyber Security and Resilience Bill will help manage the UK's collective vulnerability against modern threats.

Source: Infosecurity Magazine

Microsoft's February Patch Tuesday isn't routine maintenance—it's active defense. Attackers are already exploiting six of the 59 disclosed vulnerabilities, making immediate patching critical.

Three zero-days bypass security features in Windows and Office products. CVE-2026-21510 lets attackers slip past SmartScreen protections, while CVE-2026-21513 affects the MSHTML framework and CVE-2026-21514 targets Word documents. All require user interaction but can execute malicious code without warnings.

Two additional zero-days enable privilege escalation to admin-level access, and another causes denial-of-service attacks. Microsoft even issued an emergency out-of-band patch for a similar Office vulnerability in January.

Security experts warn these bypass vulnerabilities dramatically increase phishing and malware campaign success rates, especially dangerous given the widespread use of affected components like Word and Windows Shell.

Source: Dark Reading

Google's latest threat intelligence report reveals a major shift in cyber-espionage tactics, with state-sponsored hackers now personally targeting defense industry employees rather than just corporate networks. The attacks have expanded beyond traditional defense contractors to include broader industrial suppliers like German aerospace firms and UK carmakers.

Russian, North Korean, Chinese, and Iranian groups are using sophisticated social engineering, including fake job offers, spoofed recruitment sites, and personalized emails referencing targets' family lives. North Korean hackers successfully infiltrated over 100 US companies as remote workers, while Ukrainian authorities report a 37% spike in cyber incidents from 2024 to 2025.

The personal approach makes detection harder since attacks occur outside corporate security systems, creating new vulnerabilities across the entire defense supply chain.

Source: The Guardian