Ticker feed

Dozens of Northern Ireland police officers who were victims of a major 2023 data breach have had their names published again - this time on the NI Courts website while pursuing compensation claims.

The Department of Justice quickly removed the court listings as a precautionary measure after being alerted. Justice Minister Naomi Long insisted no error was made, explaining that court lists are routinely published unless lawyers request anonymity from judges.

UUP leader Jon Burrows said 41 officers were named and the information spread virally on WhatsApp. Police Federation chair Liam Kelly called it "another avoidable and embarrassing error."

The original 2023 breach exposed nearly 10,000 PSNI staff details. Officers have been offered £7,500 compensation each from a £119m fund.

Source: BBC News

The National Cyber Security Centre has issued an urgent alert to operators of Britain's critical infrastructure following coordinated cyber-attacks on Poland's energy systems in December. Jonathan Ellison, NCSC's director for national resilience, warned that attacks disrupting essential services aren't "far-fetched" and urged immediate action.

The warning covers energy, water, transport, health, and telecommunications sectors. NCSC defines severe threats as deliberate attacks aimed at shutting down operations, damaging industrial control systems, or erasing data to prevent recovery.

Recommended defenses include patching vulnerabilities, implementing multi-factor authentication, and strengthening network monitoring. The upcoming Cyber Security and Resilience Bill will help manage the UK's collective vulnerability against modern threats.

Source: Infosecurity Magazine

Microsoft's February Patch Tuesday isn't routine maintenance—it's active defense. Attackers are already exploiting six of the 59 disclosed vulnerabilities, making immediate patching critical.

Three zero-days bypass security features in Windows and Office products. CVE-2026-21510 lets attackers slip past SmartScreen protections, while CVE-2026-21513 affects the MSHTML framework and CVE-2026-21514 targets Word documents. All require user interaction but can execute malicious code without warnings.

Two additional zero-days enable privilege escalation to admin-level access, and another causes denial-of-service attacks. Microsoft even issued an emergency out-of-band patch for a similar Office vulnerability in January.

Security experts warn these bypass vulnerabilities dramatically increase phishing and malware campaign success rates, especially dangerous given the widespread use of affected components like Word and Windows Shell.

Source: Dark Reading

Google's latest threat intelligence report reveals a major shift in cyber-espionage tactics, with state-sponsored hackers now personally targeting defense industry employees rather than just corporate networks. The attacks have expanded beyond traditional defense contractors to include broader industrial suppliers like German aerospace firms and UK carmakers.

Russian, North Korean, Chinese, and Iranian groups are using sophisticated social engineering, including fake job offers, spoofed recruitment sites, and personalized emails referencing targets' family lives. North Korean hackers successfully infiltrated over 100 US companies as remote workers, while Ukrainian authorities report a 37% spike in cyber incidents from 2024 to 2025.

The personal approach makes detection harder since attacks occur outside corporate security systems, creating new vulnerabilities across the entire defense supply chain.

Source: The Guardian

A state-sponsored hacking group, likely from China, has compromised at least 70 organizations across 37 countries in what Palo Alto Networks calls the "Shadow Campaign." The cyberspies targeted government agencies, including parliaments, law enforcement, border control, and national telecommunications companies in 155 countries.

The group, tracked as TGR-STA-1030, has been active since at least January 2024 and operates in the GMT+8 timezone. They use sophisticated email phishing to install malware and deploy "ShadowGuard," a previously unknown Linux rootkit that helps them stay hidden.

Targets include finance ministries, counter-terrorism organizations, and a senior elected official. Palo Alto warns the campaign poses serious long-term risks to national security and critical services.

Source: Security Week

BeyondTrust disclosed a critical zero-day vulnerability (CVE-2026-1731) in its Remote Support and Privileged Remote Access platforms that lets attackers execute commands without authentication. The flaw affects Remote Support versions 25.3.1 and earlier, plus Privileged Remote Access versions 24.3.4 and prior.

SaaS customers received automatic patches on February 2, 2026, but self-hosted users must manually apply patches BT26-02-RS or BT26-02-PRA. Older versions need upgrades first before patching.

Discovered by Harsh Jaiswal and Hacktron AI using variant analysis, this vulnerability poses severe risks since BeyondTrust products manage privileged access across enterprise networks. Successful attacks could compromise entire organizational infrastructures.

Source: Cybersecurity News

Michael, a 47-year-old Victorian schoolteacher, had his digital identity stolen after applying for rentals online in November and December. Someone used his passport details to transfer his phone number, then accessed his bank and superannuation accounts to make unauthorized transfers.

His case highlights broader security concerns with rental platforms. Guardian Australia found millions of leasing documents on seven platforms could be accessed without authentication. A new report identified 57 rental tech platforms in Australia, with some collecting up to 50 different data fields per applicant.

Experts warn renters don't understand where their data goes or how secure these platforms are, calling for stronger regulation of the sector.

Source: The Guardian

A sophisticated supply chain attack targeting Notepad++ users ran from June to December 2025, with attackers compromising the software's hosting provider to hijack update traffic. Instead of exploiting the code itself, hackers redirected users to malicious servers that served compromised executables through the built-in WinGUp updater.

Security analysts believe Chinese state-sponsored actors were behind the highly targeted operation, which selectively focused on Notepad++ while ignoring other customers on the shared hosting server. The attackers maintained access through exposed credentials until December 2025, even after losing direct server access in September following security updates.

The hosting provider has since rotated all credentials and patched vulnerabilities, with no other customers affected.

Source: Infosecurity Magazine

The Molly Rose Foundation has issued a public warning about the "Com" - a global hacking network targeting vulnerable children for sexual abuse, self-harm, and suicide. The loose community of teenagers and young adults operates across Discord and Telegram, preying on children through gaming platforms and fake support groups.

The network includes three main groups: Sadism Com (sexual exploitation), Terror Com (promoting extremist ideologies), and Finance Com (corporate hacking). Members have been linked to major retailer breaches and serious crimes, including Cameron Finnigan's nine-year sentence for encouraging suicide online.

Victims, particularly girls and neurodivergent children, face rapid escalation of abuse within hours of contact. UK Minister Jess Phillips vowed to "hunt down perpetrators" and shut down these networks.

Source: The Guardian

Newsletter platform Substack disclosed a security breach after hackers leaked data from nearly 700,000 user accounts on cybercrime forums. The October 2025 attack exposed email addresses, phone numbers, names, and profile information, but passwords and payment details remained secure.

CEO Chris Best notified the platform's 35 million subscribers on February 3, months after the initial breach. The hacker described their "scraping" attack as "noisy," which helped Substack detect and stop it quickly.

While there's no evidence the stolen data has been misused, users should watch for suspicious emails and texts targeting the compromised information.

Source: Security Week