Ticker feed

Researchers discovered two serious vulnerabilities in Google Looker, a business intelligence platform used by over 60,000 companies including Walmart and Coinbase. The first bug allows SQL injection attacks to steal internal database secrets through error messages. The second, more dangerous flaw enables remote code execution by manipulating Git hooks through a complex exploit chain involving path traversal and race conditions.

On Google Cloud Platform, attackers could potentially access other customers' data due to shared infrastructure. Google has patched both issues, but organizations using on-premises deployments must manually update. The fixes require significant downtime and testing, which may delay critical updates for this central data hub.

Source: Dark Reading

Kyle Svara, 27, of Oswego, Illinois, pleaded guilty in Boston federal court to hacking women's Snapchat accounts to steal and sell nude photos. Between May 2020 and February 2021, Svara impersonated Snapchat employees to trick over 4,500 women into sharing access codes. He successfully breached 570 accounts and downloaded explicit images from 59 of them.

Svara then sold or traded these stolen photos on internet forums, including to former Northeastern University track coach Steve Waithe, who had hired him to target female student athletes. Waithe was already sentenced to five years in prison for related crimes. Svara faces over 20 years behind bars for charges including identity theft, wire fraud, and computer fraud.

Source: CBS Chicago

Orca Security discovered that GitHub Codespaces automatically executes VS Code configuration files when users open repositories or pull requests, creating a pathway for supply chain attacks. Attackers can embed malicious commands in JSON files within the .vscode/ folder that execute without user approval.

The vulnerability allows hackers to steal GitHub tokens, Codespaces secrets, and other sensitive data. In one attack scenario, bad actors could fork public repositories, create malicious pull requests, and when maintainers open them via Codespaces, their GitHub tokens get compromised. This enables attackers to push verified code as legitimate maintainers.

Microsoft told Orca this behavior is intentional, raising concerns about the security implications of automated configuration execution in cloud development environments.

Source: SecurityWeek

Cybercriminals are exploiting a sneaky new trick: using Windows screensaver files (.scr) to slip past security defenses and compromise organizations. ReliaQuest researchers discovered attackers sending business-themed phishing emails with links to malicious screensaver files hosted on cloud storage platforms.

The clever part? Most people don't realize screensaver files are actually executable programs that can run any code. This makes them perfect for bypassing security tools that might catch traditional malware.

Once victims download and run these files, they install legitimate remote management tools like JWrapper, giving hackers full control over the infected computer. From there, attackers can steal data, spread through networks, or deploy ransomware.

Source: Dark Reading

Russia's APT28 hacking group weaponized a Microsoft Office vulnerability just three days after Microsoft released an emergency patch on January 26. The notorious cyber-espionage unit, linked to Russia's GRU military intelligence, launched "Operation Neusploit" on January 29, targeting organizations across Central and Eastern Europe.

The attackers use specially crafted documents to steal emails and deploy malware through a multi-stage infection chain. They're sending phishing emails in English, Romanian, Slovak, and Ukrainian to maximize their reach. APT28 employs geographic filtering to stay under the radar, only delivering malicious payloads to targeted regions.

Security experts call the three-day turnaround "absurd" and warn other threat actors will likely follow suit using publicly available proof-of-concept code.

Source: Dark Reading

Kaiser Permanente will pay $46 million to settle lawsuits over alleged patient data breaches from November 2017 to May 2024. The health giant's websites and mobile apps allegedly shared confidential information with Google, Microsoft, Meta, and Twitter/X without patient consent.

The exposed data included names, IP addresses, medical histories, and communications with healthcare providers. Kaiser denies wrongdoing but agreed to settle to avoid prolonged litigation.

Current and former Kaiser members in nine states and DC who used the company's digital platforms during this period can file claims. Most eligible members will receive $20-$40. Claims must be filed by March 12, 2026, using a unique ID sent via email or mail.

Source: CBS San Francisco

Russia's APT28 hacking group is actively exploiting a critical Microsoft Office zero-day vulnerability to target victims across Ukraine, Slovakia, and Romania. The attackers send weaponized RTF documents in local languages that silently install malware when opened.

Zscaler researchers discovered the campaign in January 2026, with active attacks occurring just three days after Microsoft's emergency patch on January 26. The hackers deploy two types of malware: MiniDoor steals emails from Outlook, while PixyNetLoader provides remote access to compromised systems.

The sophisticated operation uses geographic filtering to evade detection, only delivering payloads to targets in specific regions with correct HTTP headers.

Source: Cybersecurity News

Chinese state-sponsored hackers conducted a sophisticated supply chain attack against Notepad++ users from June to December 2025, targeting telecoms and financial firms in East Asia. The attackers compromised the text editor's hosting provider to intercept and redirect update traffic to malicious servers.

Creator Don Ho revealed that hackers gained infrastructure-level access to selectively target specific users while leaving others unaffected. The hosting provider discovered the breach affected only Notepad++ traffic, with attackers maintaining access until December 2025 despite server maintenance in September.

Notepad++ has since moved to a new hosting provider and added client-side verification to prevent future update hijacking.

Source: Security Week

The ShinyHunters threat group has ramped up sophisticated extortion attacks targeting cloud-based systems across multiple organizations. Google Cloud analysts discovered the criminals use voice phishing calls, pretending to be IT staff, to trick employees into visiting fake login websites that steal credentials and multi-factor authentication codes.

Once inside company systems, attackers access platforms like SharePoint, Salesforce, and Slack to steal confidential documents. They specifically search for files containing terms like "confidential" and "internal." The group then demands Bitcoin payments within 72 hours, providing stolen data samples as proof.

Google tracks this activity under three threat clusters: UNC6661, UNC6671, and UNC6240. Security experts recommend phishing-resistant authentication like FIDO2 security keys to prevent these social engineering attacks.

Source: Cybersecurity News

A digitally literate young person who received workplace cybersecurity training still fell victim to a sophisticated banking scam while on vacation. The scammer sent a text claiming 12,805 "awards points" would expire, leading to a fake banking website that perfectly mimicked the real one.

After entering login credentials and authorizing a $2.99 shipping fee for a "free" smartwatch, scammers used cardless cash to withdraw $500 from a Melbourne ATM. The victim only discovered the theft days later when checking holiday expenses.

Similar scams have targeted Qantas, Telstra, and Coles customers. Australians lost nearly $260 million to scams in the first nine months of 2025. The bank refunded the money and issued new cards.

Source: The Guardian