Ticker feed

Moltbook, an AI agent social network launched in January 2026, is leaking email addresses, login tokens, and API keys for all 1.5 million registered users through a critical database vulnerability. The platform, created by Octane AI's Matt Schlicht, allows AI agents to post and interact, but researchers discovered anyone can access user data without authentication through simple web queries.

The breach gets worse: most "users" are fake. A single bot called OpenClaw created 500,000 fraudulent accounts due to zero rate limiting on registrations. Security experts including Andrej Karpathy called it a "computer security nightmare," warning that exposed API keys could let attackers hijack agents and access connected services like email and calendars. Moltbook hasn't responded to security disclosures or issued patches.

Source: Cybersecurity News

US authorities have investigated allegations that Meta can access users' supposedly encrypted WhatsApp conversations, according to Bloomberg reports. The claims emerged from a lawsuit filed by Quinn Emanuel law firm, citing unnamed whistleblowers from five countries who allege Meta can read "virtually all" private WhatsApp chats.

Meta strongly denies the accusations, calling them "categorically false and absurd." The company suggests this is a tactic to help NSO Group, the Israeli spyware firm that recently lost a $167 million judgment to WhatsApp for targeting journalists and activists.

Security experts remain skeptical. UCL professor Steven Murdoch called the lawsuit "strange," noting such a massive privacy breach would likely have leaked from within the company by now.

Source: The Guardian

eScan antivirus users worldwide received malware through official updates last week after hackers compromised the company's update servers. The attack occurred on January 20, when cybercriminals pushed a malicious 'Reload.exe' file that blocked future updates and installed additional malware.

Morphisec security researchers detected the breach and reported it to eScan's parent company MicroWorld Technologies on January 21. eScan confirmed unauthorized access to their regional update server and took affected servers offline for eight hours.

The malware modified users' systems so thoroughly that automatic fixes aren't possible. Affected customers must contact eScan's technical support for a manual cleanup tool. Despite confirming the breach, eScan disputes Morphisec's characterization of the incident and is reportedly consulting lawyers.

Source: Security Week

Russian-linked threat actors attacked Poland's power grid, targeting communication and control systems at roughly 30 sites including wind, solar, and heat facilities. The attack, attributed to the Sandworm group, marked the first major operation specifically targeting distributed energy resources.

While no power outages occurred, hackers permanently "bricked" some industrial control devices beyond repair. The attackers deployed wiper malware and systematically compromised remote terminal units that connect physical equipment to control systems.

Unlike previous coordinated attacks on Ukraine's grid, this operation appeared rushed and opportunistic. Security firm Dragos noted the compressed timeline prevented more devastating damage, though the threat group possesses capabilities for greater destruction.

Source: SecurityWeek

Chinese state-backed hacking groups are unleashing advanced cyber weapons across Asia, with the region accounting for over half of all global APT activity. Trend Micro has tracked two threat actors since 2023 using "PeckBirdy," a sophisticated command-and-control tool that adapts to different environments.

One group infected Chinese gambling sites, tricking visitors with fake Chrome updates that installed backdoors called "Holodonut" and "MKDoor." A separate espionage-focused group targeted Asian government agencies and private organizations using the same versatile malware.

PeckBirdy's power lies in its adaptability—written in JScript, it can operate in browsers, Windows utilities, or server environments. This allows hackers to use identical tools whether targeting casual gamblers or government employees, maximizing efficiency while staying undetected.

Source: Dark Reading

Google's Threat Intelligence Group warns that hackers are actively exploiting a critical WinRAR vulnerability (CVE-2025-8088) discovered and patched in July 2025. The flaw allows attackers to drop malicious files into Windows Startup folders through specially crafted RAR archives.

Russian groups like APT44 and Turla are targeting Ukrainian military and government entities, while Chinese actors deploy POISONIVY malware. Criminal groups are also using the exploit to spread ransomware and steal data from commercial targets.

The vulnerability works by hiding malicious payloads in decoy files within RAR archives. When users open these files, the exploit writes malware to critical system directories for persistence. Despite a patch being available since July 30, widespread exploitation continues across diverse threat operations.

Source: Google Cloud Blog

A London judge ordered Saudi Arabia to pay over £3 million to satirist Ghanem al-Masarir after ruling the kingdom hacked his phones with Pegasus spyware and orchestrated a 2018 physical attack outside Harrods. Judge Pushpinder Saini found Saudi Arabia responsible for "grossly intrusive" surveillance that turned al-Masarir's smartphones into "bugging devices," secretly transmitting his personal data to the hostile state.

Al-Masarir, whose YouTube channels have 300 million views, still suffers severe depression seven years later and rarely leaves home. Saudi Arabia failed to defend the case after losing immunity arguments. The ruling represents a rare legal victory against the kingdom's transnational repression tactics.

Source: The Guardian

The Justice Department charged 31 more people in a massive ATM "jackpotting" scheme, bringing total defendants to 87. Most suspects are Venezuelan nationals, including members of the Tren de Aragua crime syndicate, plus some Colombians.

The criminals used Ploutus malware to hack ATMs and steal millions. They physically tampered with machines, swapping hard drives or using USB devices to install the malware. Once activated, it forced ATMs to spit out cash, then deleted itself to avoid detection.

While Ploutus peaked in 2017-2018, it remained active through last year. All charged individuals face deportation after conviction.

Source: Security Week

Microsoft released an emergency patch for CVE-2026-21509, a zero-day vulnerability in Office and Microsoft 365 that attackers are actively exploiting. The bug allows hackers to bypass security controls and execute malicious code by tricking users into opening infected Office files.

CISA added the vulnerability to its known exploited list, giving federal agencies until February 16 to patch or stop using affected products. Security experts believe this is likely a tool for advanced persistent threats, possibly state-sponsored groups targeting high-value victims through social engineering.

Office 2021 users just need to restart their apps for automatic protection, while Office 2016 and 2019 users must install manual updates.

Source: Dark Reading

Security firm Koi discovered six vulnerabilities dubbed 'PackageGate' affecting major JavaScript package managers including NPM, PNPM, VLT, and Bun. These flaws can bypass existing supply chain protections, allowing attackers to execute malicious code through compromised dependencies.

The vulnerabilities work differently across managers: NPM can be exploited through malicious .npmrc files in Git dependencies, while PNPM's script protections don't cover Git processing. VLT has path traversal issues in tarball extraction, and Bun's allow lists can be spoofed.

PNPM, VLT, and Bun quickly patched their issues, but NPM dismissed the report as 'informative,' claiming the behavior works as intended. GitHub maintains that users accept repository risks when installing Git dependencies.

Source: SecurityWeek