Malicious extension with nearly 1K installs lures AI devs with #MCP branding. Opens remote WebSocket: enabling remote JS execution, captures screenshots and history. #Agentic workflows are now a big attack surface in #BrowserSecurity. Details at bit.ly/4bXvKBH

IcedID malware developer faked his own death to avoid being arrested Ukrainian police officers were bribed to fake his death certificate. He was arrested in December A 2nd IcedID malware developer has also been arrested in Ukraine c/o Catalin Cimpanu na01.safelinks.protection.outlook.com/?url=https%3A%…

‼️ New BreachForums .BF clearnet domain: breachforums[.]as Looks like they may have lost .bf again 🤷‍♀️

True IP, fresh build. #shinyhunters IP LEAK 91.202.4[.]68 38.69.12[.]23 toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd[.]onion shinypogk4jjniry5qi7247tznop6mxdrdte2k6pdu5cyo43vdzmrwid[.]onion Dominic Alvieri Dark Web Informer

LockBit still on vacation breaching spas 1 in Mauritius - gangster /sands[.]mu 1 in the Turks and Caicos

Police arrests 651 suspects in African cybercrime crackdown - Sergiu Gatlan bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

💣 From Zero-Day to Day-Zero: Who was behind LockBitSupp? An independent OSINT investigation reveals a 3-year pattern of activity and vehicle use linking Evgeny Dementyev to the infamous alias. Read the full story 👉 justpaste.it/iw99v #LockBit #OSINT

Breaking Las Vegas Wynn Resorts has allegedly been breached by ShinyHunters Over 800K records of personally identifiable information has allegedly been compromised Wynn Las Vegas

🚨Cyber Alert ‼️ 🇺🇸United States - 𝗪𝘆𝗻𝗻 𝗥𝗲𝘀𝗼𝗿𝘁𝘀 ShinyHunters hacking group claims to have breached Wynn Resorts. Threat actor: ShinyHunters Sector: Hospitality Data exposure (claimed): 800,000 records Data type: Personal data and employee data Observed: Feb 20, 2026

#MuddyWater is back with #OperationOlalampo, deploying four new malware families including CHAR – a rust backdoor, GhostFetch – a loader that deploys GhostBackDoor, and HTTP_VIP – a loader and a backdoor. The campaign leverages Telegram bots for C2, exposing real-time

PayPal discloses data breach that exposed user info for 6 months - Sergiu Gatlan bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

CarGurus data has just been leaked Over 1.7 million records dumped ~ /vault/DumpinDonuts$

‼️ Remember, companies like Persona, do not care about you.

Zscaler ThreatLabz has published a technical analysis of APT37's Ruby Jumper campaign, a DPRK-backed attack leveraging Windows LNK files and newly discovered tools: RESTLEAF, SNAKEDROPPER, THUMBSBD, VIRUSTASK, and FOOTWINE. This campaign leverages removable media to enable

Our threat actor series returns with a deep dive into ShinyHunters - one of the most persistent data-theft and extortion brands over the past five years. This profile cuts through: • Public breach claims vs verified attribution • Branding vs technical intrusion clusters •

Coruna exploit kit is targeting iOS. Coruna leverages 23 exploits against Apple devices running iOS 13-17.2.1. It is being used for espionage, and by financially motivated actors to steal crypto. Update your iOS devices, and learn more about this threat: bit.ly/4rbeltc

‼️BREAKING: LeakBase is showing that it has been seized by law enforcement via updated Whois information. There is currently no seizure banner showing.

LeakBase has been seized

John Daghita (Lick) was arrested in the Caribbean yesterday as a direct result of my investigation. In late January 2026, I exposed how John stole $ 46M+ in seized crypto assets from the US government by abusing access at CMDSS, his father's company, which held a USMS contract.

BREAKING: foreign hacker compromised Epstein files held by FBI. Source describes it as cybercriminal. "included combing through certain files pertaining to the Epstein investigation.” Previously all we knew was: there was some sort of breach. By Raphael Satter 1/