Double-Tap Skimmers, AI Threats, and Record-Breaking DDoS Attacks: Cybersecurity Weekly Recap

Post Views: 11

Cybersecurity Incidents Highlight Ever-Evolving Threat Landscape

A recent surge in high-profile cybersecurity incidents has highlighted the ever-evolving threat landscape. This week’s developments underscore the need for vigilance, as threat actors continue to exploit vulnerabilities in various sectors.

Critical Zero-Day Vulnerability in Dell RecoverPoint

A critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, has been exploited by a suspected China-nexus threat cluster since mid-2024. The vulnerability, which affects versions prior to 6.0.3.1 HF1, involves the use of hard-coded credentials and has a CVSS score of 10.0. Attackers can exploit this vulnerability to upload a web shell and execute commands as root on the appliance, ultimately leading to the deployment of the BRICKSTORM backdoor.

Trade Secret Theft Indictments

Three individuals, including two former Google engineers and one of their husbands, have been indicted in the United States for allegedly committing trade secret theft from Google and other tech firms. The defendants are accused of conspiring to commit trade secret theft, theft, and attempted theft of trade secrets, and obstruction of justice.

PromptSpy Android Malware

Researchers at ESET have analyzed a new Android malware strain, dubbed PromptSpy, which leverages generative artificial intelligence (AI) to set up persistence on compromised devices. The malware uses Google Gemini to analyze the current screen and provide step-by-step instructions on how to ensure the malicious app remains pinned in the recent apps list.

Commercial Forensic Extraction Tool Misuse

A Kenyan dissident’s phone was compromised using a commercial forensic extraction tool manufactured by Cellebrite, according to evidence uncovered by The Citizen Lab. The incident highlights the risks associated with the use of such tools by law enforcement agencies.

Keenadu Android Backdoor

A new Android backdoor, codenamed Keenadu, has been detected in the wild. The malware is embedded deep within the device firmware and can silently harvest data and remotely control the device’s behavior. Keenadu can also infect other installed apps and deploy additional software from APK files.

Password Manager Security Concerns

A study conducted by researchers from ETH Zurich and Università della Svizzera italiana has cast doubt on the “zero knowledge” claims made by password managers Bitwarden, Dashlane, and LastPass. The study found that these claims are not true under all circumstances, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups.

Skimmer Malware Infection

The online store of a top-10 global supermarket chain has been infected with a skimmer malware that scans for admin users for WordPress, Magento, PrestaShop, and OpenCart to evade detection. The attack combines a seemingly off-the-shelf skimmer framework with a carefully localized fake payment form.

Cyber Scam Center Arrests

Nigerian authorities have arrested seven suspects who ran a cyber scam center in the city of Agbor. The group used social media ads to lure UK victims to bogus crypto investment portals.

LonTalk Protocol Security Risks

Claroty has called attention to security risks posed by the LonTalk proprietary protocol used for device-to-device communication in building management and automation systems (BMS and BAS).

GrayCharlie Threat Actor

A threat actor known as GrayCharlie has been observed compromising WordPress sites and injecting them with links to externally hosted JavaScript that redirects visitors to NetSupport RAT payloads delivered via fake browser update pages or ClickFix mechanisms.

Cyber Threat Landscape Report

Dataminr’s 2026 Cyber Threat Landscape Report has revealed that the “patching treadmill is broken,” driven by reliance on CVSS scores and a surge in patch bypasses.

Phishing Campaigns Target Taiwan

Phishing campaigns have targeted Taiwan with themes designed to exploit local business processes and ultimately deliver a known remote access trojan called Winos 4.0.

Brand Impersonation Protection

Microsoft has announced that it will start rolling out Brand Impersonation Protection for Teams Calling to detect and warn users of suspicious external calls.

ICS Advisories

CISA/ICS-CERT published 3,637 ICS advisories about 12,174 vulnerabilities affecting 2,783 products from 689 vendors between March 2010 and January 31, 2026.

LiteBox Sandbox Library

Microsoft has released LiteBox, a Rust-based project described as a “sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface.”

ChainedShark APT Group

A new APT group codenamed ChainedShark is targeting China’s academic and scientific research sector. Active since May 2024, the group’s main focus has been the collection of intelligence on Chinese diplomacy and marine technology.

Samsung Weather App Fingerprinting

Research has uncovered that Samsung’s pre-installed weather app is fingerprinting its users by means of a “placeid” parameter that’s trivially observable by the weather API provider.

Web DDoS Attacks Increase

A new analysis released by Radware has revealed that the number of web DDoS attacks climbed 101.4% in 2025 compared to 2024, and bad bot activity increased 91.8%, fueled by generative AI tools.