Why the shift left dream has become a nightmare for security and developers
Written by Ivan Milenkovic, Vice President Risk Technology EMEA, Qualys For the better part of the last decade,we have engaged in a comfortable fiction around…
Month: February 2026
PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months
PayPal Data Breach PayPal has issued a formal data breach notification disclosing that a coding error in its PayPal Working Capital (PPWC) loan application exposed…
Age verification vendor Persona left frontend exposed
Three researchers investigating Discord’s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far…
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous…
Grandstream VoIP Phones Vulnerability Allows Attackers to Gain Root Privileges
VoIP desk phones are trusted devices, but many are managed like office furniture. A newly disclosed flaw in Grandstream phones shows how a simple network-facing…
Google Blocks 1.75 Million Malicious Apps from Entering Play Store
Google has revealed that it blocked more than 1.75 million malicious or policy‑violating Android apps from reaching users through the Play Store in 2025, highlighting…
Cybercrime Magazine Releases Its First YouTube Short, More On The Way
The award-winning Cybercrime Magazine YouTube Channel released its first Short last month and the video has more than 720,000 Views. In less than two minutes, our host Taylor Fox…
LLMs change their answers based on who’s asking
AI chatbots may deliver unequal answers depending on who is asking the question. A new study from the MIT Center for Constructive Communication finds that…
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT RAT
Ravie LakshmananFeb 20, 2026Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a…
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S. Pierluigi Paganini February 20, 2026 A Ukrainian man was sentenced to five years…
PayPal discloses data breach that exposed user info for 6 months
PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers,…
CharlieKirk Grabber Stealer Attacking Windows Systems to Exfiltrate Login Credentials
A new Python-based infostealer called CharlieKirk Grabber has been identified targeting Windows systems, with a focused goal of stealing stored login credentials, browser cookies, and…