Issue #184 - February 2, 2026
- Feb 2
- 2 min read
Harvard, UPenn Data Leaked in ShinyHunters Shakedown
Source: Data Breach Today
Leaked Financial and Admissions Data Includes Contact Details for 'Top Donors’. Cyber extortion group ShinyHunters claimed responsibility Wednesday for late 2025 attacks against Harvard University and the University of Pennsylvania, publishing on a darkweb leak site what they claimed were more than 2 million records stolen from the two Ivy League schools.
Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability
Source: Security Week
The Russian cyber espionage group APT28 has rushed to add a recently patched Office vulnerability to its arsenal, with the first attacks observed just days after Microsoft announced fixes. The flaw, tracked as CVE-2026-21509, was addressed by Microsoft on January 26. The tech giant warned at the time that the vulnerability had been exploited as a zero-day and urged customers to apply the patches immediately.
Agentic AI Site 'Moltbook' Is Riddled With Security Risks
Source: Dark Reading
Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly accessible API. An experimental quasi-social-media platform for artificial intelligence (AI) agents publicly exposed the database it used to store all user secrets, personally identifying information (PII), and more. And cybersecurity experts warn that the risks inherent to the platform's design go far beyond just that.
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
Source: The Hacker News
Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since late 2025 to distribute disk image (DMG) installers that deploy stealer malware families like Atomic macOS Stealer (AMOS), MacSync, and DigitStealer.
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Source: Bleeping Computer
Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. Researchers at cybersecurity company Sophos observed the tactic while investigating recent ‘WantToCry’ ransomware incidents. They found the attackers used Windows VMs with identical hostnames, suggesting default templates generated by ISPsystem’s VMmanager.