New ransomware group claims attack on US Telecom firm WideOpenWest
A new ransomware group, Arkana, claims to have hacked U.S. telecom provider WideOpenWest (WOW!), gaining access to critical systems and stealing customer data. The attackers allege they can deploy malware, manipulate financial transactions, and tamper with billing information. They’re apparently using extortion tactics, including leaking sensitive leadership details and threatening to sell stolen data on the dark web. WOW! has not confirmed the breach, but cybersecurity experts warn of significant reputational and legal risks.
NSA warned of vulnerabilities in Signal app a month before Houthi strike chat
CBS News’ sources say the National Security Agency warned employees in February about vulnerabilities in the Signal messaging app, citing phishing risks targeting users. This comes after The Atlantic revealed that Defense Secretary Pete Hegseth accidentally shared classified war plans in a Signal chat before a U.S. military strike in Yemen. Signal says that the issue was phishing scams, not flaws in its own encryption. CIA and National Intelligence officials testified before Congress, denying that classified details were shared in the chat, though the NSA advises against using Signal for sensitive but unclassified information.
(CBS News)
New ReaderUpdate malware variants target macOS users
SentinelOne researchers warn that ReaderUpdate malware, which has been active since 2020, has new macOS variants written in Crystal, Nim, Rust, and Go. Initially delivering adware, it now acts as a malware loader spread through trojanized apps like DragonDrop. The newly analyzed Go variant collects system data and executes remote commands, potentially facilitating Pay-Per-Install (PPI) or Malware-as-a-Service (MaaS). The malware obfuscates its code to evade detection, and compromised hosts remain vulnerable to further malicious payloads.
Huge thanks to our sponsor, ThreatLocker
Oracle customers confirm data stolen in alleged cloud breach is valid
Despite Oracle’s denial of a security breach, multiple companies have confirmed the authenticity of leaked user data allegedly stolen from Oracle Cloud. A hacker named rose87168 claims to have compromised 6 million users’ authentication data, including encrypted SSO and LDAP passwords, which they are selling online. Evidence suggests the hacker had access to Oracle’s servers, possibly exploiting a known vulnerability. Affected companies have verified that leaked data matches their records.
Event access ID verification app exposes biometrics, PII
A vulnerability in the FacePass event access ID verification app exposed 1.6 million biometric and personal data records, including selfies, national IDs, phone numbers, and system credentials. The breach mostly affects users in Brazil, and could allow identity theft, financial fraud, and phishing attacks. Researchers discovered the data stored in an unsecured AWS S3 bucket, with credentials that could allow further system compromise. The flaw was reported on January 30 and said to be fixed by February 19.
OpenAI Offering $100K Bounties for Critical Vulnerabilities
OpenAI increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical security flaws in its infrastructure and products. OpenAI is also expanding its Cybersecurity Grant Program, offering microgrants and API credits to researchers working on software patching, model privacy, and threat detection. The company is also partnering with security firms to conduct simulated attacks to identify vulnerabilities before they’re exploited.
StreamElements discloses third-party data breach after hacker leaks data
StreamElements confirmed a data breach at a third-party provider after an attacker leaked customer data online. While StreamElements’ servers were not affected, older user data from 2020-2024, including names, addresses, phone numbers, and emails, was exposed. The attacker claims they accessed the platform’s order management system from an employee’s compromised account. StreamElements is investigating, but hasn’t sent official breach notifications. Users are advised to watch for phishing attempts, as scammers are already exploiting the incident.
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
Chinese hacking group FamousSparrow has launched cyberattacks on a U.S. trade group and a Mexican research institute, deploying its SparrowDoor backdoor and the widely used ShadowPad malware. The attacks exploited outdated Windows Server and Microsoft Exchange versions, using web shells to infiltrate systems. New variants of SparrowDoor feature improved command execution and a modular design, enabling keystroke logging, file transfers, process monitoring, and remote control. Security firm ESET warns that FamousSparrow continues to evolve its tactics, signaling ongoing cyber threats.