In today’s cybersecurity news…
FBI investigates suspicious activities on agency network
The investigation focuses on a cybersecurity breach suffered by the Digital Collection System Network, which is “connected to the agency’s wiretaps, pen register surveillance tools and other intelligence collection systems used in criminal and national security investigations.” The incident occurred on February 17 incident and was discovered after irregular network behavior was witnessed. A letter to Congress from the FBI “allegedly claimed the threat actors gained entry through an internet service provider that served as a vendor to the agency.”
Over 100 GitHub repositories distributing BoryptGrab stealer
This malware can “harvest browser and cryptocurrency wallet data, along with system information and user files,” and can assist in command-and-control (C&C) communication. Researchers at Trend Micro Have now revealed the existence of “multiple ZIP archives masquerading as free software tools that have been distributed since late 2025 through the GitHub repositories.” The researchers stated that the BoryptGrab campaign “illustrates an evolving threat ecosystem targeting users through deceptive software downloads and fake GitHub repositories…showing an increasing level of engineering sophistication.”
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
The .arpa domain is “a special top-level domain reserved for internet infrastructure rather than normal websites. It is used for reverse DNS lookups, which allow systems to map an IP address back to a hostname.” Researchers at Infoblox described a campaign that uses the ip6.arpa reverse DNS TLD, to essentially point to faked IPv6 addresses owned by the threat actors, who can “abuse the reverse DNS zone for the IP range by configuring additional DNS records for phishing sites.” A link to a more detailed description of this technique is available in the show notes to this episode.
EU court adviser suggests banks compensate phishing victims
The Advocate General of the Court of Justice of the EU, Athanasios Rantos, has made a formal suggestion that banks immediately refund account holders affected by unauthorized transactions, even when the customer has fallen for a phishing scam. This dialogue based on a specific lawsuit issued in Poland against a bank, in which a customer had been led to a spoofed auction site and had money stolen. The bank initially refused, but Rantos stated that under the EU directives, banks can only do this if they “have reasonable grounds to suspect customer fraud.” This can be reversed, however, if the bank can prove negligence on the part of the customer. To be clear is not a CJEU ruling, but “rather an indication of the direction the court may take when the matter reaches that stage.”
Huge thanks to our sponsor, Dropzone AI
Dropzone AI puts AI SOC agents on every one of those alerts. Every alert investigated, end to end, across your full tool stack, around the clock. Over 300 deployments in production today.
They are at RSAC this year. Booth 455. dropzone.ai/rsa-2026-ai-diner
New Jersey county suffers malware attack
Passaic County, one of the largest counties in New Jersey suffered a cyberattack that disrupted phone lines and IT systems used across government offices. Officials in Passaic recognized that this is just one of several attacks on local governments in New Jersey, noting recent attacks in Somerset County, Camden County, Bergen County, the township of Montclair and the city of Hoboken.
North Korea scaling up fake worker schemes with generative AI
A warning from Microsoft Threat Intelligence states that North Korean threat groups are using AI tools to “accelerate and expand the country’s long-running scheme to get remote technical workers hired at global companies for longer durations.” A report released Friday calls AI a “force multiplier” in this pursuit by shortening the time it takes to create digital personas for specific job markets and roles, including impersonations and real-time voice modulation.
Claude finds 22 Firefox vulnerabilities
As part of its security partnership with Mozilla, Anthropic said on Friday that it discovered these new security vulnerabilities in the Firefox web browser, with 14 classified as high. The vulnerabilities were discovered using the Claude Opus 4.6 large language model (LLM) and have been addressed in Firefox 148, released late last month. Anthropic said “the LLM detected a use-after-free bug in the browser’s JavaScript after just 20 minutes of exploration, which was then validated by a human researcher in a virtualized environment to rule out the possibility of a false positive.”
Transport for London slightly increases the number of people affected by the 2024 breach
Following up on a story we covered in September 2024, Transport for London, the local government body responsible for managing much of London’s transport system, now says that the September 2024 data breach exposed the data of more than 7 million people, somewhat more than the 5,000 initially suggested. Two teens affiliated with the Scattered Spider group were charged with committing the crime. The discrepancy in these numbers was not an error but reflected Transport for London placing priority on 5,000 customers whose digital passcards, known as the Oyster card, may have been breached, potentially leading to banking information.