Welcome to BSafes Library
BSafes library includes mobile-friendly cybersecurity publications.
News
March 5, 2026 – Breach
San Francisco Children’s Council warns 12,000+ people of data breach that leaked SSNs Full Text
Abstract
The Children's Council of San Francisco has notified 12,655 individuals of a data breach that compromised names and Social Security numbers. The breach, claimed by the ransomware group SafePay, occurred on August 3, 2025.CompariTech
March 5, 2026 – Phishing
LastPass warns of spoofed alerts aimed at stealing master passwords Full Text
Abstract
LastPass users are being targeted by a sophisticated phishing campaign that uses spoofed security alerts to steal master passwords. The campaign involves fake email threads and display name spoofing to deceive users into revealing their credentials.Security Affairs
March 5, 2026 – Malware
Multi-Stage “BadPaw” Malware Campaign Targets Ukraine Full Text
Abstract
The "BadPaw" malware campaign targets Ukraine, leveraging a Ukrainian email service to enhance credibility. The attack involves a decoy document referencing a Ukrainian government border crossing appeal.Infosecurity Magazine
March 5, 2026 – Breach
Hacker mass-mails HungerRush extortion emails to restaurant patrons Full Text
Abstract
A threat actor has launched an extortion campaign targeting patrons of restaurants using the HungerRush POS platform. The attacker claims to have access to sensitive customer data and demands a response from HungerRush to prevent data exposure.Bleeping Computer
March 5, 2026 – Malware
Malware-laced OpenClaw installers get Bing AI search boost Full Text
Abstract
Security researchers from Huntress, Jai Minton, and Ryan Dowd, identified malicious GitHub repositories exploiting Bing AI search results to distribute information stealers and GhostSocks malware.The Register
March 4, 2026 – Breach
LexisNexis confirms data breach as hackers leak stolen files Full Text
Abstract
LexisNexis Legal & Professional confirmed a data breach where hackers accessed its AWS infrastructure via the React2Shell vulnerability. The breach resulted in the exposure of legacy data, including information related to U.S. government employees.Bleeping Computer
March 4, 2026 – Phishing
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations Full Text
Abstract
A sophisticated campaign has been identified where threat actors impersonate IT support to deploy the Havoc C2 framework, leading to potential data exfiltration or ransomware attacks.The Hacker News
March 4, 2026 – Government
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added two vulnerabilities, CVE-2026-21385 and CVE-2026-22719, to its Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities are actively exploited and pose significant risks to federal enterprises.CISA
March 4, 2026 – Government
CISA flags VMware Aria Operations RCE flaw as exploited in attacks Full Text
Abstract
A critical command injection vulnerability, CVE-2026-22719, in VMware Aria Operations has been exploited in the wild. This flaw allows unauthenticated attackers to execute arbitrary commands, potentially leading to remote code execution.Bleeping Computer
March 4, 2026 – Attack
Paint maker giant AkzoNobel confirms cyberattack on U.S. site Full Text
Abstract
AkzoNobel, a leading paint and coatings company, has confirmed a cyberattack on one of its U.S. sites by the Anubis ransomware gang. The intrusion has been contained, and the impact is limited.Bleeping Computer
March 3, 2026 – Malware
BYOVD Turns Trusted Drivers Against Windows Security Full Text
Abstract
Attackers can manipulate process objects and hide malicious activity, rendering the endpoint defenseless despite the presence of security software. This allows for encryption, credential theft, and lateral movement without interference.ESecurity Planet
March 3, 2026 – Phishing
A fake FileZilla site hosts a malicious download Full Text
Abstract
A trojanized version of the open-source FTP client FileZilla 3.69.5 has been discovered, circulating online with a malicious `version.dll`. This attack is part of a growing trend where trusted software is used to distribute malware.Malware Bytes
March 3, 2026 – Breach
Cybercriminals say they hacked Southold, NY local government, stole data Full Text
Abstract
A ransomware attack by the Rhysida group targeted the local government of Southold, NY, disrupting critical systems and demanding a ransom of 10 bitcoin. The attack was announced on November 24, 2025, with recovery efforts ongoing as of mid-January.CompariTech
March 3, 2026 – Breach
University of Hawaiʻi Cancer Center confirms data leak following ransomware attack Full Text
Abstract
The University of Hawaii Cancer Center experienced a ransomware attack, leading to a data breach affecting up to 1.2 million individuals. The breach involved data from the Multiethnic Cohort Study and three other epidemiological studies.The Record
March 3, 2026 – Vulnerabilities
Google addresses actively exploited Qualcomm zero-day in fresh batch of 129 Android vulnerabilities Full Text
Abstract
Google has released a security update addressing 129 vulnerabilities in Android devices, including an actively exploited zero-day vulnerability, CVE-2026-21385, affecting Qualcomm components.Cyber Scoop
February 26, 2026 – General
Darktrace Flags 32 Million Phishing Emails in 2025 as Identity Attacks Full Text
Abstract
The data was collected by Darktrace from incidents across its global customer base and points to a year defined by automation, convergence and accelerating attacker speed.Infosecurity Magazine
February 26, 2026 – APT
APT37 Adds New Tools For Air-Gapped Networks Full Text
Abstract
ThreatLabz details the Ruby Jumper campaign in the following sections, focusing on the specific malware employed, the deployment methods, and how the final payload is delivered to achieve the ultimate objective.ZScalar
February 24, 2026 – Attack
Japanese chip-testing toolmaker Advantest suffers ransomware attack Full Text
Abstract
Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026.Help Net Security
February 24, 2026 – APT
APT28 Targeted European Entities Using Webhook-Based Macro Malware Full Text
Abstract
APT28, a Russia-linked state-sponsored threat actor, has been attributed to a campaign targeting selected entities across Western and Central Europe, active from September 2025 through January 2026, according to S2 Grupo’s LAB52 team.The Hacker News
February 24, 2026 – Malware
Malicious OpenClaw Skills Used to Distribute Atomic MacOS Stealer Full Text
Abstract
Atomic (AMOS) Stealer has evolved from being distributed via cracked software to a more sophisticated supply chain attack that manipulates AI agentic workflows on platforms like OpenClaw.Trend Micro
February 23, 2026 – Hacker
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP Full Text
Abstract
The Iranian hacking group known as MuddyWater has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.The Hacker News
February 20, 2026 – Vulnerabilities
Critical Vulnerability in Welker OdorEyes EcoSystem Pulse Bypass System Full Text
Abstract
A critical vulnerability has been identified in the Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller. This vulnerability, which lacks authentication for a critical function, could lead to over- or under-odorization events.CISA
February 20, 2026 – Attack
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia Full Text
Abstract
A fraud campaign exploiting Indonesia's Coretax tax platform has resulted in financial losses of $1.5m to $2m. The operation identified 228 new malware samples and 996 phishing URLs, targeting a potential pool of 67 million Indonesian taxpayers.Infosecurity Magazine
February 20, 2026 – Malware
Remcos RAT Expands Real-Time Surveillance Capabilities Full Text
Abstract
The Remcos RAT has evolved with new real-time surveillance capabilities and stronger evasion techniques. Originally a legitimate remote management tool, Remcos has been repurposed as a Remote Access Trojan.Infosecurity Magiazine
February 20, 2026 – Vulnerabilities
Critical Vulnerabilities in Jinan USR IOT Technology Limited (PUSR) USR-W610 Full Text
Abstract
Multiple critical vulnerabilities have been identified in the Jinan USR IOT Technology Limited (PUSR) USR-W610 device, potentially allowing unauthorized access and denial-of-service attacks.CISA
February 20, 2026 – Vulnerabilities
better-auth Flaw Allows Unauthenticated API Key Creation Full Text
Abstract
A critical vulnerability in the better-auth library allows unauthenticated attackers to create API keys for arbitrary users, posing a significant risk of account takeover and MFA bypass.ESecurity Planet
February 20, 2026 – Malware
Crims hit a $20M jackpot via malware-stuffed ATMs Full Text
Abstract
ATM jackpotting is a significant threat, with over $20 million stolen using malware-assisted techniques. The Ploutus malware exploits the XFS API, allowing attackers to dispense cash without bank authorization.The Register
February 20, 2026 – General
Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found Full Text
Abstract
Volt Typhoon continues to target strategically important sites, maintaining long-term access to operational technology networks. This access could enable destructive cyberattacks aimed at slowing U.S. military mobilization.The Record
February 19, 2026 – Government
Known Exploited Vulnerabilities Catalog Full Text
Abstract
The vulnerability in TeamT5 ThreatSonar Anti-Ransomware allows remote attackers with administrator privileges to upload malicious files, potentially leading to arbitrary command execution on the server.CISA
February 19, 2026 – General
China-linked crew embedded in US energy networks Full Text
Abstract
The cybersecurity landscape is increasingly threatened by state-sponsored groups, particularly from China and Russia, targeting critical infrastructure in the US. Notably, the Volt Typhoon group has been embedding malware in US energy networks.The Register
February 18, 2026 – Phishing
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails Full Text
Abstract
Hackers are exploiting fake Social Security Administration (SSA) emails to hijack PCs by abusing the ScreenConnect tool. This attack does not rely on new viruses but rather on hijacking existing tools and weakening system defenses.Hack Read
February 18, 2026 – Botnet
Keenadu the tablet conqueror and the links between major Android botnets Full Text
Abstract
Keenadu is a sophisticated backdoor targeting Android devices by embedding itself into the firmware. It mirrors the behavior of the Triada backdoor, allowing attackers to control devices remotely and exfiltrate data.February 18, 2026 – Attack
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer Full Text
Abstract
The SmartLoader campaign involves a sophisticated attack using a trojanized Oura MCP server to deploy the StealC infostealer. Threat actors have invested months in building credibility by creating fake GitHub accounts and repositories.The Hacker News
February 18, 2026 – Hacker
Hackers target supporters of Iran protests in new espionage campaign Full Text
Abstract
A cyberespionage campaign targets supporters of Iran's anti-government protests, focusing on Farsi-speaking Iranians, activists, and journalists. The campaign exploits the ongoing internet blackout in Iran and is linked to Iranian-aligned hackers.The Record