Latest Internet & Cybersecurity News
ManoMano Data Breach Exposes 38 Million Customers
ManoMano disclosed a significant data breach from an external service provider compromise detected in early 2026, exposing personal information of approximately 38 million customers. The incident highlights ongoing risks to e-commerce platforms from third-party vulnerabilities.
No specific threat actor has claimed responsibility yet.
ShinyHunters Claim Odido Telecom Data Breach
ShinyHunters announced on BreachForums on February 27, 2026, that they compromised Odido's databases, exposing customer records, internal documents, and plaintext passwords after warning the company on February 24. The breach raises risks of identity theft and financial fraud for Dutch telecom users.
Odido has not confirmed the full scope publicly.
Custodial Institutions Agency Staff Data Exposed
A major data breach compromised personal details of employees at the Netherlands' Custodial Institutions Agency (DJI), confirmed by a spokesperson on February 27, 2026. The exposure affects prison staff data, potentially for five months prior.
Investigations into the breach's scope and impact are ongoing.
Maris Sues SonicWall Over Ransomware Attack
Marqueis Software Solutions is suing SonicWall for negligence after a ransomware attack via a cloud backup security gap impacted 74 U.S. banks. The suit claims state-sponsored hackers stole sensitive data.
This follows SonicWall vulnerabilities exploited in prior incidents.
Google Disrupts Chinese UNC2814 Cyber Espionage
Google collaborated with partners to dismantle UNC2814's infrastructure, a China-linked group that breached 53 organizations globally using cloud services since late 2025. The operation targeted freight and transportation platforms, compromising over 1,600 accounts.
This counters ongoing Chinese espionage efforts.
China's Salt Typhoon and Volt Typhoon Target U.S. Infrastructure
FBI warns Salt Typhoon remains active against U.S. telecoms, while Volt Typhoon persists in critical sectors like energy and transportation. These campaigns aim at sabotage and intelligence, exploiting U.S. cybersecurity gaps.
Geopolitical tensions drive the threats.
Lazarus Group Targets Crypto Developers and Healthcare
North Korea's Lazarus Group campaigns hit software developers at crypto exchanges and now healthcare with Medusa ransomware. They leverage trusted access for transaction manipulation.
DPRK blends financial and strategic ops.
UFP Technologies Hit by Cyberattack Disrupting Operations
U.S. medical device maker UFP Technologies suffered a cyberattack around February 14, 2026, disrupting billing and exposing company data. Systems were isolated with external help; operations continued via backups.
Possible ransomware or wiper malware suspected.
Darktrace Report: Rise in AI-Enabled Credential Abuse
Darktrace's 2026 Threat Report notes a shift to faster credential theft over exploits, with 20% more vulnerabilities and AI-phishing evading DMARC. CNI faces state and criminal threats amid geopolitics.
Behavioral AI urged for detection.
New Infosec Products Launched in February 2026
Key releases include SocureGov for government ID verification, Avast Deepfake Guard for scam detection, Portnox passwordless ZTNA, and Aikido Infinite AI pentesting. Others like Veza AI Access Agents and Virtana MCP Server enhance enterprise security.
These address AI risks and zero-trust needs.
CISA Warns of Undetected Resurge Malware on Ivanti
CISA alerted on Resurge malware variant lingering on Ivanti Connect Secure devices post-CVE-2025-0282 exploits. It includes log-tampering Spawnsloth and BusyBox for payloads.
Originally noted in March 2025 attacks.
Ransomware Payments Drop but Attacks Surge in 2025
Chainalysis reports ransomware payments cratered in 2025 despite rising attacks. Related: Dutch telco Odido faces second ShinyHunters leak; ex-L3Harris exec jailed for Russia exploits.
NK's Lazarus hits healthcare.