A 27‑year‑old Ukrainian citizen, Yurii Nazarenko — known online as John Wick, Tor Ford, and Uriel Septimberus — has pleaded guilty in the United States to operating OnlyFake, an AI‑powered platform that produced highly realistic fake identity documents. According to prosecutors, the service helped customers worldwide circumvent KYC (Know Your Customer) checks across banks, fintechs, … Read more

President Donald Trump has ordered all U.S. federal agencies to fully phase out Anthropic’s AI technologies within six months, following a sharp conflict between the company and the Department of Defense (DoD). The dispute centers on how Anthropic’s Claude models may be used in military and intelligence contexts, and it is rapidly turning into a … Read more

Security researchers at Oasis Security have disclosed a critical vulnerability in the fast-growing self-hosted AI assistant OpenClaw. The flaw, dubbed ClawJacked, allowed a malicious website to silently connect to a user’s local OpenClaw instance, brute-force the administrator password, and seize full control. The issue is fixed in version 2026.2.26, released on 26 February, and users … Read more

Veracode’s latest State of Software Security report, based on analysis of more than 1.6 million applications, highlights a critical trend: software vulnerabilities are accumulating faster than organizations can remediate them. In an era of accelerated development and widespread use of AI tools, achieving robust application security is becoming increasingly difficult. Security Debt: When Known Vulnerabilities … Read more

Security researchers at Check Point have identified three serious vulnerabilities in Anthropic’s Claude Code AI developer assistant. These flaws allowed attackers to execute arbitrary code on a developer’s machine and silently steal API keys simply by getting the victim to open a malicious repository in Claude Code—no manual script execution required. AI assistant configuration as … Read more

Non-profit Fulu Foundation has announced a monetary reward for security researchers and engineers who can make Amazon Ring cameras operate fully autonomously, streaming video to a local server instead of Amazon’s cloud. The initiative pushes Ring camera privacy and smart home security back into the spotlight, raising questions about data ownership, surveillance risks and the … Read more

A large-scale cyber espionage operation attributed to the China-linked group UNC2814 has been disrupted by Google’s Threat Intelligence team, Mandiant, and partner organizations. The campaign stood out for its abuse of the Google Sheets API as a full-fledged command-and-control (C2) channel, allowing malicious traffic to blend seamlessly with legitimate cloud service requests. UNC2814 cyber espionage … Read more

PayPal has notified a subset of its customers about a data breach in the PayPal Working Capital (PPWC) business lending application, caused not by a classic cyberattack but by a software defect. A faulty code change left sensitive information accessible to unauthorized parties for almost six months, highlighting how dangerous logical errors can be in … Read more

A newly discovered Android banking trojan dubbed Massiv is being used in targeted attacks against mobile banking and government service users. Identified by ThreatFabric researchers, the malware impersonates popular IPTV applications and gives attackers near-complete control over compromised devices, enabling large-scale financial fraud and identity abuse. Smishing and fake IPTV apps: how Massiv infects Android … Read more

Zyxel has released urgent firmware updates to fix a critical remote command execution vulnerability in multiple product lines, including routers, fiber ONTs, and wireless repeaters. The flaw allows remote attackers to run arbitrary system commands without any authentication, creating a high‑impact risk for both home users and small businesses relying on these devices as their … Read more