Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs
TL;DR
Underground Telegram channels rapidly weaponize SmarterMail exploits while Chinese APT groups exploit Dell zero-day. Microsoft AI tools leak confidential data as fintech breaches expose millions.
Chinese state-backed actors exploiting a Dell zero-day since mid-2024, combined with rapid weaponization of SmarterMail flaws through underground channels, represents critical enterprise exposure with confirmed active exploitation.
Flare researchers documented the rapid weaponization of recently disclosed SmarterMail vulnerabilities through underground Telegram channels. Threat actors shared proof-of-concept exploits and stolen administrator credentials for CVE-2026-24423 and CVE-2026-23760 within days of public disclosure, with activity directly linked to ransomware operations. The research highlights how monitoring criminal communities provides early warning of exploit adoption patterns.
A suspected Chinese state-backed group has been quietly exploiting a critical Dell security flaw in zero-day attacks dating back to mid-2024. The prolonged exploitation timeline suggests sophisticated persistent access across Dell infrastructure, though specific CVE details and affected products remain undisclosed. The campaign demonstrates advanced persistent threat actors' preference for maintaining long-term access through zero-day exploitation.
Microsoft disclosed that Copilot has been summarizing confidential emails since late January due to a bug that bypasses data loss prevention policies. The flaw undermines organizational data protection controls designed to prevent AI systems from accessing sensitive information. Meanwhile, Exchange Online's anti-phishing rules mistakenly quarantined legitimate emails and Teams messages due to faulty heuristic detection algorithms.
Security researchers identified high to critical severity vulnerabilities in popular Visual Studio Code extensions with a combined download count exceeding 128 million. The flaws could enable attackers to steal local files and execute remote code on developer workstations. The findings underscore supply chain risks in the developer tooling ecosystem, where extensions often operate with extensive system permissions.
Figure Technology Solutions disclosed a breach affecting nearly one million user accounts, exposing personal and contact information. Separately, analysis suggests the Betterment data breach may be more severe than initially reported, with leaked data containing detailed personal and financial information suitable for sophisticated phishing campaigns. Both incidents highlight persistent vulnerabilities in financial technology infrastructure.
Notepad++ implemented a "double-lock" update mechanism to address security gaps that previously enabled supply chain compromises. The enhanced verification process aims to prevent malicious update injection, following industry best practices for secure software distribution. The changes reflect broader industry recognition of update mechanisms as critical attack vectors.
Dutch police arrested a 40-year-old man on hacking charges after accidentally sending him access credentials to their own confidential documents. The incident raises questions about proper incident classification and digital evidence handling procedures. Meanwhile, a Glendale resident received a five-year federal sentence for operating a darknet drug marketplace, and Spanish courts ordered NordVPN and ProtonVPN to block 16 piracy websites.
Threat actors deployed fake Google Forms pages on lookalike domains to harvest Google credentials from job seekers. A separate campaign uses a fraudulent AI chatbot impersonating Google's Gemini to promote fake "Google Coin" cryptocurrency investments promising unrealistic returns. Both schemes exploit user trust in legitimate Google services for credential theft and financial fraud.
Malwarebytes identified potential data leakage issues with Chrome's preloading feature, which may trigger false positives in Browser Guard protection systems. The findings highlight ongoing tension between browser performance optimization and privacy protection mechanisms.
Cisco Talos researchers demonstrated efficient vulnerability discovery in IoT devices through targeted emulation techniques. Using single-thread emulation of the Socomec DIRIS M-70 gateway's Modbus implementation, researchers identified six vulnerabilities that have since been patched, showcasing practical approaches to IoT security testing.
Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs