Originally reported by BleepingComputer, Checkpoint Research, Malwarebytes Labs
TL;DR
CISA flags actively exploited RoundCube flaws, researchers analyze AI-generated Arkanix Stealer, and France discloses 1.2M account breach in national banking registry.
CISA added actively exploited RoundCube vulnerabilities to the KEV catalog, indicating confirmed exploitation in the wild requiring immediate federal agency response.
CISA added two RoundCube Webmail vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in attacks targeting the open-source webmail platform. Federal agencies must patch these flaws within three weeks under Binding Operational Directive 22-01.
The vulnerabilities affect RoundCube's authentication and session management mechanisms, providing attackers with pathways to compromise webmail accounts. Organizations running RoundCube deployments should prioritize these patches given the confirmed active exploitation.
Security researchers analyzed Arkanix Stealer, an information-stealing malware that surfaced on dark web forums in late 2025 before quickly disappearing. The operation appears to have been developed as an AI-assisted experiment, representing an early example of machine learning techniques applied to malware development.
The stealer targeted standard information theft objectives including credentials, cryptocurrency wallets, and browser data. Despite its AI-enhanced development approach, the malware's brief operational window suggests experimental rather than commercial deployment.
France's Ministry of Economy disclosed unauthorized access to FICOBA, the national bank account registry, exposing information linked to 1.2 million accounts. The breach compromised names and associated banking data stored in the centralized registry system.
According to Check Point Research's weekly threat intelligence bulletin, the incident represents a significant compromise of financial infrastructure data. French authorities have not yet disclosed the attack vector or timeline for the unauthorized access.
Both Malwarebytes Labs and Check Point Research published their weekly security summaries covering February 16-22. The reports aggregate threat intelligence findings, breach disclosures, and vulnerability research from the cybersecurity community.
Additionally, Malwarebytes released a podcast episode examining TikTok's new American ownership structure and associated content moderation policies, discussing implications for platform security and user privacy.
Originally reported by BleepingComputer, Checkpoint Research, Malwarebytes Labs