# Top Stories

Krebs reports on 'Starkiller,' a sophisticated phishing-as-a-service that proxies real login pages and forwards victims' usernames, passwords, and multi-factor authentication tokens to attackers. This live-relay approach bypasses traditional phishing detection methods that look for static copies of login pages, representing a significant evolution in phishing tactics that directly defeats MFA protections.

CISA warns that CVE-2026-1731, a critical 9.9 CVSS vulnerability in BeyondTrust Remote Support and Privileged Remote Access products, is now being actively exploited in ransomware attacks. The flaw allows attackers to execute operating system commands, posing significant risk to organizations using these privileged access management tools.

Threat actors are exploiting CVE-2026-1731 in BeyondTrust products to deploy VShell web shells, backdoors, and conduct data exfiltration. The critical vulnerability with a 9.9 CVSS score allows OS command execution, demonstrating how privileged access management tools have become high-value targets for attackers seeking persistent enterprise access.

The French Ministry of Finance disclosed a cybersecurity incident affecting 1.2 million bank accounts in the national bank account registry FICOBA. The breach represents a significant compromise of financial infrastructure data, potentially exposing sensitive banking information of French citizens.

PayPal disclosed a data breach caused by a software error in loan applications that exposed customers' Social Security numbers and other sensitive personal information for nearly 6 months in 2025. The extended exposure window highlights the risks of undetected software vulnerabilities in financial services platforms.

The Cline CLI AI coding assistant suffered a supply chain attack when version 2.3.0 was published on February 17, 2026 using a compromised npm token, secretly installing the OpenClaw autonomous AI agent. The malicious package was downloaded over 4,000 times before removal, highlighting supply chain risks in AI development tools.

The University of Mississippi Medical Center (UMMC) closed all clinic locations statewide following a ransomware attack, disrupting healthcare services across Mississippi. The incident demonstrates the continued targeting of healthcare infrastructure by ransomware operators, forcing operational shutdowns that directly impact patient care.

The FBI reports that ATM 'jackpotting' attacks using the Ploutus malware resulted in over $20 million in losses during 2025, with 700 incidents out of 1,900 total attacks since 2020. These attacks force ATMs to dispense cash through malware installation, representing a significant physical threat to financial infrastructure.

ESET discovered PromptSpy, the first known Android malware to use Google's Gemini AI model during runtime for persistence mechanisms. The malware analyzes on-screen elements using generative AI to adapt its behavior across different devices, marking a new evolution in mobile malware that leverages AI for operational capabilities.

Ukrainian national Oleksandr Didenko was sentenced to 5 years in prison for facilitating a North Korean IT worker scheme that infiltrated 40 American companies. Didenko provided stolen identities and ran laptop farms to help North Korean operatives gain remote employment, generating revenue for the sanctioned regime while accessing sensitive corporate systems.