# Archive
Browse past daily curated stories
Saturday, February 21, 2026
-
1SecurityWeek generalFBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
FBI reports 700 ATM jackpotting incidents in 2025 resulted in $20 million in losses, with 1,900 total incidents since 2020 using the decade-old Ploutus malware. Attackers physically compromise ATMs to force cash dispensing, representing a significant physical security threat to financial institutions.
-
2SecurityWeek generalBeyondTrust Vulnerability Exploited in Ransomware Attacks
CISA updated its Known Exploited Vulnerabilities catalog to warn that CVE-2026-1731 in BeyondTrust is being exploited in active ransomware attacks. This represents an escalation from initial vulnerability disclosure to confirmed weaponization by ransomware operators.
-
3The Record threat-intelRomanian hacker faces up to 7 years for breaching Oregon emergency management department
Romanian hacker Catalin Dragomir pleaded guilty to breaching Oregon's emergency management department and faces up to 7 years in prison for obtaining information from a protected computer and aggravated identity theft. The case demonstrates continued targeting of critical government infrastructure.
-
4The Hacker News generalUkrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case
Ukrainian national Oleksandr Didenko received 5 years in prison for providing North Korean IT workers with stolen US citizen identities to infiltrate American companies. Didenko pleaded guilty in November 2025 to wire fraud conspiracy and aggravated identity theft in this sophisticated state-sponsored scheme.
-
5The Hacker News generalFormer Google Engineers Indicted Over Trade Secret Transfers to Iran
Three individuals including former Google engineers Samaneh Ghandali and Soroor Ghandali were indicted for allegedly stealing trade secrets from Google and other tech firms and transferring them to unauthorized locations including Iran. The case involves husband Mohammadjavad Khosravi in what appears to be state-sponsored intellectual property theft.
-
6The Hacker News generalPromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
ESET discovered PromptSpy, the first Android malware to abuse Google's Gemini AI during execution to maintain persistence after device reboots. The malware captures lockscreen data, blocks uninstallation, and takes screenshots while leveraging generative AI to analyze on-screen elements and ensure survival.
-
7BleepingComputer generalJapanese tech giant Advantest hit by ransomware attack
Japanese semiconductor testing giant Advantest Corporation disclosed a ransomware attack on its corporate network that may have compromised customer and employee data. The incident affects a critical supplier in the global chip manufacturing supply chain.
-
8Dark Reading generalAttackers Use New Tool to Scan for React2Shell Exposure
Threat actors are using a sophisticated toolkit to scan for React2Shell exposure and target high-value networks for exploitation. Researchers describe the unfortunately named tool as demonstrating high operational sophistication in its targeting approach.
-
9CISA Alerts vulnerabilityCISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA added two RoundCube Webmail vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-49113 (deserialization flaw) and CVE-2025-68461 (cross-site scripting). Federal agencies must patch these actively exploited vulnerabilities under Binding Operational Directive 22-01.
-
10The Hacker News generalGrandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Critical vulnerability CVE-2026-2329 (CVSS 9.3) in Grandstream GXP1600 VoIP phones allows unauthenticated remote code execution via stack-based buffer overflow. The flaw enables attackers to seize complete control of affected business phone systems without authentication.