news
Security Leftovers
-
SANS ☛ Japanese-Language Phishing Emails, (Sat, Feb 21st)
-
Tom's Hardware ☛ $20 million lost in 'jackpotting' ATM malware attacks in 2025, FBI reports — scheme forces machines to spit out cash, targets banks and ATM operators
The FBI released a public warning, saying that ATM "jackpotting" incidents have exponentially increased in 2025.
-
Security Week ☛ FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
The FBI has confirmed that the Ploutus malware, which has been around for over a decade, is still being used in the wild.
-
LWN ☛ Security updates for Friday
Security updates have been issued by AlmaLinux (grafana), Debian (gegl, inetutils, libvpx, nova, and python-django), Fedora (azure-cli, chromium, microcode_ctl, python-azure-core, python3.14, and roundcubemail), Red Hat (grafana and osbuild-composer), SUSE (apptainer, dnsdist, istioctl, libsoup, openCryptoki, python-nltk, python311, python313, rclone, and thunderbird), and Ubuntu (libvpx, linux-azure, linux-azure-5.4, linux-azure-fips, and linux-intel-iotg).
-
Cyble Inc ☛ Android Malware Weaponizes Gemini AI To Evade Detection
The malware primarily targets users in Argentina through financial fraud campaigns. ESET shared findings with Google, and Android users with Google Play Services are automatically protected through Play Protect, which blocks known versions. However, PromptSpy never appeared on Google Play, instead distributing through dedicated phishing websites impersonating Chase Bank.
-
Security Week ☛ PromptSpy Android Malware Abuses Gemini Hey Hi (AI) at Runtime for Persistence
The malware leverages Gemini to analyze on-screen elements and ensure that it remains on the device even after a reboot.
-
Trail of Bits ☛ Using threat modeling and prompt injection to audit Comet
Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how four prompt injection techniques could extract users’ private information from Gmail by exploiting the browser’s Hey Hi (AI) assistant. The vulnerabilities we found reflect how Hey Hi (AI) agents behave when external content isn’t treated as untrusted input. We’ve distilled our findings into five recommendations that any team building AI-powered products should consider before deployment.
-
Federal News Network ☛ The White House scrapped SBOMs in favor of agency-managed cyber risk. Flexibility, meet accountability.
"This gives flexibility to adopt software that brings innovation, but may not be able to afford to provide SBOM attestation," Jean‑Paul Bergeaux said.
-
Security Week ☛ In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI
Other noteworthy stories that might have slipped under the radar: Axonius lays off employees, Abu Dhabi conference data leak, HackerOne addresses Hey Hi (AI) concerns.
-
Security Week ☛ Chip Testing Giant Advantest Hit by Ransomware
The company is investigating whether any customer or employee data was stolen by hackers.
-
Federal News Network ☛ NIST agentic Hey Hi (AI) initiative looks to get handle on security
Before Hey Hi (AI) agents run amok, a new NIST project is seeking feedback on the secure use of the fast evolving technology.
-
Security Week ☛ BeyondTrust Vulnerability Exploited in Ransomware Attacks
CISA has updated its KEV entry for CVE-2026-1731 to alert organizations of exploitation in ransomware attacks.