Cyber Security – Page 34 – Simply Secure Group

PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months

PayPal Data Breach PayPal has issued a formal data breach notification disclosing that a coding error in its PayPal Working Capital (PPWC) loan application exposed the personally identifiable information (PII) of an undisclosed number of customers for approximately six months, from July 1, 2025, to December 13, 2025. The company detected the unauthorized exposure on […]

Grandstream VoIP Phones Vulnerability Allows Attackers to Gain Root Privileges

VoIP desk phones are trusted devices, but many are managed like office furniture. A newly disclosed flaw in Grandstream phones shows how a simple network-facing bug can turn a handset into an entry point for eavesdropping and wider access. In a typical attack, the goal is not to break the phone or stop calls. The […]

CharlieKirk Grabber Stealer Attacking Windows Systems to Exfiltrate Login Credentials

A new Python-based infostealer called CharlieKirk Grabber has been identified targeting Windows systems, with a focused goal of stealing stored login credentials, browser cookies, and session data. The malware is built to work as a “smash-and-grab” threat — it launches quickly, collects whatever sensitive data it can find, and disappears before the user notices anything […]

Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence

Hackers Using OAuth Apps in Microsoft Entra ID Hackers are increasingly abusing OAuth applications in Microsoft Entra ID to gain persistent access, blending in as normal “business integrations” while keeping access even after defenders reset passwords. Recent Wiz research and incident reporting show attackers using fake OAuth apps, deceptive consent prompts, and redirect URLs to steal tokens […]

Adidas Investigates Alleged Data Breach 815,000 Records of Customer Data Stolen

Adidas has confirmed it is actively investigating a potential data breach involving one of its independent third-party partners after a threat actor operating under the alias “LAPSUS-GROUP” posted claims on BreachForums on February 16, 2026, alleging unauthorized access to the sportswear giant’s extranet portal. The actor, believed to be associated with the Scattered Lapsus$ Hunters […]

Selective Thread Emulation and Fuzzing Expose DoS Flaws in Socomec DIRIS M-70 IIoT Device

Security researchers have uncovered six critical denial-of-service vulnerabilities in the Socomec DIRIS M-70 industrial gateway used for power monitoring and energy management in critical infrastructure. The flaws were discovered through an innovative emulation technique that bypassed hardware debugging limitations by focusing on a single thread handling Modbus protocol communications. The M-70 gateway facilitates data communication […]

Microsoft Teams to Prompt Mobile Users for Browser Choice with Non-Office and PDF Links

Microsoft is rolling out a significant update to Teams Mobile on Android and iOS that changes how non-Office and PDF links are handled within the app. Beginning in late February 2026, users will be presented with a browser selection prompt when tapping links to files that aren’t Office documents (Word, Excel, or PowerPoint) or PDFs. […]

Cryptocurrency Scams Target Asia, Combining Malvertising and Pig Butchering with Losses Up to 10 Million

A sophisticated cryptocurrency scam campaign is currently targeting users across Asia, with a heavy and specific focus on Japan. This operation uniquely combines two distinct fraud models into a single, highly effective attack vector: malvertising and “pig butchering.” By blending the broad reach of malicious advertising with the psychological manipulation of long-term social engineering, cybercriminals […]

New SysUpdate Variant Malware Discovered and Tool Developed to Decrypt Encrypted Linux C2 Traffic

A new variant of the SysUpdate malware has emerged as a sophisticated threat targeting Linux systems with advanced command-and-control (C2) encryption capabilities. The malware was discovered during a Digital Forensics and Incident Response (DFIR) engagement when security teams detected the suspicious Linux binary in a client’s environment. This packed ELF64 executable uses an unknown obfuscated […]

Notepad++ v8.9.2 Released with Double-Lock Update Mechanism Following Recent Hack

Notepad++ v8.9.2 Released The widely used open-source text and code editor has released version v8.9.2, introducing a major security enhancement known as the “Double-Lock” update mechanism. This update addresses vulnerabilities that were exploited in a recent state-sponsored attack targeting the application’s update infrastructure. Last month, Notepad++’s official site confirmed that attackers had successfully hijacked its update channel, allowing […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.