Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Spain Ban Social Med ...

 Policy Updates

Spain is preparing to take one of the strongest steps yet in Europe’s growing push to regulate the digital world for young people. Spain will ban social media platforms for children under the age of 16, a move Prime Minister Pedro Sanchez framed as necessary to protect minors from what he called the “digital Wild   show more ...

West.” This, Spain ban social media platforms, is not just another policy announcement. The Spain ban social media decision reflects a wider global shift: governments are finally admitting that social media has become too powerful, too unregulated, and too harmful for children to navigate alone. Spain Ban Social Media Platforms for Children Under Age of 16 Speaking at the World Government Summit in Dubai, Sanchez said Spain will require social media platforms to implement strict age verification systems, ensuring that children under 16 cannot access these services freely. “Social media has become a failed state,” Sanchez declared, arguing that laws are ignored and harmful behavior is tolerated online. The Spain ban social media platforms for children under age of 16 is being positioned as a child safety measure, but it is also a direct challenge to tech companies that have long avoided accountability. Sanchez’s language was blunt, and honestly, refreshing. For years, platforms have marketed themselves as neutral spaces while profiting from algorithms that amplify outrage, addictive scrolling, and harmful content. Spain’s message is clear: enough is enough. Social Media Ban and Executive Accountability Spain is not stopping at age limits. Sanchez also announced a new bill expected next week that would hold social media executives personally accountable for illegal and hateful content. That is a significant escalation. A social media ban alone may restrict access, but forcing executives to face consequences could change platform behavior at its core. The era of tech leaders hiding behind “we’re just a platform” excuses may finally be coming to an end. This makes Spain’s approach one of the most aggressive in Europe so far. France Joins the Global Social Media Ban Movement Spain is not acting in isolation. On February 3, 2026, French lawmakers approved their own social media ban for children under 15. The bill passed by a wide margin in the National Assembly and is expected to take effect in September, at the start of the next school year. French President Emmanuel Macron strongly backed the move, saying: “Our children’s brains are not for sale… Their dreams must not be dictated by algorithms.” That statement captures the heart of this debate. Social media is not just entertainment anymore. It is an attention economy designed to hook young minds early, shaping behavior, self-image, and even mental health. France’s decision adds momentum to the idea that a social media ban globally for children may soon become the norm rather than the exception. Australia’s World-First Social Media Ban for Children Under 16 The strongest example so far comes from Australia, which implemented a world-first social media ban for children under 16 in December 2025. The ban covered major platforms including: Facebook Instagram TikTok Snapchat Reddit X YouTube Twitch Messaging apps like WhatsApp were exempt, acknowledging that communication tools are different from algorithm-driven feeds. Since enforcement began, companies have revoked access to around 4.7 million accounts linked to children. Meta alone removed nearly 550,000 accounts the day after the ban took effect. Australia’s case shows that enforcement is possible, even at scale, through ID checks, third-party age estimation tools, and data inference. Yes, some children try to bypass restrictions. But the broader impact is undeniable: governments can intervene when platforms fail to self-regulate. UK Exploring Similar Social Media Ban Measures The United Kingdom is now considering its own restrictions. Prime Minister Keir Starmer recently said the government is exploring a social media ban for children aged 15 and under, alongside stricter age verification and limits on addictive features. The UK’s discussion highlights another truth: this is no longer just about content moderation. It’s about the mental wellbeing of an entire generation growing up inside algorithmic systems. Is a Social Media Ban Globally for Children the Future? Spain’s move, combined with France, Australia, and the UK, signals a clear global trend. For years, social media companies promised safety tools, parental controls, and community guidelines. Yet harmful content, cyberbullying, predatory behavior, and addictive design have continued to spread. The reality is uncomfortable: platforms were never built with children in mind. They were built for engagement, profit, and data. A social media ban globally for children may not be perfect, but it is becoming a political and social necessity. Spain’s decision to ban social media platforms for children under age of 16 is not just about restricting access. It is about redefining digital childhood, reclaiming accountability, and admitting that the online world cannot remain lawless. The digital Wild West era may finally be ending.

image for Ransomware Attacks H ...

 Cyber News

Ransomware attacks have soared 30% since late last year, and they’ve continued that trend so far in 2026, with many of the attacks affecting software and manufacturing supply chains. Those are some of the takeaways of new research published by Cyble today, which also looked at the top ransomware groups, significant   show more ...

ransomware attacks, new ransomware groups, and recommended cyber defenses. Ransomware groups claimed 2,018 attacks in the last three months of 2025, averaging just under 673 a month to end a record-setting year. The elevated attack levels continued in January 2026, as the threat groups claimed 679 ransomware victims. In the first nine months of 2025, ransomware groups claimed an average of 512 victims a month, so the recent trend has been more than 30% above that, Cyble noted. Below is Cyble’s chart of ransomware attacks by month since 2021, which shows a sustained uptrend since mid-2025. Qilin Remains Top Ransomware Group as CL0P Returns Qilin was once again the top ransomware group, claiming 115 victims in January. CL0P was second with 93 victims after claiming “scores of victims” in recent weeks in an as-yet unspecified campaign. Akira remained among the leaders with 76 attacks, and newcomers Sinobi and The Gentlemen rounded out the top five (chart below). [caption id="attachment_109255" align="aligncenter" width="845"] Top ransomware groups January 2026 (Cyble)[/caption] “As CL0P tends to claim victims in clusters, such as its exploitation of Oracle E-Business Suite flaws that helped drive supply chain attacks to records in October, new campaigns by the group are noteworthy,” Cyble said. Victims in the latest campaign have included 11 Australia-based companies spanning a range of sectors such as IT, banking and financial services (BFSI), construction, hospitality, professional services, and healthcare. Other recent CL0P victims have included “a U.S.-based IT services and staffing company, a global hotel company, a major media firm, a UK payment processing company, and a Canada-based mining company engaged in platinum group metals production,” Cyble said. The U.S. once again led all countries in ransomware attacks (chart below), while the UK and Australia faced a higher-than-normal attack volume. “CL0P’s recent campaign was a factor in both of those increases,” Cyble said. [caption id="attachment_109256" align="aligncenter" width="831"] Ransomware attacks by country January 2026 (Cyble)[/caption] Construction, professional services and manufacturing remain opportunistic targets for threat actors, while the IT industry also remains a favorite target of ransomware groups, “likely due to the rich target the sector represents and the potential to pivot into downstream customer environments,” Cyble said (chart below). [caption id="attachment_109258" align="aligncenter" width="819"] Ransomware attacks by industry January 2026 (Cyble)[/caption] Ransomware Attacks Hit the Supply Chain Cyble documented 10 significant ransomware attacks from January in its blog post, many of which had supply chain implications. One was an Everest ransomware group compromise of “a major U.S. manufacturer of telecommunications networking equipment ... Everest claims the data includes PDF documents containing sensitive engineering materials, such as electrical schematics, block diagrams, and service subsystem documentation.” Sinobi claimed a breach of an India-based IT services company. “Samples shared by the attackers indicate access to internal infrastructure, including Microsoft Hyper-V servers, multiple virtual machines, backups, and storage volumes,” Cyble said. A Rhysida ransomware group attack on a U.S. life sciences and biotechnology instrumentation company allegedly exposed sensitive information such as engineering blueprints and project documentation. A RansomHouse attack on a China-based electronics manufacturing for the technology and automotive manufacturers nay have exposed “extensive proprietary engineering and production-related data,” and “data associated with multiple major technology and automotive companies.” An INC Ransom attack on a Hong Kong–based components manufacturer for the global electronics and automotive industries may have exposed “client-related information associated with more than a dozen major global brands, plus confidential contracts and project documentation for at least three major IT companies.” Cyble also documented the rise of three new ransomware groups: Green Blood, DataKeeper and MonoLock, with DataKeeper and MonoLock releasing details on technical and payment features aimed at attracting ransomware affiliates to their operations.  

image for Lakelands Public Hea ...

 Firewall Daily

Lakelands Public Health has confirmed that it is actively responding to a cyberattack discovered on January 29, 2026, which affected some of its internal systems. The organization is sharing information about the Lakelands Public Health cyberattack incident proactively to maintain transparency and public trust.    show more ...

Immediately after detecting the breach, Lakelands Public Health implemented its incident response protocols, secured affected systems, and engaged a leading cybersecurity firm to support the investigation, containment, and recovery efforts. Experts are working closely with the organization to ensure that all systems are restored safely and efficiently.  While restoration efforts are underway, some programs and services may experience temporary disruptions. The organization has committed to directly contacting any individuals or partners affected by interruptions.  Critical Public Health Data Remains Secure  Initial investigations indicate that systems managing sensitive public health information, including infectious disease data, immunization records, and sexual health information, were not impacted by the Lakelands Public Health cyberattack. Lakelands Public Health has emphasized that protecting personal information remains a top priority as it continues essential public health operations.  Dr. Thomas Piggott, Medical Officer of Health and Chief Executive Officer of Lakelands Public Health, said,  “Our priority response to this event is protecting the information entrusted to us and maintaining continuity of critical public health services. By taking a proactive approach and engaging specialized expertise, we are working diligently to restore systems and keep our community informed.”  The organization serves Peterborough city and county, Northumberland and Haliburton counties, Kawartha Lakes, and the First Nations communities of Curve Lake and Alderville. The cyberattack prompted a review of all systems that could potentially be affected, ensuring that any vulnerabilities are mitigated.  Lakelands Public Health Cyberattack Investigation Lakelands Public Health has noted that the investigation into the cyberattack is ongoing. While no personal or health information appears to have been compromised, the organization has committed to alerting affected parties should any issues arise as the review continues.  Officials have advised that during the restoration period, certain programs and services may remain temporarily offline, and affected individuals will receive direct notifications.  The health unit is also closely monitoring its IT infrastructure for unusual activity, and administrators are implementing additional safeguards, including enhanced network monitoring and access controls. These measures are aimed at minimizing risk and ensuring the integrity of public health data during the recovery process.  Proactive Measures Strengthen Cybersecurity for Lakelands Public Health  Residents, partners, and staff are encouraged to remain patient and vigilant as Lakelands Public Health continues to prioritize security, transparency, and the continuity of services. Updates regarding the cyberattack and ongoing recovery efforts are available at LakelandsPH.ca.  In response to the incident, Lakelands Public Health has reinforced its commitment to cybersecurity. By engaging specialized expertise and deploying additional monitoring and response tools, the organization aims to reduce the risk of future incidents.  Dr. Piggott reinforced the importance of public confidence, stating that the organization will continue to communicate openly and ensure that all necessary steps are taken to protect sensitive information while maintaining public health services without interruption. 

image for CISA Silently Update ...

 Cyber News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been “silently” updating its Known Exploited Vulnerabilities (KEV) catalog when it concludes that vulnerabilities have been exploited by ransomware groups, according to a security researcher. CISA adds a “known” or “unknown” field next to   show more ...

the “Known To Be Used in Ransomware Campaigns?” entry in its KEV catalog. The problem, according to a blog post by Glenn Thorpe of GreyNoise, is the agency doesn’t send out advisories when a vulnerability changes from “unknown” to “known” vulnerabilities exploited by ransomware groups. Thorpe downloaded daily CISA KEV snapshots for all of 2025 and found that the agency had flipped 59 vulnerabilities in 2025 from “unknown” to “known” evidence of exploitation by ransomware groups. “When that field flips from ‘Unknown’ to ‘Known,’ CISA is saying: ‘We have evidence that ransomware operators are now using this vulnerability in their campaigns,’" Thorpe wrote. “That's a material change in your risk posture. Your prioritization calculus should shift. But there's no alert, no announcement. Just a field change in a JSON file. This has always frustrated me.” In a statement shared with The Cyber Express, CISA Executive Assistant Director for Cybersecurity Nick Andersen suggested that the agency is considering Thorpe’s input. “We continue to streamline processes and enrich vulnerability data through initiatives like the KEV catalog, the Common Vulnerabilities and Exposures (CVE) Program, and Vulnrichment,” Andersen said. “Feedback from the cybersecurity community is essential as CISA works to enhance the KEV catalog and advance vulnerability prioritization across the ecosystem.” Microsoft Leads in Vulnerabilities Exploited by Ransomware Groups Of the 59 CVEs that flipped to “known” exploitation by ransomware groups last year, 27% were Microsoft vulnerabilities, Thorpe said. Just over a third (34%) involved edge and network CVEs, and 39% were for CVEs before 2023. And 41% of the flipped vulnerabilities occurred in a single month, May 2025. The “Fastest time-to-ransomware flip” was one day, while the longest lag between CISA KEV addition and the change to “known” ransomware exploitation status was 1,353 days. The “Most flipped vulnerability type” was Authentication Bypass at 14% of occurrences. Ransomware Groups Target Edge Devices Edge devices accounted for a high number of the flipped vulnerabiities, Thorpe said. Fortinet, Ivanti, Palo Alto and Check Point Security edge devices were among the flipped CVEs. “Ransomware operators are building playbooks around your perimeter,” he said. Thorpe said that 19 of the 59 flipped vulnerabilities “target network security appliances, the very devices deployed to protect organizations.” But he added: “Legacy bugs show up too; Adobe Reader vulnerabilities from years ago suddenly became ransomware-relevant.” Authentication bypasses and RCE vulnerabilities were the most common, “as ransomware operators prioritize ‘get in and go’ attack chains.” The breakdown by vendor of the 59 vulnerabilities “shouldn't surprise anyone,” he said. Microsoft was responsible for 16 of the flipped CVEs, affecting SharePoint, Print Spooler, Group Policy, Mark-of-the-Web bypasses, and more. Ivanti products were affected by 6 of the flipped CVEs, Fortinet by 5 (with FortiOS SSL-VPN heap overflows standing out), and Palo Alto Networks and Zimbra were each affected by 3 of the CVEs. “Ransomware operators are economic actors after all,” Thorpe said. “They invest in exploit development for platforms with high deployment and high-value access. Firewalls, VPN concentrators, and email servers fit that profile perfectly.” He also noted that the pace of vulnerability exploitation by ransomware groups accelerated in 2025. “Today, ransomware operators are integrating fresh exploits into their playbooks faster than defenders are patching,” he said. Thorpe created an RSS feed to track the flipped vulnerabilities; it’s updated hourly.

image for Foxit Releases Secur ...

 Firewall Daily

Foxit Software has released security updates addressing multiple cross-site scripting (XSS) vulnerabilities affecting Foxit PDF Editor Cloud and Foxit eSign, closing gaps that could have allowed attackers to execute arbitrary JavaScript within a user’s browser. The patches were issued as part of Foxit’s   show more ...

ongoing security and stability improvements, with the most recent update for Foxit PDF Editor Cloud released on February 3, 2026.  The vulnerabilities stem from weaknesses in input validation and output encoding within specific features of Foxit PDF Editor Cloud. According to Foxit’s official advisory, attackers could exploit these flaws when users interacted with specially crafted file attachments or manipulated layer names inside PDF documents. In such cases, untrusted input could be embedded directly into the application’s HTML structure without proper sanitization, enabling malicious script execution.  The advisory states that the update includes security and stability improvements, and that no manual action is required beyond ensuring the software is up to date.  Details of Foxit PDF Editor Vulnerabilities CVE-2026-1591 and CVE-2026-1592  Two vulnerabilities were identified in Foxit PDF Editor Cloud: CVE-2026-1591 and CVE-2026-1592. Both issues fall under Cross-Site Scripting (CWE-79) and carry a Moderate severity rating, with a CVSS v3.0 score of 6.3. The vulnerabilities affect the File Attachments list and Layers panel, where attackers could inject crafted payloads into file names or layer names.  CVE-2026-1591, considered the primary issue, allows attackers to exploit insufficient input validation and improper output encoding to execute arbitrary JavaScript in a user’s browser. CVE-2026-1592 presents the same risk through similar attack vectors and conditions. Both vulnerabilities were discovered and reported by security researcher Novee.  Although exploitation requires user interaction, the impact can be significant. Attackers must convince authenticated users to access specially crafted attachments or layer configurations. Once triggered, the malicious JavaScript runs within the browser context, potentially enabling session hijacking, exposure of sensitive data from open PDF documents, or redirection to attacker-controlled websites.  Enterprise Risk and Attack Surface Considerations  The attack surface is particularly relevant in enterprise environments where Foxit PDF Editor is widely used for document collaboration and editing. Employees often handle PDFs originating from external partners, customers, or public sources, increasing the likelihood of exposure to crafted payloads.  In addition to Foxit PDF Editor Cloud, Foxit also addressed a related XSS vulnerability affecting Foxit eSign, tracked as CVE-2025-66523. This flaw carries a CVSS score of 6.1 and occurs due to improper handling of URL parameters in specially crafted links.   When authenticated users visit these links, untrusted input may be embedded into JavaScript code and HTML attributes without adequate encoding, creating opportunities for privilege escalation and cross-domain data theft. The patch for Foxit eSign was released on January 15, 2026.  Patches, Mitigation, and Security Guidance  Foxit confirmed that CVE-2026-1591, CVE-2026-1592, and CVE-2025-66523 have all been fully patched. The fixes include improved input validation and output encoding mechanisms designed to prevent malicious script injection. Updates for Foxit PDF Editor Cloud are deployed automatically or available through standard update mechanisms, requiring no additional configuration.  Organizations using Foxit PDF Editor Cloud and Foxit eSign should confirm that their systems are running the latest versions. Administrators are also advised to monitor for unusual JavaScript execution, unexpected PDF editor behavior, or anomalies in application logs.  For environments handling sensitive documents, additional controls may help reduce risk. These include limiting PDF editing to trusted networks, enforcing browser-based content security policies, and restricting access to untrusted attachments. End users should remain cautious when opening PDF files from unknown sources and avoid clicking suspicious links within eSign workflows. 

image for Mountain View Shuts ...

 Cyber News

Mountain View’s decision to shut down its automated license plate reader program is a reminder of an uncomfortable truth that surveillance technology is only as trustworthy as the systems—and vendors—behind it. This week, Police Chief Mike Canfield announced that all Flock Safety ALPR cameras in Mountain View   show more ...

have been turned off, effective immediately. The move pauses the city’s pilot program until the City Council reviews its future at a February 24 meeting. The decision comes after the police department discovered that hundreds of unauthorized law enforcement agencies had been able to search Mountain View’s license plate camera data for more than a year—without the city’s awareness. For a tool that was sold to the public as tightly controlled and privacy-focused, this is a serious breach of trust. Flock Safety ALPR Cameras Shut Down Over Data Access Failures In his message to the community, Chief Canfield made it clear that while the Flock Safety ALPR pilot program had shown value in solving crimes, he no longer has confidence in the vendor. “I personally no longer have confidence in this particular vendor,” Canfield wrote, citing failures in transparency and access control. The most troubling issue, according to the police chief, was the discovery that out-of-state agencies had been able to search Mountain View’s license plate data—something that should never have been possible under state law or city policy. This wasn’t a minor technical glitch. It was a breakdown in oversight, accountability, and vendor responsibility. Automated License Plate Readers Under Growing National Scrutiny Automatic license plate readers, or ALPR surveillance cameras, have become one of the most controversial policing technologies in the United States. These cameras capture images of passing vehicles, including license plate numbers, make, and model. The information is stored and cross-checked with databases to flag stolen cars or vehicles tied to investigations. Supporters argue that ALPRs help law enforcement respond faster and solve crimes more efficiently. But critics have long warned that ALPR systems can easily become tools of mass surveillance—especially when data-sharing controls are weak. That concern has intensified under the Trump administration, as reports have emerged of license plate cameras being used for immigration enforcement and even reproductive healthcare-related investigations. Mountain View’s case shows exactly why the debate isn’t going away. Mountain View Police Violated Its Own ALPR Policies According to disclosures made this week, the Mountain View Police Department unintentionally violated its own policies by allowing statewide and national access to its ALPR data. Chief Canfield admitted that “statewide lookup” had been enabled since the program began 17 months ago, meaning agencies across California could search Mountain View’s license plate records without prior authorization. Even more alarming, “national lookup” was reportedly turned on for three months in 2024, allowing agencies across the country to access the city’s data. State law prohibits sharing ALPR information with out-of-state agencies, especially for immigration enforcement purposes. So how did it happen? Canfield was blunt: “Why wasn’t it caught sooner? I couldn’t tell you.” That answer won’t reassure residents who were promised strict safeguards. Community Trust Matters More Than Surveillance Tools Chief Canfield’s message repeatedly emphasized one point: technology cannot replace trust. “Community trust is more important than any individual tool,” he wrote. That statement deserves attention. Police departments across the country have adopted surveillance systems with the promise of safety, only to discover later that the systems operate with far less control than advertised. When a vendor fails to disclose access loopholes—or when law enforcement fails to detect them—the public pays the price. Canfield acknowledged residents’ anger and frustration, offering an apology and stating that transparency is essential for community policing. It’s a rare moment of accountability in a space where surveillance expansion often happens quietly. Flock Safety Faces Questions About Transparency and Oversight Mountain View’s ALPR program began in May 2024, when the City Council approved a contract with Flock Safety, a surveillance technology company. Since August 2024, the city installed cameras at major entry and exit points. By January 2026, Mountain View had 30 Flock cameras operating. Now, the entire program is paused. Flock spokesperson Paris Lewbel said the company would address the concerns directly with the police chief, but the damage may already be done. This incident raises a bigger question: should private companies be trusted to manage sensitive surveillance infrastructure in the first place? What Happens Next for the Flock Safety ALPR Program? The City Council will now decide whether Mountain View continues with the Flock contract, modifies the program, or shuts it down permanently. But the broader lesson is already clear. ALPR surveillance cameras may offer law enforcement real investigative value, but without airtight safeguards, they risk becoming tools of unchecked monitoring. Mountain View’s shutdown is not just a local story—it’s part of a national reckoning over how much surveillance is too much, and whether public safety can ever justify the loss of privacy without full accountability.

 Feed

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don't end up getting published on the Open VSX Registry.

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks. The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote

 Feed

Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since

 Feed

Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025. Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia,

 Feed

An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over time, identity logic has moved into application code, APIs, service accounts, and custom authentication

 Feed

Many incident response failures do not come from a lack of tools, intelligence, or technical skills. They come from what happens immediately after detection, when pressure is high, and information is incomplete. I have seen IR teams recover from sophisticated intrusions with limited telemetry. I have also seen teams lose control of investigations they should have been able to handle. The

 Feed

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems. The tech giant's AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while maintaining a low false positive

 Feed

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass traditional detection mechanisms and deploy a remote access trojan (RAT) known as AsyncRAT. "The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory

2026-02
Aggregator history
Wednesday, February 04
SUN
MON
TUE
WED
THU
FRI
SAT
FebruaryMarch