The Breach News

AI-Generated Malware Takes Advantage of React2Shell for Small Gains

Artificial Intelligence & Machine Learning, Cybercrime, Fraud Management & Cybercrime AI-Driven Malware Targets React2Shell Vulnerability, Compromising 91 Hosts Rashmi Ramesh (rashmiramesh_) • February 11, 2026 Image: Shutterstock Recent research has identified artificial intelligence-generated malware leveraging the React2Shell vulnerability, allowing malicious actors to craft exploits without requiring coding expertise. This operation…

Read MoreAI-Generated Malware Takes Advantage of React2Shell for Small Gains

McLaren Health Reaches $14 Million Settlement Following Two Data Breaches

McLaren Health Care Settles Class Action Lawsuit Following Major Data Breaches McLaren Health Care, headquartered in Grand Blanc, Michigan, has reached a $14 million settlement to address a class action lawsuit arising from two significant data breaches that potentially exposed patient information. The organization operates a network that includes 12…

Read MoreMcLaren Health Reaches $14 Million Settlement Following Two Data Breaches

Active Exploitation of Vulnerabilities in Cacti, Realtek, and IBM Aspera Faspex

Cyber Threat Actors Exploit Critical Vulnerabilities in Cacti, Realtek, and IBM Aspera Faspex Recent cyberattacks have exposed critical security vulnerabilities in multiple systems, notably Cacti, Realtek, and IBM Aspera Faspex, amid ongoing exploitation by various threat actors targeting unpatched installations. This surge in activity highlights the pressing need for organizations…

Read MoreActive Exploitation of Vulnerabilities in Cacti, Realtek, and IBM Aspera Faspex

North Korean Cyber Criminals Set Sights on Cryptocurrencies and POS Systems

In a new wave of cybercrime, the Lazarus Group, a North Korean state-sponsored hacking organization, has ramped up its activities, focusing on the cryptocurrency sector. Recent reports by security firm Proofpoint indicate a large-scale malware campaign targeting digital currency users, further illustrating the group’s extensive involvement in financially motivated cyberattacks.…

Read MoreNorth Korean Cyber Criminals Set Sights on Cryptocurrencies and POS Systems

CBP Enters Agreement with Clearview AI for Face Recognition in ‘Tactical Targeting’

U.S. Customs and Border Protection Expands Use of Facial Recognition Technology Amid Security Concerns U.S. Customs and Border Protection (CBP) has finalized a contract worth $225,000 for a year-long subscription to Clearview AI, a controversial facial recognition service that matches images against vast databases derived from publicly available online content.…

Read MoreCBP Enters Agreement with Clearview AI for Face Recognition in ‘Tactical Targeting’

LinkedIn Hack Tool Reveals Users’ Emails Without Exploiting Vulnerabilities

Concerns Rise Over Email Exposure Tool Affecting LinkedIn Users A recently surfaced browser plugin named ‘Sell Hack’ has raised significant concerns among LinkedIn users and cybersecurity experts alike. Available for Chrome, Firefox, and Safari, this plugin purportedly enables users to access the concealed email addresses of any LinkedIn account holder,…

Read MoreLinkedIn Hack Tool Reveals Users’ Emails Without Exploiting Vulnerabilities

EU Greenlights $32B Google-Wiz Acquisition Following Antitrust Evaluation

Cloud Security, Cloud-Native Application Protection Platform (CNAPP), Security Operations European Commission Dismisses Concerns Over Multi-Cloud Competition Michael Novinson ( MichaelNovinson) • February 10, 2026 The European Commission has approved Google’s $32 billion acquisition of Wiz, a leading cloud security company, citing no significant competition concerns stemming from the transaction. The…

Read MoreEU Greenlights $32B Google-Wiz Acquisition Following Antitrust Evaluation

Severe UUID Vulnerability in Fiber v2 on Go 1.24+ Allows Session Hijacking and CSRF Bypass – Cyber Press

Critical Vulnerability Discovered in Fiber v2 with Go 1.24+, Paving Way for Session Hijacking and CSRF Exploits A significant security vulnerability has recently been uncovered in Fiber v2, a popular web framework for the Go programming language, specifically versions 1.24 and newer. This flaw has raised alarms within the cybersecurity…

Read MoreSevere UUID Vulnerability in Fiber v2 on Go 1.24+ Allows Session Hijacking and CSRF Bypass – Cyber Press

Researchers Uncover Major Remote Code Execution Vulnerability in vm2 Sandbox Library

The maintainers of the vm2 JavaScript sandbox module have released an urgent patch in response to a serious vulnerability that could be exploited to breach security boundaries and execute arbitrary code on host systems. This flaw affects all versions up to and including 3.9.14 and was identified by researchers from…

Read MoreResearchers Uncover Major Remote Code Execution Vulnerability in vm2 Sandbox Library