San Mateo, CA, February 9, 2026 — Stories, events, and developments that impacted the cybersecurity landscape last week, including emerging threats, policy changes, and industry responses.
Fresh Zendesk spam wave floods inboxes worldwide
A renewed global spam campaign is flooding inboxes after attackers once again abused unsecured Zendesk support portals to trigger automated emails. Victims report hundreds of bogus “Activate account” messages that appear to come from legitimate companies. Many, security researcher Jonathan Leitschuh included, took to social media to post screenshots of their inboxes full of junk. The activity mirrors a January campaign that affected organizations, including Dropbox and 2K, in which attackers exploited Zendesk’s unverified ticket creation to relay spam at scale. Zendesk previously said it added monitoring and limits to curb abuse and warned customers to restrict ticket creation to verified users, yet the latest surge suggests exposed portals remain vulnerable. BleepingComputer reports that the attackers appear to be recycling the same relay spam technique, overwhelming inboxes while hiding behind trusted support systems. Read more.
ShinyHunters dumps Harvard and UPenn breach data after ransom refusal
The ShinyHunters hacking group has claimed responsibility for last year’s breaches at Harvard University and the University of Pennsylvania, publishing what it says are more than one million records from each school after both institutions refused to pay a ransom. According to reporting by TechCrunch, portions of the leaked data were verified against alumni and public records. UPenn previously confirmed attackers accessed systems tied to development and alumni activities, blaming social engineering, while Harvard said a voice phishing attack exposed contact details, donation history, event attendance, and biographical information connected to fundraising programs. During the Penn incident, hackers even sent messages from official university email addresses that seemed to frame the breach as political in nature, though ShinyHunters does not have a history of engaging in idealogical attacks. Both universities are now reviewing the leaked data to determine required notifications. Read more.
AI-powered voice and meeting scams exploded in 2025
Fraudsters sharply increased their use of AI across voice and virtual channels in 2025, with Pindrop reporting a 1,210% surge in AI-enabled fraud versus a 195% rise in traditional attacks. Their “Inside the 2025 AI Fraud Spike” report shows bots probing Interactive Voice Response systems, mapping workflows, and learning which prompts result in security checks to generate more convincing and effective fraud attempts. These techniques are also appearing in job interviews, financial transactions, and executive video calls intended to fool victims into transferring money to criminals. Healthcare and retail are hardest hit, with bots driving account takeovers and return fraud. One healthcare customer saw bots behind over half of scam attempts, while retail logged a 56% jump in “non-live fraud.” Read more.
New SCAM Act targets fraudulent ads on social platforms
Sens. Ruben Gallego and Bernie Moreno introduced the Safeguarding Consumers from Advertising Misconduct (SCAM) Act, pushing social media platforms to take reasonable steps to block “predatory online scam advertisements” that lawmakers say cost Americans billions. The bill follows Reuters reporting that internal Meta documents estimated users see 15 billion scam ads daily, with projections that scam advertising could generate $16 billion in revenue. The proposal strengthens federal and state enforcement while adding user reporting tools. An FTC report found Americans lost more than $3 billion to online scams in 2024, with social media the most common contact method. “Scammers are using social media to swindle Americans out of their hard-earned savings, and right now, those platforms face almost no consequences for letting it happen,” Gallego said in a statement. Read more.
Spain moves to bar under-16s from social media
Spain is preparing to ban children under 16 from social media and require mandatory age verification, with Prime Minister Pedro Sánchez saying the government will protect kids from what he called the digital “Wild West,” where laws are ignored and crime is tolerated. Speaking at the World Government Summit, Sánchez said legislation regulating social media content will be introduced next week. The move follows similar actions abroad, after Australia enacted a nationwide under-16 ban in December. Momentum is also building across Europe, with the Netherlands pushing for a ban under 15, France approving limits for children 14 and younger, and the United Kingdom studying restrictions for those 15 and under. Together, the proposals signal a coordinated shift toward tighter protections for minors online. Read more.
Unknown Asian hacking group breached governments across 37 countries
A newly identified cyber espionage group tracked by Palo Alto Networks Unit 42 compromised at least 70 government and critical infrastructure organizations across 37 countries while also actively probing systems tied to 155 nations late last year. Active since January 2024, TGR-STA-1030 relies on phishing lures that deliver Diaoyu Loader via MEGA, performs environment checks to evade sandboxes, then pulls images from GitHub to stage Cobalt Strike. The group favors N-day exploits affecting Microsoft, SAP, and Atlassian, and deploys familiar C2 frameworks, web shells, tunnelers, and a ShadowGuard eBPF rootkit to hide activity. Unit 42 says access persisted for months, underscoring sustained intelligence collection and heightened risk to national security and essential services globally across ministries, borders, finance, trade, resources, and diplomacy. The group’s country of origin is not yet known. Read more.
Firefox adds one-click switch to disable generative AI
Mozilla has introduced a new control section in Firefox that lets users fully disable generative AI features, reinforcing the browser maker’s opt-in approach to artificial intelligence. The setting provides a single toggle to block current and future AI enhancements, while still allowing granular control for users who want to manage features individually. At launch, the controls cover translations, AI-generated alt text in PDFs, AI-assisted tab grouping, link previews, and sidebar chatbot integrations. The capability is expected to ship with Firefox 148 on February 24, 2026. Mozilla said the move reflects concern over how deeply AI is being embedded into browsers and software. Company leadership emphasized that privacy, data use, and AI behavior must remain transparent, understandable, and easy to turn off. Read more.
Chinese espionage group compromised Notepad++ for months
China-based espionage group Lotus Blossom infiltrated the internal systems of Notepad++, a widely used open source code editor, to conduct long-term, targeted surveillance rather than mass exploitation, according to Rapid7. The attackers maintained access for roughly six months beginning in June 2025, abusing weaknesses in older update verification mechanisms to hijack updater traffic and selectively monitor specific environments. Researchers found no evidence of bulk data theft, noting activity consistent with reconnaissance, persistence, remote command execution, and strategic intelligence collection. The compromise was disrupted after Notepad++ migrated to a new hosting provider and patched authentication flaws in December. While the campaign did not affect most users, older versions of the software remain a potential risk. Read more.
eScan antivirus update hijacked to deliver malware
According to new findings from Morphisec and Kaspersky, the update infrastructure for eScan antivirus was compromised in a rare supply chain attack that allowed unknown threat actors to push malicious updates to enterprise and consumer systems. The attack stemmed from unauthorized access to a regional update server operated by MicroWorld Technologies, enabling attackers to replace legitimate files with trojanized binaries during a narrow two hour window on January 20, 2026. The malicious update deployed a persistent downloader that blocked future antivirus updates, bypassed Windows AMSI protections, and selectively delivered additional payloads only if analysis tools were not detected. Read more.
Chinese crime networks laundered $16 billion in crypto in 2025
Chinese-language money laundering networks funneled an estimated $16.1 billion through cryptocurrency transactions in 2025, accounting for roughly one-fifth of the global illicit crypto economy, according to a new report from Chainalysis. These networks rely heavily on Telegram-based “guarantee” platforms that act as informal marketplaces and escrow-style connectors for criminal services, including laundering proceeds tied to organized crime syndicates and sanctioned state actors. Andrew Fierman of Chainalysis said investigators have observed funds linked to DPRK-related hacks moving through these channels, alongside other criminal trades such as human trafficking and equipment sales to Southeast Asian scam centers. As criminology professor Mark Button noted, these are “very large, well-resourced organizations,” making enforcement difficult despite international crackdowns. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
