Today’s roundup
Odido data breach exposes personal info of 6.2 million customers
WordPress plugin with 900k installs vulnerable to critical RCE flaw
AMOS infostealer targets macOS through a popular AI app
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Those 'Summarize With AI' Buttons May Be Lying to You
Munich Security Conference: Cyber Threats Lead G7 Risk Index, Disinformation Ranks Third
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog
ApolloMD data breach impacts 626,540 people
Summary
Dutch telecom Odido reported a cyberattack impacting 6.2 million customers. Stolen data includes names, bank accounts, addresses, mobile numbers, and IDs; notifications are underway.
A critical RCE vulnerability in WPvivid Backup & Migration plugin affects over 900,000 WordPress sites. Unauthenticated attackers can achieve remote code execution by uploading arbitrary files.
The AMOS infostealer targets macOS users via popular AI apps and extension marketplaces to harvest credentials. This campaign uses AI lures, fueling the stealer-log cybercrime economy.
Researchers found "CL Suite," a malicious Chrome extension stealing data from Meta Business Suite and Facebook Business Manager. Posing as a utility, it targets sensitive business information.
Threat actors actively exploit a critical pre-authentication RCE flaw in BeyondTrust Remote Support and Privileged Remote Access. WatchTowr confirmed in-the-wild exploitation of the CVSS 9.9 vulnerability.
Microsoft uncovered "AI recommendation poisoning" affecting 31 companies. This new AI abuse manipulates AI-generated summaries, a deceptive tactic easily deployed.
At the Munich Security Conference, G7 countries ranked cyber-attacks as their top security risk; disinformation was third, highlighting escalating digital concerns.
Google reports state-backed actors (UNC2970, APT42) exploit Gemini AI for reconnaissance and attack support, including OSINT and social engineering. HONESTCUE malware generates C# code via Gemini API; AI-built COINBAIT phishing is tracked. Google disabled associated accounts.
CISA added four exploited vulnerabilities to its KEV catalog: Microsoft Configuration Manager SQL Injection (CVE-2024-43468), Notepad++ integrity bypass (CVE-2025-15556), SolarWinds Web Help Desk control bypass (CVE-2025-40536), and an Apple Multiple Buffer Overflow (CVE-2026-20700) zero-day. Federal agencies must patch by early March 2026.
Healthcare firm ApolloMD disclosed a data breach affecting 626,540 patients from a May 2025 cyberattack. Accessed files contained names, birth dates, addresses, diagnoses, treatment info, insurance, and some SSNs. Qilin ransomware claimed responsibility.
Want to dig deeper?
Vulnerabilities
Cyber Groups