Sign in Subscribe

InfoSec News 09FEB2026

General

  • Google Chrome's changes to how plugins interact with the browser (the move from Manifest Version 2 (MV2), to Manifest Version 3(MV3)), turns out to not be devastating for ad-blocking, as first predicted.
Our results reveal no statistically significant reduction in ad-blocking or anti-tracking effectiveness for MV3 ad blockers compared to their MV2 counterparts, and in some cases, MV3 instances even exhibit slight improvements in blocking trackers.
We are currently experiencing a system-wide service disruption. We have identified that this outage is related to a cybersecurity incident and are actively investigating with our internal teams and external specialists including the FBI.
...
We can now confirm that this incident was the result of a ransomware attack.
...
We do want to reiterate this was not a card data breach. No card data was compromised and any file that may have been accessed was encrypted.

Interesting Aside

  • Older employees may not be so much at-risk, with the rise in AI.
a 2018 analysis delineating two schools of thought. The “albatross theory” holds that workers above the age of 65 drag down productivity due to resistance to change and outdated skills. The “wise man theory” tells a different story: of workers who possess judgment, institutional knowledge, emotional intelligence and expertise that younger employees cannot replicate.
...
More recent research from AARP and the OECD shows that firms with more 50-plus workers are more productive, not less: a 10-percentage-point increase in older workers is associated with roughly 1.1 percent higher productivity.
...
A 2025 study in the journal Intelligence, analyzing age trajectories across 16 cognitive, emotional and personality dimensions, finds that while processing speed does decline after early adulthood, many of the capabilities most relevant to complex work continue to improve well into midlife. When these traits are combined into a composite measure of overall functioning, performance peaks between ages 55 and 60.

Getting Techy

Geo-Politics

  • [EU] The European Union is trialling out some of the protections in its Digital Services Act (DSA) - taking on TikTok for "addictive features, including infinite scroll, autoplay, push notifications, and personalized recommendation systems". It will be interesting to see if they utilise the same rules on US-owned tech companies in the future.
The commission found that TikTok fuels the users' urge to keep scrolling and shifts their brains into "autopilot mode" by constantly rewarding users with new content, potentially reducing self-control and leading to compulsive behavior.
TikTok has also disregarded important indicators of compulsive use, including the time minors spend on the app at night and how frequently users open it, the commission added.
If the findings are confirmed, the violations could trigger a fine of up to 6% of TikTok's global annual turnover. To avoid being fined for violating the EU's digital regulations, the commission said TikTok needs to change its core service design by implementing screen time breaks, adapting its recommendation system, and disabling key addictive features.
Prince of Persia seemed to have operated heavily around the 2013 Iranian Presidential elections, targeting Persian press members (such as BBC Persian), and resumed attacking civil society members and activists afterwards
The threat actor became dormant on January 8, 2026, which was the beginning of the internet blackout in Iran. After three weeks of monitoring, we discovered new activity on January 25, 2026.
...
With the threat actor preparing the C2 servers, we believed it was an indication that the internet blackout may end the following week.
...
The internet blackout indeed ended a day later on January 27, 2026, proving our prediction correct.
  • [NO] The domestic security agency (PST) in Norway has confirmed that china's Salt Typhoon (aka Ghost Emperor, Operator Panda, Funky Boobsweat), "compromised vulnerable network devices in Norwegian organisations". They also noted the threat from "employing North Korean IT developers", as well as threats from Russia and Iran.
Cyber threat actors operating in Norway employ methods that exploit both technical and human vulnerabilities. This is particularly evident with Russia and China, which in 2025 exploited weaknesses in network devices, such as routers, to gain access to Norwegian digital infrastructure. The same methods are also employed for intelligence collection. For example, over the past year, threat actors accessed sensitive information by exploiting zero-day vulnerabilities in email services. Social engineering was also a key factor in successful cyber operations in 2025. While social engineering is widespread among cyber criminals, state actors often use it in the cyber domain with particular sophistication, carefully planning highly targeted operations and investing time in building trust with the target.

Privacy

  • [US] A step backwards in New York, with the Metropolitan Transportation Authority testing cameras and AI in the subway.
The gates have surveillance technology that are automatically supposed to issue an alert whenever someone evades the fare. Cubic officials said the equipment has cameras that record a five-second clip when someone goes through without paying, which then uses artificial intelligence to write a physical description of the suspected fare beater. The information is automatically sent to the MTA.

AI

  • OpenClaw is scrambling to retrofit security, with a new VirusTotal collaboration to attempt to reduce the number of malicious skills in ClawHub. The new trust hub is an interesting step as well, including Mitre ATLAS threat model.
With the help of an OpenClaw bot, security vendor Koi audited the skills files on ClawHub, and found that out of 2857, 341 were malicious.
...
Now, OpenClaw will check skills published to its ClawHub marketplace against VirusTotal's database.
The team-up also gives OpenClaw access to the VirusTotal CodeInsight, which is a large language model (LLM) powered tool to analyse code for malicious traits, based on Google's Gemini AI.
Nevertheless, the OpenClaw project warned that the VirusTotal scanning won't catch all malware.
"A skill that uses natural language to instruct an agent to do something malicious won't trigger a virus signature," the project said.
uncovering exposed and insecure credentials usage in Agent Skills. Scanning the entire ClawHub marketplace (3,984 skills) using Evo Agent Security Analyzer, our researchers found that 283 skills, an estimated 7.1% of the entire registry, contain critical security flaws that expose sensitive credentials.
These are not active malware. They are functional, popular agent skills (like moltyverse-email and youtube-data) that instruct AI agents to mishandle secrets, forcing them to pass API keys, passwords, and even credit card numbers through the LLM’s context window and output logs in plaintext. These agent skills are what largely power the magic of the OpenClaw personal AI assistant project.
Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving.
...
But what stood out in early testing is how quickly Opus 4.6 found vulnerabilities out of the box without task-specific tooling, custom scaffolding, or specialized prompting.
...
When we pointed Opus 4.6 at some of the most well-tested codebases (projects that have had fuzzers running against them for years, accumulating millions of hours of CPU time), Opus 4.6 found high-severity vulnerabilities, some that had gone undetected for decades.
...
So far, we've found and validated more than 500 high-severity vulnerabilities.

Subscribe to Deuxieme RE Banque News

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe