Sign in Subscribe

InfoSec News 10FEB2026

General

  • How do you scale abuse of new-user-incentives, into a business? Steal thousands of identities.
Prosecutors said the scheme targeted promotional bonuses offered by online gambling platforms to new users who made initial deposits or bets.
When bets placed using promotional credits won, the defendants transferred their winnings to virtual stored-value cards that were allowed for FanDuel deposits and withdrawals. They then moved the fraudulent proceeds to bank and investment accounts under their control.
...
As alleged, these two men used thousands of stolen identities to open online gambling accounts and exploit new user incentives, which for several years allowed them to gamble with stolen money
BeyondTrust Remote Support and older versions of Privileged Remote Access contain a critical pre-authentication remote code execution vulnerability that may be triggered through specially crafted client requests. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.
We've determined that the URLs associated with these email messages are incorrectly marked as phish and quarantined in Exchange Online due to ever-evolving criteria aimed at identifying suspicious email messages, as spam and phishing techniques have become more sophisticated in avoiding detection.
the security certificate for Dynamic Red and a handful of other web services unknowingly expired, because it was undocumented and with an unapproved provider.
...
This certificate was held [with] a provider that was outside the range of our normal certificate providers, and was [in] the name of an ex-employee as opposed to being held within the name of the Department of Parliamentary Services.
“The passwords etc for the underpinning digital certificate were also not held, which is outside normal practice.”

Getting Techy

  • Port Swigger (makers of the widely used PenTesting tool Burp Suite), have released their "Top 10 Web Hacking Techniques of 2025".
2025 saw the rise of side-channels as a core exploitation primitive. It'll be interesting to see if this trend continues for 2026 - or vibe-coding going mainstream takes us back to the bad old days.
The meeting link itself directed to a spoofed Zoom meeting that was hosted on the threat actor's infrastructure, zoom[.]uswe05[.]us.
The victim reported that during the call, they were presented with a video of a CEO from another cryptocurrency company that appeared to be a deepfake.
...
Once in the "meeting," the fake video call facilitated a ruse that gave the impression to the end user that they were experiencing audio issues. This was employed by the threat actor to conduct a ClickFix attack: an attack technique where the threat actor directs the user to run troubleshooting commands on their system to address a purported technical issue.
...
for this particular incident, Mandiant noted an unusually large amount of tooling dropped onto a single host targeting a single individual. This evidence confirms this incident was a targeted attack to harvest as much data as possible for a dual purpose; enabling cryptocurrency theft and fueling future social engineering campaigns by leveraging victim’s identity and data.

Geo-Politics

  • [CN] China's Ministry of Public Security appears to have commissioned from the vendor "Cyberpeace", a cyber-training range, to simulate attacks on "major adversaries in the South China Sea and Indochina Peninsula."
We found more detailed files on the network topology, internal communication with the client, work reports and some source code. Dating back to 2021.
...
“Based on operational applications, operational task requirements, and the technical methods of foreign cyberspace information action equipment, it is constructed according to the idea of realistic simulation and close to reality.”
...
A core component is an extensive library of templates that can be used to build target environments closely resembling the critical digital infrastructure of “major adversaries in the South China Sea and Indochina Peninsula.”
...
The document also focuses on products from CISCO, Fortinet, WatchGuard, and Juniper as primary operational targets.
Italy’s Transport Ministry said rail infrastructure near Bologna and along routes linking key northern cities had been deliberately damaged in what it called “serious sabotage,” according to the Italian news agency ANSA. The incidents caused delays of up to two and a half hours and affected thousands of travelers heading to Olympic events on Saturday.
...
Italy’s state railway operator, Ferrovie dello Stato, reported “serious damage to railway infrastructure attributable to acts of sabotage,” confirming fires and cable damage that disrupted service across parts of the network.
...
The latest incidents come days after Italian authorities said they had blocked a wave of cyberattacks they described as being of Russian origin, targeting diplomatic missions abroad and infrastructure linked to the Winter Olympics. About 120 targets were affected, including consulates in Sydney, Toronto and Paris, as well as hotels housing athletes, though officials said the attacks caused limited disruption.
In a statement, the Cyber Security Agency of Singapore (CSA) said the threat actor known as UNC3886 was behind what it described as a “deliberate, targeted, and well-planned” operation against M1, SIMBA Telecom, Singtel and StarHub. The group used advanced tools to infiltrate telecom networks and maintain long-term covert access, the agency said.
When it comes to 40 or 50 percent of production capacity being moved to the United States... I have made it very clear to the US side that this is impossible," she said, according to The Straits Times.
...
Taiwan, which produces more than 60 percent of global semiconductors and roughly 90 percent of the world's most advanced chips, insists it gained this leadership position by investing in the tech when other countries didn't.
...
Taiwan views its semiconductor dominance as strategic defense against Chinese aggression. Beijing claims Taiwan as its territory and threatens reunification by force if necessary. Even Lutnick acknowledged this "silicon shield" dynamic last year, noting China's open ambitions:
"We need their silicon, the chips so badly that we'll shield them, we'll protect them."

Privacy

  • Discord is rolling out age verification globally.
Beginning with a phased global rollout to new and existing users in early March, users may be required to engage in an age-verification process to change certain settings or access sensitive content. This includes age-restricted channels, servers, or commands and select message requests.
...
Discord users can choose to use facial age estimation or submit a form of identification to its vendor partners, with more options coming in the future. Additionally, Discord will implement its age inference model, a new system that runs in the background to help determine whether an account belongs to an adult, without always requiring users to verify their age. Some users may be asked to use multiple methods if more information is needed to assign an age group.
...
Starting in early March, all new and existing Discord users globally will be assigned new default settings that support age-appropriate experiences while keeping privacy front and center:
Content Filters: Discord users will need to be age-assured as adults in order to unblur sensitive content or turn off the setting.
Age-gated Spaces – Only users who are age-assured as adults will be able to access age-restricted channels, servers, and app commands. 
...

AI

  • There's a "fast" mode now available in Claude Code - faster output, much faster consumption of money.
    Under 200k context: Input $5 -> $30, Output $25 -> $150
    Over 200k context: Input $10 -> $60, Output $37.50 -> $225
    (In US dollars, rates are per million tokens, discounted rates for cached tokens)
Fast mode is not a different model. It uses the same Opus 4.6 with a different API configuration that prioritizes speed over cost efficiency. You get identical quality and capabilities, just faster responses.
...
Use /fast to toggle on fast mode in Claude Code CLI. Also available via /fast in Claude Code VS Code Extension.
Fast mode for Opus 4.6 pricing starts at $30/150 MTok. Fast mode is available at a 50% discount for all plans until 11:59pm PT on February 16.
...
Fast mode has separate rate limits from standard Opus 4.6. When you hit the fast mode rate limit or run out of extra usage credits:
Fast mode automatically falls back to standard Opus 4.6
In our in-progress research, we discovered that AI tools didn’t reduce work, they consistently intensified it. In an eight-month study of how generative AI changed work habits at a U.S.-based technology company with about 200 employees, we found that employees worked at a faster pace, took on a broader scope of tasks, and extended work into more hours of the day, often without being asked to do so.
...
While this may sound like a dream come true for leaders, the changes brought about by enthusiastic AI adoption can be unsustainable, causing problems down the line. Once the excitement of experimenting fades, workers can find that their workload has quietly grown and feel stretched from juggling everything that’s suddenly on their plate. That workload creep can in turn lead to cognitive fatigue, burnout, and weakened decision-making. The productivity surge enjoyed at the beginning can give way to lower quality work, turnover, and other problems.
  • With Large Language Models (LLMs), context matters, for medical applications, it appears that context is significant.
  • Chatbots may be able to pass medical exams, but that doesn’t mean they make good doctors, according to a new, large-scale study of how people get medical advice from large language models.
    ...
    When the researchers tested the LLMs without involving users by providing the models with the full text of each clinical scenario, the models correctly identified conditions in 94.9 percent of cases. But when talking to the participants about those same conditions, the LLMs identified relevant conditions in fewer than 34.5 percent of cases. People didn’t know what information the chatbots needed...Knowing what questions to ask a patient and what information might be withheld or missing during an examination are nuanced skills that make great human physicians; based on this study, chatbots can’t reliably replicate that kind of care.
    ...
    “In an extreme case, two users sent very similar messages describing symptoms of a subarachnoid hemorrhage but were given opposite advice,” the study’s authors wrote. “One user was told to lie down in a dark room, and the other user was given the correct recommendation to seek emergency care.”

Subscribe to Deuxieme RE Banque News

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe