Sign in Subscribe

InfoSec News 19FEB2026

General

  • Potential court battle brewing - a Spanish court has ruled that two VPN providers - NordVPN and ProtonVPN - must block access to unauthorised streaming sites for football matches (LaLiga). Neither VPN provider was given the opportunity to appear in court, and appear not to have received any formal notifications.
We have become aware of recent reports concerning legal proceedings in Spain that may affect VPN services, including Proton VPN.
At this stage, we were not aware of any proceedings that may have been underway prior to these reports coming to light and have not been formally notified of any proceedings or judgment.
Moreover, any judicial order issued without proper notification to the affected parties, thereby denying them the opportunity to be heard, would be procedurally invalid under fundamental principles of due process.
Spanish courts, like all courts operating under the rule of law, are bound by procedural safeguards that ensure parties are given a fair opportunity to present their case before any binding judgment is rendered.
"At this stage, we have not received the judicial documents mentioned in the press so it will be premature to comment without having reviewed them. We were not part of any Spanish judicial proceedings to our knowledge, and therefore had no opportunity to defend ourselves. Given such judgments impact on how the Internet operates, such an approach by rightsholders is unacceptable" - NordVPN
"Users' email messages with a confidential label applied are being incorrectly processed by Microsoft 365 Copilot chat," Microsoft said when it confirmed this issue.
...
"The Microsoft 365 Copilot 'work tab' Chat is summarizing email messages even though these email messages have a sensitivity label applied and a DLP policy is configured."
"A code issue is allowing items in the sent items and draft folders to be picked up by Copilot even though confidential labels are set in place," Microsoft added.
Microsoft has not provided a final timeline for full remediation and has not disclosed how many users or organizations were affected, saying only that the scope of impact may change as the investigation continues.
Since mid-January 2026, a broad campaign of attacks targeting thousands of Armenian WhatsApp users has been observed. CyberHUB-AM’s digital support helpdesk received upwards of 2 thousand reports related to account takeovers. Per our estimations, at least 4000 accounts have been hacked.
...
Our investigation indicates that vulnerabilities in the SMS delivery chain were exploited, allowing the interception of registration and two-step verification codes.
On January 20, the Republic of Armenia’s Cyber Police issued a statement on this topic. It reads, in part: “Technically speaking, criminals are able to target the SS7 protocol of mobile networks (in simple terms, the ‘postal system’ that operates between mobile operators) and capture SMS messages sent by international mobile operators.”
The conference justified adding Pablos Holman, Vincenzo Iozzo, and Joichi Ito to its public list of banned individuals, citing the three as appearing in the Department of Justice’s latest release of files related to its investigation of the late investor and convicted sex offender. Def Con also cited an article in Politico based on emails that the three exchanged with Epstein.
...
The move to ban the three comes days after TechCrunch reported that cybersecurity conferences Black Hat and Code Blue removed Iozzo from their official review board pages, amid new and emerging revelations linking the prominent hacker, among others, to Epstein.

Getting Techy

Geo-Politics

  • [EU] The Dutch Defence Chief has intimated they could jailbreak the Lockheed Martin F-35's software, if needed. For this to even be a consideration, shows the shaky state of affairs between US and Europe. A German defence contractor had previously raised the spectre of a US kill-switch for the aircraft.
    Meanwhile, Canada is seriously considering cancelling further F-35 acquisition (potentially stopping at just 16 of a planned 88 airframe acquisition), in favour of the far cheaper Saab Gripen (known for its ability to fly from unprepared landing spaces).
"The F-35 is truly a shared product," Tuinman told BNR's Boekestijn en De Wijk show (translated from Dutch). "The British make the Rolls-Royce engines, and the Americans simply need them too. And even if this mutual dependency doesn't result in software updates, the F-35, in its current state, is still a better aircraft than other types of fighters."
"If you still want to upgrade despite everything, I'm going to say something I should never say, but I will anyway: you can jailbreak an F-35 just like an iPhone."
...
Tuinman's comments come nearly a year after Joachim Schranzhofer, head of comms at German defense contractor Hensoldt, stoked fears that the US could remotely disable all European fleets.
Speaking to Bild, within the context of the US pausing military aid to Ukraine – to which it supplied F-16 aircraft – Schranzhofer said the idea of a remote "kill switch" was "more than just a rumor."
A spokesperson for the Polish Army said the country’s move followed a military risk assessment focused on the way modern cars’ sensors and software could be used to collect sensitive information.
Banning the entry of Chinese-made cars to sensitive sites is intended to tackle the risks posed by the “growing integration of digital systems in vehicles and the potential for uncontrolled acquisition and use of data by these systems,” the spokesperson said.
...
Additional restrictions are to be imposed on other vehicles manufactured outside of China if they are “equipped with integral or additional devices enabling the recording of position, image, or sound,” as this equipment is deemed to pose a potential security risk.
Despite its claims of privacy and security, TP Link’s products have been used by People’s Republic of China’s (“PRC”) state-sponsored hacking entities to launch multiple cyber-attack operations against the United States. Further, TP Link’s ownership and supply-chain are tied to China. Through these ties, TP Link is subject to the PRC’s national data laws, which require Chinese citizens and firms to support PRC intelligence services by divulging Americans’ data. With nearly all of its products’ parts imported from China, TP Link’s deliberate deception towards Texans regarding the nationality, privacy, and security capabilities of its networking devices is not just illegal—it is also a national security threat that enables the secret surveillance and exploitation of Texas consumers.
...
This announcement marks the first of several lawsuits that the Office of the Attorney General will file this week as part of a coordinated effort to hold China accountable under Texas law.

Privacy

  • Your car is the next surveillance/intelligence target.
    Haaretz reporting on the rise of Car Intelligence (CARINT) companies within Israel.
In recent decades, our cars have become smart devices, a collection of computers on wheels with dozens of digital systems; the vehicle cannot properly function without an internet or cellular connection. Though this vastly improves the driving experience, it also severely risks privacy and has become a national security threat.
In the intelligence industry, such information derived from vehicles is known as CARINT, car intelligence. A Haaretz investigation has found that at least three Israeli companies are currently operating in CARINT; one has developed an "offensive" tool that can potentially tap into your car's microphones and cameras.
...
By analyzing location data and travel patterns, the technology allows governments to track targets using the SIM cards installed in the car while monitoring the vehicle's wireless and Bluetooth communications. The tech also cross-references with roadside cameras to identify license plates and other data possessed by government agencies.
This new case of Predator spyware targeting in Angola is the first documented case in the country and one of the most recent confirmed Predator cases
...
From April to June 2024, in the final months of his ten-year mandate at the Angolan Journalists Union, Teixeira Cândido received a series of WhatsApp messages on his iPhone from an unknown sender who was using an Angolan phone number. The attacker attempted to build trust by claiming to represent a group of young students interested in Angola’s socioeconomic development and by setting a familiar Angolan name for their WhatsApp profile.
...
On 3 May 2024, the attacker sent the first malicious link aimed at infecting Teixeira Cândido’s phone. Over the coming days and weeks, the attacker proceeded to send more malicious links, each pretending to link to news articles or seemingly innocent websites, as well as numerous follow-up messages to encourage the journalist to open the links
Through forensic analysis of the links and associated domain names, Amnesty International’s Security Lab determined with high confidence that all the links sent to Teixeira Cândido to this WhatsApp number were attempts to infect his phone with the Predator spyware. All infection domains matched a network fingerprint used to track Intellexa infection servers.
...
Once the spyware was installed, the attacker could gain unrestricted access to Teixeira Cândido’s iPhone. As outlined in a leaked Intellexa marketing brochure published as part of the Intellexa Leaks investigation (Figure 5), the spyware is capable of accessing an extensive range of data including encrypted messaging apps like Signal and WhatsApp, audio recordings, emails, device locations, screenshots and camera photos, stored passwords, contacts and call logs, and the ability to activate the phone’s microphone.
The breach occurred after Canada-based transcription service provider VIQ Solutions subcontracted some work to e24 Technologies, an India-based technology company.
...
While VIQ staff are required to undergo national security checks and complete a Commonwealth Courts Deed of Confidentiality, it is unclear if e24 staff do the same.
Internal documents at VIQ found that e24 Technologies staff ... had access to thousands of court documents, which contained sensitive data.
...
“Incredibly sensitive evidence from organisations like ASIO, the Australian Federal Police, is given in private court because it could be addressing links to international criminal organisations, potential foreign interference in the country,” he said, adding that the data could do “incredible damage” if in the wrong hands.
“Not just to the national interest, but potentially to undercover police officers and members of the public in Australia.

AI

  • Another day, another LLM release - Anthropic have released version 4.6 of Claude Sonnet, their mid-sized (and priced) model. Benchmark scores show Sonnet 4.6 achieving results quite close to Opus 4.5 (one iteration older, largest model - released 24NOV2025), not far off Opus 4.6 (released 05FEB2026).
Pricing remains the same as Sonnet 4.5, starting at $3/$15 per million tokens.
...
Performance that would have previously required reaching for an Opus-class model—including on real-world, economically valuable office tasks—is now available with Sonnet 4.6. The model also shows a major improvement in computer use skills compared to prior Sonnet models.
...
Users even preferred Sonnet 4.6 to Opus 4.5, our frontier model from November, 59% of the time. They rated Sonnet 4.6 as significantly less prone to overengineering and “laziness,” and meaningfully better at instruction following. They reported fewer false claims of success, fewer hallucinations, and more consistent follow-through on multi-step tasks.
Sonnet 4.6’s 1M token context window is enough to hold entire codebases, lengthy contracts, or dozens of research papers in a single request. More importantly, Sonnet 4.6 reasons effectively across all that context.
Agentic PTaaS is built on the proven foundation of HackerOne PTaaS ...HackerOne’s agents are trained and refined using proprietary exploit intelligence informed by years of testing real enterprise systems. This is combined with a robust, verified community of elite pentesters, providing unmatched scale. Together, this combination ensures results reflect real-world exploitability rather than theoretical risk.
...
Our agents are grounded in years of enterprise pentesting expertise and informed by proprietary exploit intelligence derived from controlled parallel assessments that run alongside real pentests.
This week, there have been important conversations across the security researcher community about how AI is used in security platforms, including at HackerOne, and specifically regarding the use of researcher data.
I want to address this directly and unambiguously.
HackerOne does not train generative AI models, internally or through third-party providers, on researcher submissions or customer confidential data.
Researcher submissions are not used to train, fine-tune, or otherwise improve generative AI models. This applies across our platform, including capabilities used within our Agentic PTaaS offering and our in-platform AI, Hai.
We also do not permit third-party model providers to retain or use researcher or customer data for their own model training.

Subscribe to Deuxieme RE Banque News

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe