Feb 05, 2026

Email 1:

Subject: Risky Bulletin: Plone CMS stops supply-chain attacks

Content Summary:

– Plone CMS, a Python-based content management system, prevented a supply chain attack in early 2026.

– An attacker used a compromised developer’s GitHub personal access token to inject malicious code hidden in whitespace into five repositories; modifications were caught before release.

– The malicious code aimed at developers rather than end users and included shell persistence, remote code execution, and data exfiltration of credentials, API keys, and crypto wallet files.

– Plone strengthened security by disabling risky Git operations like force pushes.

– Additional cybersecurity news includes:

– Hackers extorting school students’ parents in Belgium.

– Step Finance DeFi platform hacked for $30 million.

– CrossCurve crypto bridge hacked; CEO promised legal action if funds not returned.

– Notepad++ compromised by Chinese APT linked to “Billbug” and “Lotus Blossom” with backdoor “Chrysalis”.

– France raids Twitter (X) offices as investigation into AI-generated illicit images grows.

– Meta uses Rust to improve WhatsApp security; Mozilla implements AI “kill switch” in Firefox.

– US FCC warns telcos to patch and secure networks amid ransomware threats.

– Various malware reports including Nitrogen ransomware bug and LockBit 5.0 ESXi ransomware analysis.

– Surge in malicious skills on OpenClaw AI assistant marketplace.

– Legal threats against infosec journalists and researchers are widespread.

– Links to podcasts, sponsors, and further info included.

---

Email 2:

Subject: Russian space vehicles are tapping comms from key European satellites, reports

Content Summary:

– Russian satellites Luch-1 and Luch-2 have been intercepting signals from key European geostationary satellites used for communications across Europe, UK, Africa, and Middle East.

– Close approaches to satellites potentially allow Moscow to gather intelligence and could enable interference or disablement by mimicking ground control commands.

– The US sentenced Rui-Siang Lin (“Pharaoh”), operator of dark web Incognito Market, to 30 years for narcotics trafficking and money laundering involving $105 million in drug sales.

– CISA quietly updated 59 CVEs indicating ransomware use, but without alert notifications, limiting timely remediation.

– Russian hackers disrupted Ukraine military apps Reserve+ and Milchat, affecting troop communication and registration.

– Hackers target ICE spotting apps attempting to intimidate users, though no data leak evidence.

– Coinbase disclosed insider breach where a contractor accessed about 30 customers’ data; user notification and identity protections applied.

– Researchers warn about Metro4Shell (CVE-2025-11953), a critical React Native development server vulnerability exploited in the wild, affecting millions of downloads.

– FBI unable to access reporter Hannah Natanson’s seized iPhone protected by Lockdown Mode.

– US senators call on AI toy company bondu for data exposure and request telecom CEOs to testify about Chinese spying breach Salt Typhoon.

– National Cyber Director calls for industry help to extend cyber threat data sharing legislation.

– FCC warns telecoms of ransomware risks and urges tight security controls.

– International AI Safety report notes accelerating AI capabilities but gaps in risk management; AI being misused for cyberattacks.

– Police Service of Northern Ireland offers compensation after data breach releasing officer data.

– Korea and Malaysia police sign MoU on transnational crime cooperation.

– TRM Labs raised $70 million Series C; RapidFort raised $42 million Series A.

– Europol supports investigation into Elon Musk-related deepfake and child exploitation content on X.

– EU financial commissioner calls to reduce US tech giant influence in Europe.

– Department of Homeland Security presses tech firms to disclose critics’ info.

– Geo Group profiting from immigration detention by selling surveillance tools.

---

Email 3:

Subject: Webinar: Identity Under Attack – Register for Live Sessions

Content Summary:

– Upcoming live SecurityWeek webcast on February 11, 1 PM ET, titled “Identity Under Attack”.

– Focus on identity as the new security perimeter.

– Modern attackers use stolen credentials and account takeover techniques to bypass legacy defenses.

– Webinar will cover:

– Current state of security as traditional network boundaries disappear.

– Emerging attack trends targeting user identities.

– The importance of identity-first security combining real-time risk evaluation and balanced user experience.

– Additional upcoming webinars:

– Ransomware Resilience & Recovery Summit (Feb 25)

– Designing an OT SOC Webinar (Mar 4)

– Supply Chain Security Summit (Mar 18)

– Registration link provided.

---

Email 4:

Subject: White House Cyber Director launches major overhaul of cybersecurity policy | The CyberWire 2.4.26s

Content Summary:

– US National Cyber Director Harry Coker Jr. announces major overhaul of US cybersecurity policy.

– Focus on improving private-sector collaboration and regulatory reform to reduce overlapping/conflicting mandates.

– Emphasis on enhanced threat intelligence sharing and legal protections for incident disclosures.

– CISA warns of active exploitations of critical SolarWinds vulnerability (CVE-2025-40551) requiring urgent patching by federal agencies and private sector.

– ShinyHunters extortion group leaked 5.1 million Panera Bread customer data including contact info.

– LevelBlue acquires Alert Logic MDR provider from Fortra, expanding managed detection and response capabilities.

– RSAC 2026 Conference announced for March 23-26 in San Francisco, emphasizing cybersecurity community collaboration.

– Related selected readings on React Native Metro bug exploitation, US-China tech security policy, Salt Typhoon telecom spying, etc.

---

Email 5:

Subject: Cyber Insights: Cyberwar and Rising Nation State Threats

Content Summary:

– Highlights cybersecurity trends around cyberwarfare and increasing nation-state threats in 2026.

– SolarWinds vulnerability actively exploited.

– TRM Labs raises $70 million, reaching $1 billion valuation.

– Security breaches including Google Looker and Docker AI assistant flaws leading to data theft and remote code execution.

– Cyber attacks leveraging Ethereum-based cryptominers, reverse shells, and AI agent networks undergoing analysis.

– Articles on why AI alone cannot replace human cyber defense; lessons from fiction on cybersecurity resilience.

– Summaries of recent major cybersecurity trends including:

– Exploitation of React Native CVE-2025-11953.

– RapidFort and Kasada funding news.

– Escalation of extortion activity by ShinyHunters.

– Attacks on OpenClaw AI assistant platform.

– Event info on SecurityWeek’s upcoming virtual event lineup.

– Podcast recommendations focusing on industrial security.

---

These summaries provide key points from the 5 emails based on the text provided.

Stay Well!