The U.S. Financial Industry at the Epicenter of the Global Cybercrime Economy 

Posted in Commentary with tags on February 27, 2026 by itnerd

According to new SOCRadar threat intel, the U.S. financial sector now stands squarely at the center of the global cybercrime economy, enduring roughly half of all financial phishing attacks and nearly a quarter of all dark web threat activity.

Adversaries are now pivoting from basic software exploits to highly sophisticated, AI-driven crime waves, relentless BEC campaigns, and stealthy third-party supply chain infiltrations. 

In an analysis that can be read here, the SOCRadar research team has broken down how the U.S. financial sector is uniquely in the crosshairs for cyber criminals, what the dominate attack vectors are, and some key steps that financial leaders should use to fortify their defenses. 

Key findings include: 

  1. The U.S. financial sector accounts for 23.52% of all finance-related dark web threat activity and 48.02% of global phishing activity. 
  2. Over 80% of dark web threat types are centered on exposing data and databases, with 74.49% of dark web posts involving selling these assets. 
  3. Dominant attack vectors targeting U.S. financial institutions include social engineering, BE, and more increasingly AI-powered exploits. 
  4. Third-party vendors remain critical vectors for systemic risk.

For full details, here is the analysis: https://socradar.io/blog/finance-industry-us-institutions-2026/

Leave a comment »

Flashpoint Analysis: Six‑Month Supply‑Chain Attack Targeting Notepad++ Users

Posted in Commentary with tags on February 27, 2026 by itnerd

Flashpoint’s threat intelligence team has published new analysis on a significant supply‑chain attack involving Notepad++, one of the world’s most widely used open‑source text editors. The compromise—quietly active for roughly six months—allowed threat actors to hijack the application’s update mechanism and deliver malicious executables to targeted users.

Flashpoint’s research breaks down how attackers gained unauthorized access to the hosting infrastructure supporting Notepad++ updates and selectively redirected update requests to attacker‑controlled servers. Instead of receiving legitimate installers, victims were served malicious payloads disguised as trusted updates. The attack did not exploit a vulnerability in Notepad++ code itself; it was an infrastructure‑level compromise that evaded detection for months.

Flashpoint’s analysis highlights several critical findings:

  • The compromise persisted from June through December 2025, affecting users who attempted to update during that window.
  • Attackers hijacked the update delivery pipeline, redirecting traffic from the legitimate Notepad++ server to malicious infrastructure.
  • The attack targeted select victims, suggesting a focused espionage or intelligence‑gathering operation rather than broad malware distribution.
  • The WinGUp updater lacked sufficient verification controls, enabling the delivery of malicious executables without triggering integrity checks.
  • No CVE was assigned, underscoring that the weakness was not in the application code but in the surrounding ecosystem.


This incident is a stark reminder that supply‑chain attacks increasingly target the infrastructure around trusted tools – not just their source code. With Notepad++ used globally by developers, IT teams, and enterprises, the attack demonstrates how a single compromised update path can create widespread risk. Flashpoint’s analysis provides rare visibility into the mechanics of the attack and offers actionable guidance for organizations to assess exposure and strengthen their software update pipelines.

You can get more details here: What to Know About the Notepad++ Supply-Chain Attack | Flashpoint

Leave a comment »

G+D and AWS collaborate on new cloud-based Remote eSIM Provisioning for consumer and IoT solutions

Posted in Commentary with tags on February 27, 2026 by itnerd

Global SecurityTech company Giesecke+Devrient (G+D) today launched a new cloud-based eSIM solution powered by Amazon Web Services (AWS). This new collaboration combines trusted digital security from G+D with best-in-class cloud agility and scale from AWS, enabling customers to confidently deploy and manage devices with eSIM connectivity worldwide. 

Under this new collaboration, G+D will transition eSIM workloads to the AWS cloud environment. This newly launched solution combines G+D’s focus on GSMA compliance and foundational security with AWS’ secure, high availability cloud infrastructure to deliver global provisioning and low-latency connectivity solutions across multiple geographies.

The growth of eSIM-only devices across global telecommunications markets during the last year has driven a significant shift towards industry adoption of eSIM for both consumer and IoT applications. Telecommunications operators increasingly need faster onboarding and elastic scaling of eSIM deployment, especially during peak demand periods. Ensuring end-to-end security is also critical for the rollout of SGP.32 (IoT eSIM) and SGP.22 (consumer eSIM) compatible devices.

This new agreement expands the collaboration between G+D and AWS. G+D is already deploying its SGP.32 eSIM technology for Amazon’s eero Signal device, marking one of the first commercial deployments of the technology. G+D will also offer its solutions via the AWS Marketplace, ensuring widespread accessibility to the technology for mobile carriers, enterprises, and IoT service providers.

MWC Barcelona 2026:

To find out more about how AWS and G+D are bringing eSIM to the cloud, be sure to check out the GSMA’s eSIM Summit where G+D CEO Philipp Schulte and Jan Hofmeyr, Vice President for Telecommunications at AWS, will be diving deep with the keynote “eSIM: From Fraud Risks to Cloud-Powered Security“. More information on the eSIM Summit and the keynote topics can be found here: eSim Summit -… Mar 4, 2026 12:30-14:30 | MWC Barcelona

Leave a comment »

First live 6G trial by Ericsson in Texas powers AI robotics and real-time video streaming

Posted in Commentary with tags on February 27, 2026 by itnerd

Ericsson today announced it has successfully completed the world’s first 6G pre-standard over-the-air (OTA) session, marking a major milestone towards commercial 6G networks and reinforcing U.S. leadership in next-generation wireless innovation.

This milestone was achieved on a pre-standard 6G system using a trusted, end-to-end architecture designed to be AI and cloud native. Conducted at Ericsson’s U.S. headquarters in Plano, Texas, the OTA session validates the readiness of key 6G building blocks. The demonstration features radio hardware, RAN Compute, software-defined air interfaces, and cloud platforms. Ericsson’s future-proof software architecture is deployable on multiple hardware platforms, including CPU (Central Processing Units) and GPU (Graphics Processing Units).

This achievement supports the U.S. government’s focus on 6G leadership, including early research, global standards and forward-looking spectrum policy. 6G is a critical infrastructure for national security, economic competitiveness, and AI-driven innovation. Ericsson’s work directly supports those priorities by showing how future networks can deliver secure, high-performance, AI-native connectivity that underpins U.S. economic competitiveness, innovation, and national security.

Why this matters

Specifically, the 6G trial proves two key capabilities to prepare future networks for AI: powering AI robotics with instant, reliable connections and processing for real‑time control; and enabling real‑time video streaming.  As AI expands beyond smartphones to power robotics, autonomous systems, immersive applications, and industrial automation, wireless infrastructure is becoming a critical layer of the AI stack. 6G networks will be designed to sense, compute, and adapt in real time, enabling consistent low latency, higher uplink capacity, and new classes of AI services that are not possible today.

Ericsson’s OTA milestone demonstrates that these capabilities are moving into system-level reality, positioning the U.S. ecosystem to shape global standards, drive innovation, and lead commercialization of 6G.

A long-term commitment to the United States

Ericsson has operated in the U.S. for more than 120 years and continues to expand its footprint across research, manufacturing, and operations. The company employs more than 6,000 people across the country and operates 12 R&D centers focused on AI, ASIC design, and antenna systems. Its U.S. headquarters in Plano, Texas, serves as a major hub for advanced wireless R&D, standards development, and customer engagement.

Ericsson also currently manufactures advanced 5G radios and RAN Compute systems at its 5G USA Smart Factory in Lewisville, Texas – one of the most advanced telecom manufacturing facilities in the country. Ericsson has invested more than USD 150 million in the factory and is the only manufacturer making telecom equipment at scale in the U.S. The highly automated, 300,000-square-foot facility supports more than 550 U.S. manufacturing jobs and strengthens secure, resilient domestic supply chains. As 6G technology matures, Ericsson plans to build-on this U.S.-based manufacturing foundation to support future deployments.

Technical highlights

  • The system consists of a pre-standard 6G stack with:
    • Spectrum in the 7GHz range (Centimeter Wave)
    • Carrier bandwidth of 400 MHz
    • Performance focus on optimized uplink, enhanced energy efficiency, and maximized spectral utilization

The demonstration leveraged Ericsson radios, baseband platforms, and cloud-native software, and strengthened ongoing contributions to global standard bodies, including 3GPP and Open RAN. Ericsson will continue expanding trials across additional spectrum bands, enabling AI-native capabilities, and collaborating with operators, chipset partners, and the broader ecosystem to accelerate 6G readiness.

Leave a comment »

Clicks Brings Communicator to New Markets with Localized Keyboard Layouts

Posted in Commentary with tags on February 27, 2026 by itnerd

Clicks Technology, today announced expanded language support for Clicks Communicator, introducing new localized keyboard layouts that bring the communication-focused Android smartphone to more users globally. The update reflects stronger-than-expected demand since opening reservations earlier this year, and reinforces the role of Communicator being purpose-built to help people communicate with confidence and take action on the go.

New keyboard layouts include French (AZERTY), German (QWERTZ), Korean and Arabic, enabling Communicator to better serve customers across Europe, the Middle East and Asia.

In response to strong global interest, Clicks extended the early bird window to March 15, giving customers in these markets the opportunity to take advantage of special pricing and bonuses.

Customers will configure their preferred keyboard layout, along with their Communicator color and back Covers, closer to shipping.

Purpose-Built For Fast, Responsive Communications Over Time

Clicks also confirmed today that Communicator will be powered by the Dimensity 8300 (MT8883), a modern 4nm architecture that delivers a fast, responsive experience, with performance to spare.

As a smartphone purpose-built for doing, not doomscrolling, Communicator is designed to feel instant and responsive every time it’s picked up, empowering customers to take action on the go. Clicks selected the MT8883 platform to provide plenty of performance headroom while ensuring the experience continues to meet customer expectations over time.

The MT8883 platform also supports a long runway for Android and security updates, with software support planned through Android 20 and five years of security updates.

Pricing and Availability

Clicks Communicator will be available in Smoke, Clover, and Onyx at a special launch price of USD $499. Purchase your reservation before March 15 to lock in early bird pricing and priority access:

Clicks Communicator will begin shipping later this year.

Meet Clicks at MWC 2026
Clicks will be meeting with media, creators and partners at Mobile World Congress in Barcelona, March 2-5. Media interested in briefings or hands-on demos can contact press@clicks.tech.

Leave a comment »

Datadobi Announces Early Access Program for Data Access Review, a New Addition to StorageMAP 

Posted in Commentary with tags on February 26, 2026 by itnerd

Datadobi has launched an Early Access Program for Data Access Review, a new capability coming to its StorageMAP platform. Developed in direct response to customer demand for deeper visibility and control over data permissions, Data Access Review will extend StorageMAP’s value by adding actionable permissions intelligence to unstructured data management. During the Early Access program, selected customers have the opportunity to test and help shape new permissions intelligence features. 

By formalizing and expanding StorageMAP’s ability to analyze and report on access permissions, Data Access Review enables organizations to identify excessive, outdated, or inappropriate access rights before they evolve into security risks or compliance violations. It integrates into existing unstructured data management workflows, ensuring that access governance becomes a natural extension of data visibility, classification, and remediation strategies.  

The Early Access Program is available exclusively to current Datadobi customers who are actively using StorageMAP. Participants will get an early look at new features, gain valuable insights about access permissions in part of their environment, and have a direct line to share feedback that will help shape the final data access product. 

Customers interested in joining the Early Access Program can reach out to their Datadobi account representative or visit our website

Leave a comment »

Patches Fix Claude Code Flaws, But Broader Repository-Based Risks Remain 

Posted in Commentary with tags on February 26, 2026 by itnerd

Researchers at Check Point have identified multiple vulnerabilities in Anthropic’s development tool Claude Code, allowing malicious repositories to trigger remote code execution and steal active API credentials.

The observed security issues exploited built-in mechanisms including Hooks, Model Context Protocol servers, and environment variables to run arbitrary shell commands and exfiltrate API keys before trust prompts could be confirmed.

Two specific tracked vulnerabilities, CVE-2025-59536 and CVE-2026-21852, were documented and patched by Anthropic following disclosure by security researchers. The first enabled arbitrary code execution via overridden configuration settings that bypass user consent dialogs, while the second could redirect API traffic to malicious endpoints, exposing developers’ Anthropic API keys in plaintext.

All reported flaws have been remedied in subsequent Claude Code updates prior to public advisory publication.

According to researchers, even after the specific vulnerabilities were fixed, the underlying risk does not disappear. The issues exposed how project configuration files can directly shape execution behavior inside AI-assisted development tools, and a malicious repository can still act as a delivery mechanism if safeguards are insufficient, which expands the threat model beyond the individual CVEs that were addressed.

As a result, applying patches resolves the documented flaws but does not fully remove the broader exposure created when AI tooling automatically interprets and acts on repository-level settings. 

Jacob Krell, Senior Director: Secure AI Solutions & Cybersecurity, Suzu Labs:

“These CVEs are real and Anthropic was right to patch them. The broader issue is not unique to Claude Code. The AI development tool industry as a whole is prioritizing enablement over security, and these vulnerabilities are a symptom of that design philosophy, not an isolated product failure.

“In the case of Claude Code, hooks ran shell commands before the developer even saw the trust dialog. The security control existed. It just executed after the damage was already done. AI agents are deployed with broad permissions by default because restricting them reduces productivity. That is the same tradeoff the industry made with admin accounts two decades ago, and it took years of breaches to correct. The principle of least privilege does not stop applying because the user is an AI model instead of a human. Agents should be treated as untrusted by default, with strict zero trust boundaries between the agent and any command surface, credential store, or system resource it touches.

“This is not a new class of attack surface. Malicious Makefiles, poisoned scripts, and git hooks have compromised developers for years. What AI tools change is the scope of what runs once triggered. The attack surface is not new. The blast radius is.

“AI development tools are going to become more autonomous, not less. The industry is building the capability first and retrofitting the security later. That pattern has never aged well in software, and it is unlikely to age any better with AI.”

I am aware of a large number of developers who are using tools like Claude Code to speed up the coding pf

Leave a comment »

$30 Infostealer “DarkCloud” Is Fueling a Surge in Enterprise Breaches

Posted in Commentary with tags on February 26, 2026 by itnerd

Flashpoint’s threat intelligence team has uncovered new details about DarkCloud, a rapidly spreading, commercially available infostealer that is reshaping the initial‑access landscape for cybercriminals.

DarkCloud is part of a growing wave of low‑cost, highly scalable infostealers that are lowering the barrier to enterprise compromise. First observed in 2022 and openly sold on Telegram and a clearnet storefront for as little as $30, DarkCloud gives even low‑skill threat actors the ability to harvest credentials at scale and gain enterprise‑wide access.

Flashpoint’s latest analysis reveals several concerning trends:

  • DarkCloud is written in Visual Basic 6.0, a legacy language that helps it evade modern detection tools and signature‑based defenses.
  • Its encryption and string‑obfuscation techniques make it harder for defenders to analyze and block.
  • It is fully commercialized, with subscription tiers, active development, and a growing user base on Telegram—mirroring the professionalization of the cybercrime economy.
  • Credential theft at scale enables attackers to pivot into ransomware, business email compromise, and long‑term espionage operations.

Flashpoint’s researchers warn that DarkCloud represents a broader shift: infostealers are now the dominant initial‑access vector in 2026, giving attackers a cheap, fast, and reliable way to infiltrate organizations.

Why this matters:
Infostealers like DarkCloud are no longer niche tools – they are becoming the backbone of modern cybercrime. With DarkCloud’s low cost, ease of access, and ability to bypass traditional defenses, organizations across every sector face heightened risk. Flashpoint’s analysis provides rare visibility into how these tools are built, sold, and deployed – and what security teams must do to defend against them.

Flashpoint can offer:

  • Expert interviews with the analysts who dissected DarkCloud
  • Insights into the commercialization of infostealers and the threat‑actor economy
  • Guidance for CISOs on mitigating credential‑theft‑driven breaches
  • Data from Flashpoint’s 2026 threat intelligence research

You can learn more here: Understanding the DarkCloud Infostealer | Flashpoint

Leave a comment »

NTT DATA and Ericsson Team Up to Scale Private 5G and Physical AI for Enterprises

Posted in Commentary with tags on February 26, 2026 by itnerd

NTT DATA and Ericsson today announced a multi-year strategic partnership to accelerate enterprise adoption of private 5G and unlock advanced edge AI and physical AI use cases. As organizations look to embed intelligence at the edge across global operations, the partnership will enable AI-driven, outcome-focused transformation.

By combining Ericsson’s Private 5G and Edge platforms with NTT DATA’s full-stack enterprise network services, wireless network expertise, IT/OT security and managed services, the companies will deliver industry-ready solutions that help enterprises deploy private 5G networks and deliver business outcomes at a global scale with confidence.

The partnership will focus on four priority areas:

  • Global Private 5G managed services at scale: NTT DATA will act as one of Ericsson’s key global system integration and managed services providers, delivering Private 5G as a fully managed service with consistent architecture, operations and security worldwide.
  • AI embedded directly into enterprise connectivity: NTT DATA Edge AI agents will run on Ericsson’s enterprise Edge platforms, enabling real-time intelligence and autonomous decision-making where data is generated.
  • Repeatable industry solutions: The companies will be able to deliver proven private 5G, edge AI and physical AI use cases across manufacturing, mining, ports, airports, energy, transportation and smart cities, helping enterprises accelerate deployment and realize measurable ROI.
  • Unified global go-to-market: Joint sales, marketing and delivery will give enterprises a single, consistent path to deployment, reduce vendor complexity and speed time to value.

The partnership will initially focus on high-impact use cases across industries, including the following:

  • Manufacturing: Automated quality inspection, predictive maintenance and real-time safety monitoring using sensor and vision data.
  • Transportation, ports and logistics: Autonomous operations driven by real-time vehicle and asset data for dynamic routing, tracking and safety.
  • Energy and mining: Remote and autonomous operations, intelligent inspection and AI-driven monitoring in complex and hazardous environments.
  • Smart cities: Intelligent traffic management, public safety monitoring and real-time optimization of energy and municipal services.

Leave a comment »

ShinyHunters Pwns Another Victim

Posted in Commentary with tags on February 26, 2026 by itnerd

The online automotive-marketplace CarGurus is the latest victim of the ShinyHunters campaign after the group published a 6.1 GB dataset of approximately 12.4 million account records on February 21.

Have I Been Pwned notes that about 70% of the exposed email addresses were previously seen in breach databases, though substantial fresh data appears to be included. Analysis by the breach monitoring site indicated that the archive included:

  • Email addresses
  • IP addresses
  • Full names
  • Phone numbers
  • Physical addresses
  • User IDs
  • Finance application data
  • Dealer account details

CarGurus has not publicly confirmed the breach or provided an official statement.

In a separate but related incident, Wynn Resorts confirmed that hackers accessed employee data after the company appeared on ShinyHunters’ data leak portal on February 20 when the hackers claimed to have stolen more than 800,000 records containing PII (including SSNs) and employee data along with an extortion threat demanding a ransom of 22.34 bitcoin (roughly $1.5 million). 

Since then, the company stated that the alleged attackers claimed the stolen data had been deleted, and as of the latest reports, Wynn has not observed evidence that the information was publicly leaked or misused. 

Although the method used to obtain the data has not been confirmed, ShinyHunters, a cybercrime group known for ransom-or-release tactics, has a history of carrying out advanced voice phishing campaigns that have led to breaches targeting more than 100 organizations, including Optimizely, Figure, Panera Bread, and Crunchbase.

Denis Calderone CRO & COO, Suzu Labs:

   “ShinyHunters is basically operating what feels like an extortion assembly line. In the last few months we’ve seen over a dozen, high-profile organizations get hit: Panera, SoundCloud, Match Group, CarGurus, Wynn, and the list keeps growing.

   “The speed and volume here is what should concern security leaders. They have obviously found something that works here, and it seems that just one well-placed One phone call is all it takes, and they are getting access to your every connected SaaS app in the environment.

   “The Wynn situation is particularly interesting. They appear to have reached an agreement, and the listing was pulled. ShinyHunters has a track record of honoring these deals, AT&T being the most public example. So, paying apparently works, which makes this an agonizing decision for any executive sitting across the table from legal counsel right now. But none of us should want to fund what is clearly a thriving criminal enterprise. Every payment validates the model and funds the next wave of attacks.

   “That’s why the conversation needs to stay focused on preventing the breach, not negotiating after it. Segment your data, lock down SSO with phishing-resistant MFA, and make your environment painful enough to navigate that these groups move on to the next target. Let’s face it, the era of hardware-backed authentication, is upon us.”  

Rajeev Raghunarayan, Head of GTM, Averlon:

   “What ShinyHunters keeps demonstrating is that you don’t need a sophisticated exploit when permissions do the work for you. Once attackers compromise a single set of credentials, SSO and broad SaaS integrations turn that one access point into keys to dozens of systems. The entry is simple. The blast radius is anything but.

   “Organizations are still measuring risk by how hard it is to get in, when the more urgent question is how far an attacker can move once they’re there.”

ShinyHunters is one of those groups that I cannot stop writing about seeing as I wrote about them just yesterday. That’s bad for all of us as it is highly likely that we will hear more from them in the coming days and weeks ahead.

Leave a comment »

« Older Entries
Newer Entries »