As February 2026 progresses, this week’s The Cyber Express Weekly Roundup examines a series of cybersecurity incidents and enforcement actions spanning Europe, Africa, Australia, and the United States. The developments include a breach affecting the European Commission’s mobile management infrastructure, a ransomware attack disrupting Senegal’s national identity systems, a landmark financial penalty imposed on an Australian investment firm, and the sentencing of a fugitive linked to a multimillion-dollar cryptocurrency scam.From suspected exploitation of zero-day vulnerabilities to prolonged breach detection failures and cross-border financial crime, these cases highlights the operational, legal, and systemic dimensions of modern cyber risk.
The Cyber Express Weekly Roundup
European Commission Mobile Infrastructure Breach Raises Supply Chain Questions
The European Commission reported a cyberattack on its mobile device management (MDM) system on January 30, potentially exposing staff names and mobile numbers, though no devices were compromised, and the breach was contained within nine hours. Read more...
Ransomware Disrupts Senegal’s National Identity Systems
In West Africa, a major cyberattack hit Senegal’s Directorate of File Automation (DAF), halting identity card production and disrupting national ID, passport, and electoral services. While authorities insist no personal data was compromised, the ransomware group. The full extent of the breach is still under investigation. Read more...
Australian Court Imposes Landmark Cybersecurity Penalty
In Australia, FIIG Securities was fined AU$2.5 million for failing to maintain adequate cybersecurity protections, leading to a 2023 ransomware breach that exposed 385GB of client data, including IDs, bank details, and tax numbers. The firm must also pay AU$500,000 in legal costs and implement an independent compliance program. Read more...
Crypto Investment Scam Leader Sentenced in Absentia
U.S. authorities sentenced Daren Li in absentia to 20 years for a $73 million cryptocurrency scam targeting American victims. Li remains a fugitive after fleeing in December 2025. The Cambodia-based scheme used “pig butchering” tactics to lure victims to fake crypto platforms, laundering nearly $60 million through U.S. shell companies. Eight co-conspirators have pleaded guilty. The case was led by the U.S. Secret Service. Read more...
India Brings AI-Generated Content Under Formal Regulation
India has regulated AI-generated content under notification G.S.R. 120(E), effective February 20, 2026, defining “synthetically generated information” (SGI) as AI-created content that appears real, including deepfakes and voiceovers. Platforms must label AI content, embed metadata, remove unlawful content quickly, and verify user declarations. Read More...
Weekly Takeaway
Taken together, this weekly roundup highlights the expanding attack surface created by digital transformation, the persistence of ransomware threats to national infrastructure, and the intensifying regulatory scrutiny facing financial institutions.From zero-day exploitation and supply chain risks to enforcement actions and transnational crypto fraud, organizations are confronting an environment where operational resilience, compliance, and proactive monitoring are no longer optional; they are foundational to trust and continuity in the digital economy.
As the first week of February 2026 concludes, The Cyber Express weekly roundup examines the developments shaping today’s global cybersecurity landscape. Over the past several days, governments, technology companies, and digital platforms have confronted a wave of cyber incidents ranging from disruptive attacks on public infrastructure to large-scale data exposures and intensifying regulatory scrutiny of artificial intelligence systems.This week’s cybersecurity reporting reflects a broader pattern: rapid digital expansion continues to outpace security maturity. High-profile breaches, misconfigured cloud environments, and powerful AI tools are creating both defensive opportunities and significant new risks.
The Cyber Express Weekly Roundup
Cyberattack Disrupts Spain’s Ministry of Science Operations
Spain’s Ministry of Science, Innovation, and Universities confirmed that a cyberattack forced a partial shutdown of its IT systems, disrupting digital services relied upon by researchers, universities, students, and businesses nationwide. Initially described as a technical incident, the disruption was later acknowledged as a cybersecurity event that required the temporary closure of the ministry’s electronic headquarters. Read more..
OpenAI Expands Controlled Access to Advanced Cyber Defense Models
OpenAI announced the launch of Trusted Access for Cyber, a new initiative designed to strengthen defensive cybersecurity capabilities while limiting the potential misuse of highly capable AI systems. The program provides vetted security professionals with controlled access to advanced models such as GPT-5.3-Codex, which OpenAI identifies as its most cyber-capable reasoning model to date. Read more..
French Authorities Escalate Investigations Into X and Grok AI
French police raided offices belonging to the social media platform X as European investigations expanded into alleged abuses involving its Grok AI chatbot. Authorities are examining claims that Grok generated nonconsensual sexual deepfakes, child sexual abuse material (CSAM), and content denying crimes against humanity, including Holocaust denial. Read more..
AI-Generated Platform Moltbook Exposes Millions of Credentials
Security researchers disclosed that Moltbook, a viral social network built entirely using AI-generated code, exposed 1.5 million API authentication tokens, 35,000 user email addresses, and thousands of private messages due to a database misconfiguration. Wiz Security identified the issue after discovering an exposed Supabase API key embedded in client-side JavaScript, which granted unrestricted access to the platform’s production database. Read more..
Substack Discloses Breach Months After Initial Compromise
Substack revealed that attackers accessed user email addresses, phone numbers, and internal metadata in October 2025, though the breach went undetected until February 3, 2026. CEO Chris Best notified affected users, stating, “I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.” Read more..
Weekly Takeaway
This Cyber Express weekly roundup highlights a clear takeaway for the global cybersecurity community: digital expansion without equivalent security investment increases organizational and systemic risk. AI-built platforms, advanced security tooling, and large-scale public-sector systems are being deployed rapidly, often without adequate access controls, monitoring, or testing.
As recent incidents show, these gaps lead to data exposure, prolonged breach detection, and service disruption. To reduce risk, organizations must embed security controls, clear ownership, and continuous monitoring into system design and daily operations, rather than relying on post-incident fixes or policy statements.
It’s a regrettable reality that there is never enough time to cover all the interesting scientific stories we come across each month. So every month, we highlight a handful of the best stories that nearly slipped through the cracks. January’s list includes a lip-syncing robot; using brewer's yeast as scaffolding for lab-grown meat; hunting for Leonardo da Vinci's DNA in his art; and new evidence that humans really did transport the stones to build Stonehenge from Wales and northern Scotland, rather than being transported by glaciers.
Humans, not glaciers, moved stones to Stonehenge
Credit:
Timothy Darvill
Stonehenge is an iconic landmark of endless fascination to tourists and researchers alike. There has been a lot of recent chemical analysis identifying where all the stones that make up the structure came from, revealing that many originated in quarries a significant distance away. So how were the stones transported to their current location?
As January 2026 comes to a close, The Cyber Express takes a comprehensive look at the events defining the global cybersecurity landscape. Over the past week, organizations worldwide faced high-profile cyberattacks, emerging threats in AI and ad fraud, critical software vulnerabilities, and intensifying regulatory scrutiny affecting both public and private sectors.
This week’s coverage highlights significant attacks on Russian and U.S. companies, the discovery of advanced post-exploitation frameworks, trends in EU data breach reporting, and actionable guidance for brands to enhance privacy, security, and compliance in an increasingly complex digital ecosystem.
The Cyber Express Weekly Roundup
Cyberattack Hits Russian Security Firm Delta
On January 26, 2026, Delta, a Russian alarm and vehicle security provider, suffered a major cyberattack, disrupting alarms, vehicle systems, and company communications for tens of thousands of customers. While no confirmed customer data breach occurred, an unverified leak circulated online. Read more...
Ad Fraud and Data Privacy: Brands Must Act Now
Ad fraud is escalating, costing the digital advertising industry billions and eroding consumer trust. Experts like Dhiraj Gupta of mFilterIt emphasize that brands can no longer rely on platform-reported metrics alone. Independent verification, real-time audits, and continuous monitoring of data flows are now essential to ensure privacy, enforce purpose limitations, and maintain accountability across complex advertising ecosystems. Read more…
Ivanti Patches Critical Mobile Manager Zero-Days
Ivanti released emergency fixes for two critical zero-day code injection vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Endpoint Manager Mobile. These flaws allow attackers to execute arbitrary code, access sensitive device and user data, and track locations. CISA added CVE-2026-1281 to its KEV catalog with a two-day remediation deadline for federal agencies. Read more...
Cyble Discovers ShadowHS, a Stealthy Linux Post-Exploitation Framework
Cyble Research & Intelligence Labs uncovered ShadowHS, a fileless, in-memory Linux framework providing attackers with long-term, operator-controlled access. ShadowHS uses AES-encrypted payloads and stealthy memory execution to evade traditional antivirus software, enabling credential theft, lateral movement, privilege escalation, cryptomining, and covert data exfiltration. Read more...
EU Data Breach Notifications Rise Amid GDPR Reform Talks
Data breach notifications in the EU surged 22% over the past year, averaging over 400 per day. GDPR fines remained high at approximately €1.2 billion in 2025. Discussions on the Digital Omnibus legislation highlight a need to balance efficiency in reporting with protecting fundamental privacy rights amid NIS2, DORA, and ongoing cybersecurity threats. Read more...
New Cyberattacks Target U.S. Companies
Several U.S. companies, including Bumble, Panera, Match Group, and CrunchBase, faced phishing and vishing attacks against employees. Bumble reported brief unauthorized access to a small portion of its network, while other firms experienced limited exposure. The ShinyHunters hacking group claims responsibility and has issued extortion demands, emphasizing social engineering as a growing threat to high-profile organizations. Read more...
Weekly Takeaway
The last week of January 2026 stresses that cybersecurity is no longer just a technical concern. From attacks on critical infrastructure in Russia to post-exploitation Linux frameworks, ad fraud, and regulatory scrutiny in the EU, organizations must combine technology, governance, and proactive monitoring to protect data, trust, and operations.
The third week of 2026 highlights a series of cybersecurity events affecting businesses, critical infrastructure, and regulatory compliance. This week, network administrators are grappling with the exploitation of a previously patched FortiOS vulnerability, while ransomware attacks continue to expose sensitive data across major corporations. Meanwhile, hacktivist groups are targeting industrial systems and government networks, and the European Union has introduced new rules to phase out high-risk telecom and ICT products from non-EU suppliers.These incidents demonstrate that cybersecurity risks are no longer confined to IT systems. They now intersect with national security, operational continuity, and regulatory oversight, requiring organizations to adopt both technical defenses and strategic risk management measures.
The Cyber Express Weekly Roundup
Active Exploits Hit “Patched” FortiOS 7.4.9
Administrators report active exploitation of CVE-2025-59718 on FortiGate devices running FortiOS 7.4.9. Attackers bypass authentication through forged FortiCloud SSO logins, creating local admin accounts to maintain access. Evidence suggests that the patch may be incomplete or bypassed. Experts advise manually disabling FortiCloud SSO via CLI and auditing logs for unusual SSO activity, new admin accounts, and configuration exports. Read more…
Ingram Micro Data Breach Exposes 42,521 Individuals
A ransomware attack in July 2025 compromised sensitive employee and job applicant data at Ingram Micro, affecting 42,521 individuals. Exposed information includes names, contact details, dates of birth, Social Security numbers, and employment records. The attack disrupted logistics operations for about a week and was discovered in December 2025. Affected individuals have been notified and offered two years of credit monitoring and identity protection. Read more…
One in Ten UK Businesses Could Fail After Major Cyberattack
A Vodafone Business survey found over 10% of UK business leaders fear their organizations could fail after a major cyberattack. While 63% acknowledge rising cyber risks and 89% say high-profile breaches increased alertness, only 45% provide basic cyber-awareness training to all staff. Weak passwords, phishing, and emerging AI/deepfake scams heighten vulnerabilities. Read more…
EU Proposes Rules on “High-Risk” Telecom Products
The European Commission proposed updates to the Cybersecurity Act to phase out “high-risk” ICT products from mobile, fixed, and satellite networks supplied by risky countries, including China and Russia. Mobile networks have 36 months to comply; timelines for other networks will follow. Read more…
The Cyble 2025 Threat Landscape report shows hacktivists targeting ICS, OT, and HMI/SCADA systems. Groups like Z-Pentest, Dark Engine, and NoName057(16) focused on industrial sectors in Europe and Asia. Hacktivist activity rose 51% in 2025, driven largely by pro-Russian and pro-Palestinian collectives. Many groups aligned with state interests, including GRU-backed Russian operations and Iranian-linked teams. Read more…
NCSC Warns UK Organizations of Russian-Aligned Hacktivists
The UK National Cyber Security Centre (NCSC) warned that Russian-aligned hacktivists, including NoName057(16), increasingly target UK organizations with denial-of-service attacks on local government and critical infrastructure. While technically simple, these attacks can severely disrupt services. Read more…
Weekly Roundup Takeaway
This week’s events highlight that cybersecurity in 2026 continues to influence business continuity, infrastructure integrity, and regulatory compliance. From FortiOS exploits and large-scale ransomware breaches to rising hacktivist activity and evolving EU telecom rules, organizations must integrate operational, technical, and strategic measures to mitigate risk and protect assets across sectors.
The second week of 2026 continues to fetch new cybersecurity issues that affect national security, public stability, business operations, and technology governance. Developments this week ranged from senior intelligence leadership appointments and nationwide internet shutdowns to data breaches, new cybercrime services, and regulatory pressure on generative AI platforms.Across regions and sectors, the incidents reflect how cyber risks now extend beyond technical environments into policy decisions, civil rights, financial systems, and public trust. Governments, enterprises, and technology providers faced challenges tied to resilience, accountability, and threat escalation, reinforcing cybersecurity’s role as a strategic issue rather than a purely operational one.
The Cyber Express Weekly Roundup
X Tightens Grok AI Restrictions
X (previously Twitter) introduced new restrictions on its AI chatbot Grok to prevent the creation of nonconsensual sexualized images, including content that may constitute child sexual abuse material. Measures include blocking sexualized image edits of real people, limiting image generation to paid users, and applying geoblocking where such content is illegal. The changes follow widespread abuse reports and ongoing investigations by U.S. and European authorities. Read more…
NSA Appoints Timothy Kosiba as Deputy Director
The National Security Agency announced the appointment of Timothy Kosiba as its 21st Deputy Director, making him the agency’s senior civilian official responsible for strategy execution, policy, and operational priorities. Kosiba brings more than 30 years of experience across the U.S. intelligence community, including senior roles at the NSA and U.S. Cyber Command, overseas liaison assignments, and leadership of major operational units. Read more…
Iran Enters Fourth Day of Nationwide Internet Blackout
Iran entered a fourth day of a nationwide internet blackout amid widespread unrest linked to the collapse of the rial, now trading at 1.4 million to the U.S. dollar. Authorities reduced national connectivity to approximately 1%, cutting off communications for more than 80 million people. Reports indicate thousands have been detained and hundreds killed since protests began, drawing international concern over censorship, human rights, and crisis communications. Read more…
Dr. Amit Chaubey Warns of Expanding “Business Blast Radius”
In an interview with The Cyber Express, Dr. Amit Chaubey said cyber incidents in 2026 are creating a broader “business blast radius,” extending beyond IT into national resilience, legal exposure, operational continuity, and public trust. He identified failures in external dependencies, such as cloud services, identity systems, connectivity, and key suppliers, as the primary drivers of large-scale disruption, warning that many organizations remain unprepared for sustained degraded operations. Read more…
Endesa Data Breach Affects Energía XXI Customers
Spanish energy provider Endesa disclosed a data breach involving unauthorized access to its commercial platform, impacting customers of its regulated operator Energía XXI. Exposed data includes identification details, contact information, national identity numbers, contract data, and possible payment information such as IBANs. Endesa stated that account passwords were not compromised and reported no evidence of data misuse as investigations continue. Read more…
New Android Banking Malware deVixor Identified
Cyble researchers identified a new Android banking malware called deVixor, a remote access trojan combining credential theft, device surveillance, and ransomware functionality. Active since October, the malware targets Iranian users through phishing sites distributing malicious APKs and is operated as a service-based criminal platform using Telegram and Firebase infrastructure. Researchers noted the malware’s scalability and long-term operational design. Read more…
Microsoft Disrupts RedVDS Cybercrime Platform
Microsoft announced the takedown of RedVDS, a cybercrime-as-a-service platform costing $24 per month that provided criminals with disposable virtual machines for fraud operations. In coordination with international law enforcement, Microsoft seized infrastructure linked to an estimated $40 million in reported U.S. fraud losses, with victims across healthcare, real estate, nonprofit, and other sectors. The action marks Microsoft’s 35th civil case against cybercrime infrastructure. Read more…
Weekly Roundup Takeaway
This week’s events highlight how cybersecurity in 2026 directly affects governance, economic stability, civil rights, and technology accountability. From intelligence leadership changes and state-imposed internet shutdowns to advanced malware, large-scale fraud platforms, and AI safety enforcement, cyber risks now demand coordinated action across policy, regulation, and operations rather than technical controls alone.
Bayer has asked the justices to decide whether federal law shields the company from lawsuits over its Roundup herbicide and cancer. Democrats and MAHA activists aren’t happy.
The herbicide Roundup, when paired with genetically modified seeds, kills weeds without damaging crops. But some evidence has indicated a link to cancer.
The opening week of 2026 has already highlighted the complexity of global cyber threats, with incidents affecting governments, educational institutions, and corporations alike. From school closures to corporate breaches and international policy shifts, cybersecurity news demonstrates that attacks are no longer confined to technical systems; they have real-world consequences for operations, public trust, and the protection of sensitive data.This week, digital risks have shown their reach across multiple sectors: schools are grappling with ransomware and system outages that disrupt learning, corporations face data breaches due to human error and weak authentication practices, and governments are reevaluating international cooperation in cybersecurity.The early events of 2026 underline that managing cyber risk requires not just technology, but coordinated response, regulatory oversight, and awareness at every level, from individual users to global policymakers.
The Cyber Express Weekly Roundup
Higham Lane School Cyberattack Forces Temporary Closure
Higham Lane School in Nuneaton, England, closed temporarily after a cyberattack disrupted IT systems, affecting 1,500 students. Staff and students must avoid platforms like Google Classroom while cybersecurity experts and the Department for Education investigate. Read more...
Hacktivist Takes Down White Supremacist Websites Live at Conference
Hacktivist Martha Root gained attention by deleting white supremacist websites live at the Chaos Communication Congress in Hamburg. Targeted platforms included WhiteDate, WhiteChild, and WhiteDeal. Root also exposed partial data from over 6,000 WhiteDate profiles, sharing it with controlled-access platforms DDoSecrets and HaveIBeenPwned. Read more...
UK Announces £210 Million Cybersecurity Overhaul
The UK government announced a £210 million cybersecurity initiative to address “critically high” risks across public sector systems, many of which rely on vulnerable legacy platforms. The plan includes creating a Government Cyber Unit for cross-department coordination and accountability, establishing the Government Cyber Coordination Centre (GC3) for strategic defense, and launching the first Government Cyber Profession to tackle skills shortages, supported by a Cyber Resourcing Hub. Read more...
Australian Insurer Prosura Suffers Cyber Incident
In Australia, Prosura temporarily shut down online policy management and claim portals following unauthorized access to internal systems on January 3, 2026. Customer names, emails, phone numbers, and policy details may have been exposed, though payment information remained secure. Read more...
U.S. Withdraws from International Cyber Coalitions
The United States announced its withdrawal from 66 international organizations related to cybersecurity, digital rights, and hybrid threat cooperation. These include the Hybrid CoE, GFCE, and Freedom Online Coalition. Officials cited misalignment with U.S. interests, raising concerns over reduced intelligence sharing and potential gaps in global cyber defense. Read more...
Weekly Takeaway
This week’s cybersecurity news from The Cyber Express shows that 2026 is already marked by complex threats. From school closures and corporate breaches to government reforms and international policy shifts, data breaches impact education, public services, and businesses. Protecting digital systems now requires vigilance, technical skill, and proactive governance, making strong cybersecurity strategies essential to protect operations, trust, and public safety worldwide.
This week, The Cyber Express takes a closer look at the events shaping the global cybersecurity landscape as we transition from 2025 to 2026. Throughout this week, we covered new cybersecurity laws, insider jobs involving ransomware, AI-driven disinformation, and data protection enforcement. Coverage includes China’s updated cybersecurity law with stricter reporting and executive liability, Poland’s request for an EU investigation into TikTok’s AI-driven disinformation, and GDPR enforcement in France, with Nexpublica fined €1.7 million.Insider threats remain a concern, highlighted by U.S. BlackCat ransomware convictions, while global ransomware campaigns by groups like CL0P continue to exploit third-party software vulnerabilities. Here are the key stories from this week’s global cybersecurity landscape:
The Cyber Express Weekly Roundup
China’s New Cybersecurity Law: A Global Game-Changer
As of January 1, 2026, China’s amended Cybersecurity Law has come into effect, representing the most significant update since 2017. The law drastically tightens reporting timelines, accountability, and enforcement, including near-real-time incident reporting for critical infrastructure operators—ranging from 60 minutes for severe incidents to four hours for major breaches. Read more....
TikTok Under the Microscope in Poland
Poland has formally asked the European Commission to investigate TikTok over an AI-generated campaign promoting “Polexit,” the idea of Poland leaving the EU. Officials claim the platform failed to meet obligations under the Digital Services Act (DSA), putting democracy at risk, especially among younger users. Read more...
Insider Threats: BlackCat Ransomware in the U.S.
In the United States, two cybersecurity professionals pleaded guilty to deploying ALPHV BlackCat ransomware against five companies, extorting over $1.2 million. The attackers exploited privileged access in healthcare, pharmaceutical, and tech sectors. Read more...
GDPR Enforcement: Nexpublica Fined €1.7 Million
France’s CNIL imposed a €1.7 million fine on Nexpublica France for failing to secure sensitive personal data in its PCRM system. A 2022 breach exposed information about disabilities and other personal details. CNIL emphasized that awareness of vulnerabilities without timely remediation constitutes a serious lapse in responsibility. Read more...
CL0P Expands Ransomware Assault on Oracle EBS
The CL0P ransomware group continued targeting Oracle E-Business Suite systems globally, affecting institutions like the University of Phoenix and Korean Air. Millions of employees' and personal records were compromised, largely via third-party software vulnerabilities, underlining the risks of vendor dependencies in cybersecurity. Read more...
MongoBleed and ASEAN: Trust as a Cyber Asset
A critical MongoDB vulnerability, “MongoBleed” (CVE-2025-14847), allows attackers unauthenticated access to server memory, exposing credentials and confidential data. Meanwhile, a review of ASEAN cybersecurity in 2025 by Salleh Kodri, Sr Presales consultant, Cyble, found that brand abuse, executive impersonation, and digital reputation attacks caused more damage than traditional breaches. Read more...
Governance and Corruption Spotlight: Georgia
Former Georgian security chief Grigol Liluashvili was arrested on bribery and corruption charges involving energy contracts and public procurement. Prosecutors continue an active investigation into millions of dollars in illicit payments. Read more...
Weekly Takeaway
From AI-driven disinformation in Europe to insider ransomware attacks in the U.S., GDPR enforcement, and critical vulnerabilities worldwide, 2025 has underscored that cybersecurity is no longer just about technology. Protecting trust, brand integrity, and personal data is now as vital as firewalls and encryption; a lesson organizations must carry into 2026.
Login
