The emails impersonate a LastPass representative by spoofing the display name and use subject lines crafted to mimic forwarded internal conversations between attackers and the company’s customer support team about a request to change the account’s primary email address.

The email chains are forwarded to the target in an attempt to prompt them to respond to the suspicious activity with urgency and click on links named “report suspicious activity,” “disconnect and lock vault,” and “revoke device.”

In doing so, users are directed to a fake LastPass login page hosted on the domain “verify-lastpass[.]com” that collects LastPass user credentials.

The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) notes in a report that apart from this primary domain, the attacker also uses slightly modified URLs that redirect to the same phishing page.

LastPass notes that multiple sender addresses and subject lines are used in the campaign to increase credibility and make tracing more difficult.

Most sender addresses are completely unrelated to the LastPass brand, set up from compromised websites or abandoned domains, but the attackers try to hide them by using the ‘LastPass Support’ display name.

The company underlined that its infrastructure has not been compromised in any way, and there’s no impact on its systems.

Moreover, it reminded customers that its support agents will never ask for their master password and that users should never disclose it to anyone.

LastPass is working with third-party partners to take down the fake websites as soon as possible, while urging users who receive suspicious communications to report them to ‘abuse@lastpass.com.’

LastPass’s popularity makes the service a frequent target of phishing campaigns. Earlier this year, in January, LastPass warned of another phishing campaign that distributed fake maintenance notifications, asking users to back up their vaults within 24 hours and redirecting them to phishing pages.

In late 2025, two more campaigns targeting LastPass occurred: one leveraging fake user death claims, and the other claiming the company had been hacked and urging users to download a new version of the client app.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Thursday 5 March 2026 at 12:19 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of February) 854

RIP Matrix

The new feature is available for all plans, including the free tier, and allows logging into Windows by selecting the security key option and scanning a QR code with a mobile device to confirm access to the passkey stored in the Bitwarden encrypted vault.

Bitwarden is an open-source password and secrets manager that can store account passwords, passkeys, API keys, credit card details, identity data, and private notes.

To use the new feature, there are three required conditions:

1. Have Entra ID–joined devices
2. FIDO2 security key sign-in is enabled
3. Have a registered Entra ID passkey stored in their Bitwarden vault

“Windows now supports industry-standard passkeys secured in the Bitwarden vault, enabling passwordless authentication during sign-in,” Bitwarden says in a press release.

“Users can choose to log in with a passkey stored in the Bitwarden vault, allowing Windows to authenticate using cryptographic credentials rather than passwords, without transmitting shared secrets.”

Bitwarden acts as the passkey provider in the Windows authentication flow, storing the credential in the user’s synced vault rather than binding it to a single device. This also allows recovery using other devices in case of losing the phone.

More importantly, by removing password entry from the login process and using cryptographic challenges signed with private keys stored in the vault, the risk of credential exposure to phishing drops dramatically.

Bitwarden states that Microsoft will roll out passkey login on Windows this month, and it depends on the Microsoft Entra ID configuration.

In November 2025, Microsoft announced the introduction of a passkey provider API on Windows 11, allowing third-party apps like Bitwarden and 1Password to store and manage passkeys for websites and apps on the OS.

The latest announcement extends this further, to a more fundamental authentication layer, that of the OS itself.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Thursday 5 March 2026 at 12:18 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of February) 854

RIP Matrix

This seizure action is part of an international joint operation coordinated by Europol, known as "Operation Leak," that involved law enforcement agencies in 14 countries.

On March 3 and 4, the FBI and law enforcement agents shut down LeakBase by seizing two of its domains, posting seizure banners, and warning LeakBase members of the seizure after collecting further evidence.

Police officers and investigators also executed search warrants, made arrests, and conducted interviews in the United States and across Australia, Belgium, Poland, Portugal, Romania, Spain, and the United Kingdom.

LeakBase's domain (leakbase[.]la) now displays a notice stating "This website has been seized by the Federal Bureau of Investigation (FBI) as part of an international law enforcement operation."

The seizure banner also notes that the forum's database and all its contents, including IP logs and private messages, will be used for "evidentiary purposes" in future investigations.

"All forum content including users' accounts, posts, credit details, private messages and IP logs have been secured and preserved for evidentiary purposes," the notice reads. "Attempts to access, alter, or interfere with this site may result in additional criminal offenses. This action was possible because of international law enforcement and private sector coordination involving the partners listed below."

The domain nameservers have also been switched to ns1.fbi.seized.gov and ns2.fbi.seized.gov, the nameservers used by the FBI when seizing domains.

"On 3 March, law enforcement authorities carried out coordinated enforcement actions across multiple jurisdictions, including arrests, house searches, and 'knock-and-talk' interventions. Around 100 enforcement actions were conducted worldwide, including measures against 37 of the most active users of the platforms," Europol added today.

"On 4 March, authorities moved to the technical disruption phase, seizing the forum's domain and replacing it with a law enforcement splash page. The operation now enters a prevention phase aimed at deterring further criminal activity and raising awareness of the consequences of engaging in cybercrime."

Active since 2021, LeakBase was launched as a project supported by the ARES threat group, and it gradually grew its user base to more than 142,000 members following the closure of the Breached hacker forum.

The forum was free to join and offered access to databases, a market for selling leaks, exploits, and other cybercrime services, and an escrow payment system. In addition, it also hosted spaces for programming, hacking tips, social engineering, cryptography, and opsec guides.

Today's announcement follows the disruption of RaidForums in 2022 and BreachForums in 2023, two cybercrime marketplaces that preceded it, as well as the BreachForums founder's conviction and sentencing in 2025.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Thursday 5 March 2026 at 4:34 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of February) 854

RIP Matrix

It all starts with emails containing fake meeting invites, PDF documents, and other malicious links. When a targeted user clicks a link to update a familiar app like Microsoft Teams, Zoom, Google Meet, or Adobe Reader, they are actually downloading malware on their computer.

But here’s the thing: Microsoft found that the malicious files were digitally signed using an abused Extended Validation (EV) certificate issued to a company called TrustConnect Software PTY LTD.

Now, EV certificates aren’t easy to get, as they require strict identity verification by the Certificate Authority. Because of this, Windows SmartScreen and most antiviruses automatically consider them trustworthy and assume any file containing such a signature is entirely safe to download and run.

When a user downloads it, the malware sets the groundwork for the entire operation. It first copies itself to the Program Files directory to mimic a legitimate application, registers itself as a Windows service, and creates a Run key in the system registry so it boots up every time the computer turns on.

Once it gets hold of an infected computer, the malware then uses encoded PowerShell commands to silently install legitimate Remote Monitoring and Management (RMM) tools like ScreenConnect, Tactical RMM, and Mesh Agent!

Since actual corporate IT departments use these exact tools every single day to manage company computers, the malicious network traffic blends right in. The attackers get a persistent backdoor into the corporate network, including remote desktop control and system-level command execution, without raising a single red flag. According to Microsoft’s report, the attackers even install multiple RMM tools, just in case a security team happens to detect and remove one of them.

With full network control established, the attackers can do basically whatever they want with affected computers. They can sift through internal servers to steal intellectual property, customer databases, or financial records. Or they can move laterally from a single infected laptop straight to the core domain controller. The possibilities are endless.

This is an ongoing threat, and Microsoft advises companies and employees to treat every file download they’re not absolutely sure is safe with extra caution. You can check out the entire report on the Microsoft Security blog.

Malware as a Service

Now, if EV certificates are so hard to obtain, you might be wondering how a bunch of attackers got hold of them. And the story about it is pretty wild.

Threat researchers at Proofpoint discovered last month that the hackers did not steal the certificate. They actually created a shell company, “TrustConnect Software PTY LTD” and crafted an entire fake business identity. They used AI to generate a highly convincing corporate website and injected it with fabricated customer statistics and reviews. Under the disguise of a legitimate startup, TrustConnect then legally bought an EV certificate. Someone at the Certificate Authority actually reviewed and approved the purchase.

With a highly trusted EV certificate in their possession, TrustConnect didn’t just plan to launch its own attacks. Instead, it turned its fake website into a lucrative storefront for renting out its malware to other attackers. TrustConnect essentially created, as Proofpoint calls it, a Malware-as-a-Service (MaaS) operation, charging a flat rate of $300 a month in cryptocurrency for access to the digitally signed payloads and command infrastructure. The attackers followed that age-old advice and sold shovels during a gold rush.

So, if you yourself wanted to infiltrate some company’s computer, you wouldn't even need to write a malicious script. You could just pay TrustConnect $300, download their pre-signed payload, practice some corporate talk to convince a target to actually run your file, and you’re in. Easy game.

Thankfully, the security research community did not just sit back and let it happen. Proofpoint, working alongside a group of researchers known as The Cert Graveyard, managed to get the abused EV certificate officially revoked on February 6. But there is a massive catch. Because the revocation was not backdated, any malware payloads the hackers had already signed remain completely valid and trusted by Windows.

While the TrustConnect storefront stopped accepting new subscribers, the threat actors did not just pack up and vanish. They almost immediately switched to testing a new malware variant called DocConnect. According to Proofpoint’s report, DocConnect is an improved version of the malware, with more advanced features, featuring a better control panel, improved real-time communication, and tricks like fake Windows Update screens.

The whole thing is turning into an endless game of whack-a-mole and is far from over. Be careful with what you’re downloading, now more than ever, because these attackers have no intention of backing down.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 4 March 2026 at 5:53 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of February) 854

RIP Matrix

According to the Court records, Miss Richards was operating this illegal business under the name "Trinity Software Distribution," which purchased thousands of Microsoft COA labels from accomplices, who were also part of this illicit chain, at prices far below retail. Her employees then extracted the product key codes from those labels and sold them in bulk to unwary customers. These operations were carried out for five years between 2018 to 2023.

If you are wondering, these are essentially the stickers or labels on retail product boxes and have a holographic and color-shifting feature. Microsoft describes COA labels as a safeguard for customers to help them identify authentic or "Genuine" Windows/Office software, so that they can avoid counterfeit copies. The labels carry security features designed to discourage duplication and are meant to be affixed to packaging or hardware.

According to Microsoft’s official guidance, a COA label is "not a license,” and it holds no independent commercial value without the software it authenticates. About such "standalone" COAs, Microsoft confirms that they are "often counterfeit COAs" that are part of "excessive inventory." So it is not the product key, which are much coveted for Windows activation, although the COA can accompany the activation product key.

The company recommends that customers check the placement of COAs on packaging and consult official resources to confirm legitimacy and authenticity. Federal law also makes it clear that COA labels cannot be sold separately from the software and hardware they are meant to accompany, since they are not licenses in themselves but rather proof that a license is genuine.

Source: US DOJ (link1, link2)

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 4 March 2026 at 6:00 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of February) 854

RIP Matrix

Soon after South Korean police posted a press release boasting about seizing $5.6 million worth of cryptocurrency from 124 wealthy tax evaders, cops realized that they had mistakenly posted images that made it possible for a thief to quickly steal most of the seized assets.

Eventually, the press release was removed, but not before it was grabbed by local media outlets and tech publications covering the theft.

Bleeping Computer shared a screenshot of the retracted images, which showed a handwritten note next to a Ledger device that’s used as a so-called “cold wallet” to store crypto out of reach of online threats. Clearly legible in the photo, the note contained a complete mnemonic recovery phrase that anyone can use as a master key to move assets off the cold wallet to a new wallet without any additional PIN or permissions required.

A blockchain analysis expert, Cho Jae-woo, told a South Korean news site that 4 million PRTG (Pre-Retogeum) tokens—worth approximately $4.8 million—were in the wallet when the thief struck. The Block reported that on-chain data from Etherscan indicated that “the party who moved the funds first deposited a small amount of ETH into the wallet to cover transaction fees, then transferred the 4 million PRTG tokens out in three transactions.”

On Sunday, officers with South Korea’s National Tax Service posted another press release, “deeply” apologizing for the leak compromising the seized assets.

In it, cops explained that they included the images to make the release more eye-catching, but they were careless in failing to redact the crypto wallet password from the images. They acknowledged there was no excuse for the error and confirmed they were launching an investigation with national police, attempting to trace the transfer and retrieve the lost funds.

Because the press release was widely circulated online, the thief could be anyone. South Korea’s National Tax Service has no clear suspects, Gizmodo suggested, and no easy way to claw back funds.

The officials’ best bet might be if the thief tries to move the stolen tokens through a regulated exchange, but The Block noted that the thief might struggle to convert that much cryptocurrency into cash under current market conditions. So seemingly, the thief, who likely wasn’t expecting the big payday anyway, may be motivated to lie low and avoid major exchanges.

Cho suggested that cops could have easily prevented the theft, likening posting any image of the mnemonic recovery phrase to leaving a wallet wide open. He noted that the original holder of the Ledger wallet was following best practices by only recording the phrase on a handwritten note and not storing the password online. Cops should have known to check the images for the recovery phrase, Cho said, and their mistake will likely cost the national treasury billions of won.

It’s possible that whoever took the cryptocurrency just seized on an opportunity after seeing the cops’ failure to redact the images while scrolling through the National Tax Service’s press releases at dawn. It’s also possible that bad actors are closely monitoring South Korean police cryptocurrency announcements, following what The Block reported was “a series of crypto custody lapses.”

In January, officials in Gwangju had to investigate after “a substantial quantity of seized bitcoin was lost,” The Block reported. That was believed to be linked to a phishing attack targeting Coinbase but perhaps signaled that police weren’t always adequately securing seized assets.

Even more disturbingly, last month, police in Seoul’s Gangnam district had to launch an internal investigation after 22 seized bitcoins went missing, The Block reported. That case also involved a cold wallet suddenly drained without the physical device leaving police control, possibly indicating that some sensitive information isn’t handled securely.

In the latest press release, the National Tax Service officer said they are strengthening internal controls and job training to prevent future leaks.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 3 March 2026 at 10:22 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of February) 854

RIP Matrix

The Lenovo-owned company said that this new partnership will allow for long-term collaboration on future devices engineered with GrapheneOS compatibility. It combines GrapheneOS's engineering with Motorola's own security experience and Lenovo's ThinkShield solutions. The two organizations will work together on joint research, software, and security, especially on mobile platforms, with more details to come as the partnership develops. Here's what a GrapheneOS spokesperson said:

We are thrilled to be partnering with Motorola to bring GrapheneOS’s industry‑leading privacy and security‑focused mobile operating system to their next-generation smartphone

 

This collaboration marks a significant milestone in expanding the reach of GrapheneOS, and we applaud Motorola for taking this meaningful step towards advancing mobile security.

In addition to the new partnership, Motorola unveiled Moto Analytics, a platform for IT administrators to get a real-time view of device performance across their managed fleets. The tool provides deep operational insights, from app stability to battery health, and goes far beyond typical access control.

A new feature, Private Image Data, is coming to the Moto Secure app. This tool automatically removes sensitive metadata, like location and device information, from all new photos taken on the device. It runs in the background to strip some of the private data attached to your images.

GrapheneOS is a security-hardened mobile operating system built on the Android Open Source Project (AOSP). For years, this heavily modified, "de-Googled" version of Android has been confined to Google Pixel devices because the project's developers maintained that only Pixels met their stringent hardware security requirements for features like verified boot and firmware updates.

Last October, the GrapheneOS project confirmed plans to expand its support to a major Android device maker, signaling an end to the Pixel-only era by seeking a hardware partner that could meet its exacting standards. The organization had previously said it would not have its own custom hardware until at least 2027 because devices slated for 2026 lacked critical security technologies like hardware memory tagging.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 3 March 2026 at 10:21 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of February) 854

RIP Matrix

Over the past few years, age verification has increasingly become prevalent across industries and platforms. Just last month, Discord announced plans to roll out age verification measures globally to, as it claims, protect users from harmful or inappropriate content.

And now, the move is trickling down to operating systems. Well, at least in California. In October 2025, Governor Gavin Newsom signed California’s Digital Age Assurance Act (AB 1043), requiring operating system providers in the state to collect users’ age information during setup (via PCGamer).

The bill was passed by the Assembly and Senate unanimously, and is expected to take effect on January 1, 2027, affecting Windows, macOS, Android, iOS, Linux distros like SteamOS, and more.

According to AB 1043, an OS developer will be required to:

"1) Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.

(2) Provide a developer who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface that identifies, at a minimum, which of the following categories pertains to the user.

The categories are broken into four sections: users under 13 years of age, over 13 years of age under 16, at least 16 years of age and under 18, and "at least 18 years of age."

Google on Friday unveiled its plan for its Chrome browser to secure HTTPS certificates against quantum computer attacks without breaking the Internet.

The objective is a tall order. The quantum-resistant cryptographic data needed to transparently publish TLS certificates is roughly 40 times bigger than the classical cryptographic material used today. Today’s X.509 certificates are about 64 bytes in size, and comprise six elliptic curve signatures and two EC public keys. This material can be cracked through the quantum-enabled Shor’s algorithm. Certificates containing the equivalent quantum-resistant cryptographic material are roughly 2.5 kilobytes. All this data must be transmitted when a browser connects to a site.

The bigger they come, the slower they move

“The bigger you make the certificate, the slower the handshake and the more people you leave behind,” said Bas Westerbaan, principal research engineer at Cloudflare, which is partnering with Google on the transition. “Our problem is we don’t want to leave people behind in this transition.” Speaking to Ars, he said that people will likely disable the new encryption if it slows their browsing. He added that the massive size increase can also degrade “middle boxes,” which sit between browsers and the final site.

To bypass the bottleneck, companies are turning to Merkle Trees, a data structure that uses cryptographic hashes and other math to verify the contents of large amounts of information using a small fraction of material used in more traditional verification processes in public key infrastructure.

Merkle Tree Certificates, “replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs,” members of Google’s Chrome Secure Web and Networking Team wrote Friday. “In this model, a Certification Authority (CA) signs a single ‘Tree Head’ representing potentially millions of certificates, and the ‘certificate’ sent to the browser is merely a lightweight proof of inclusion in that tree.”

Google and other browser makers require that all TLS certificates be published in public transparency logs, which are append-only distributed ledgers. Website owners can then check the logs in real time to ensure that no rogue certificates have been issued for the domains they use. The transparency programs were implemented in response to the 2011 hack of Netherlands-based DigiNotar, which allowed the minting of 500 counterfeit certificates for Google and other websites, some of which were used to spy on web users in Iran.

Once viable, Shor’s algorithm could be used to forge classical encryption signatures and break classical encryption public keys of the certificate logs. Ultimately, an attacker could forge signed certificate timestamps used to prove to a browser or operating system that a certificate has been registered when it hasn’t.

To rule out this possibility, Google is adding cryptographic material from quantum-resistant algorithms such as ML-DSA. This addition would allow forgeries only if an attacker were to break both classical and post-quantum encryption. The new regime is part of what Google is calling the quantum-resistant root store, which will complement the Chrome Root Store the company formed in 2022.

The MTCs use Merkle Trees to provide quantum-resistant assurances that a certificate has been published without having to add most of the lengthy keys and hashes. Using other techniques to reduce the data sizes, the MTCs will be roughly the same 64-byte length they are now, Westerbaan said.

The new system has already been implemented in Chrome. For the time being, Cloudflare is enrolling roughly 1,000 TLS certificates to test how well the MTCs work. For now, Cloudflare is generating the distributed ledger. The plan is for CAs to eventually fill that role. The Internet Engineering Task Force standards body has recently formed a working group called the PKI, Logs, And Tree Signatures, which is coordinating with other key players to develop a long-term solution.

“We view the adoption of MTCs and a quantum-resistant root store as a critical opportunity to ensure the robustness of the foundation of today’s ecosystem,” Google’s Friday blog post said. “By designing for the specific demands of a modern, agile internet, we can accelerate the adoption of post-quantum resilience for all web users.”

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Saturday 28 February 2026 at 5:38 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

The iPhone and iPad have been approved to hold NATO-restricted information, according to an announcement on Thursday. That means off-the-shelf devices running iOS 26 and iPadOS 26 can handle classified information “without requiring special software or settings,” Apple says.

The NATO-restricted designation is the lowest level of classified information, and it applies to information that would be “disadvantageous to the interests of NATO” if disclosed, according to a security document posted by the Marines. BlackBerry 10 phones similarly received approval to hold this level of classified information in 2013.

Following an “extensive evaluation” by Germany’s Federal Office for Information Security (BSI), the iPhone and iPad were cleared to handle classified information from the German government. But now, the BSI has signed off on the use of Apple devices with iOS 26 and iPadOS 26 across all NATO nations.

Apple says built-in security protections, like encryption, biometric authentication with Face ID, and Memory Integrity Enforcement, which directly targets spyware, “are now recognized as meeting stringent government and international security requirements.”

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Friday 27 February 2026 at 6:14 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

Google is using every possible avenue to prevent users from watching YouTube videos with ad-blockers installed on their devices. Last month, multiple users raised concerns about a sudden increase in "This content isn't available, try again later" errors when watching YouTube videos.

At the time, there were only two workarounds for the issue: either disabling ad-blockers installed in their browsers or upgrading to YouTube's $14/month Premium subscription plan. As a result, many users speculated that Google was intentionally using the YouTube errors as part of its broader campaign against ad-blockers.

And now, AdGuard has seemingly uncovered a new method that Google is using to discourage users from using ad blockers. The company claims that YouTube has stopped showing comments and video descriptions to users with ad blockers.

Some of the users that flagged the issue on Reddit indicated that the only fix for the issue is to disable the ad-blocker on their PC. "The sad thing is this is happening to premium users that are running ad-blockers," a Reddit user lamented. "Not just to the people running YouTube ad-blockers specifically."

The company says that the gap between a fix being developed and it actually being delivered to users has never been wider. Interestingly, the company claims that Google’s new extension rules are to blame.

Google began transitioning Chrome extensions from Manifest V2 to Manifest V3 in 2023, a change that significantly affected ad blockers such as uBlock Origin. As a result, more than 30 million Chrome users were left vulnerable to intrusive ads.

Now, the Manifest V3 framework is in full effect after Google deprecated V2. According to AdGuard, MV3 changed the scope of extensions, significantly reducing their permissions and limiting their capabilities.

Tracked as CVE-2025-13942, this command injection security flaw was found in the UPnP function of Zyxel 4G LTE/5G NR CPE, DSL/Ethernet CPE, Fiber ONTs, and wireless extenders.

Zyxel says that unauthenticated remote attackers can exploit it to execute operating system (OS) commands on an affected device using maliciously crafted UPnP SOAP requests.

However, CVE-2025-13942 attacks will likely be more limited than the severity rating suggests, as successful exploitation requires UPnP and WAN access to be enabled, with the latter disabled by default.

"It is important to note that WAN access is disabled by default on these devices, and the attack can be carried out remotely only if both WAN access and the vulnerable UPnP function have been enabled," Zyxel said. "Users are strongly advised to install the patches to maintain optimal protection."

On Tuesday, Zyxel also patched two high-severity post-authentication command-injection vulnerabilities (CVE-2025-13943 and CVE-2026-1459) that allow threat actors to execute OS commands using compromised credentials.

Internet security watchdog Shadowserver currently tracks nearly 120,000 Internet-exposed Zyxel devices, including over 76,000 routers.

Zyxel devices are often targeted in attacks since they're provided by many internet service providers worldwide as the default out-of-the-box equipment when activating a new internet service contract.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking 12 Zyxel vulnerabilitiesimpacting the company's routers, firewalls, and NAS devices that have been or are still actively exploited in the wild.

Earlier this month, Zyxel warned that it has no plans to patch a pair of zero-day security vulnerabilities (CVE-2024-40891 and CVE-2024-40891) that are actively exploited in attacks and affect end-of-life routers still available for sale online. Instead, the company "strongly" advised customers to replace their routers with newer products whose firmware has already been patched.

"VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500, are legacy products that have reached end-of-life (EOL) for years," said Zyxel. "Therefore, we strongly recommend that users replace them with newer-generation products for optimal protection."

Zyxel claims that more than 1 million businesses use its networking products across 150 markets.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Thursday 26 February 2026 at 4:58 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

Discord, the extremely popular and free-to-use communication app that's been a mainstay for gamers and other communities for over a decade, has announced that it's delaying the global rollout for its age verification requirements and "Teen-by-Default" policy until "the second half of 2026," meaning the update won't come until the start of July at the earliest.

The news — delivered by chief technology officer Stanislav Vishnevskiy in a new blog post — comes after weeks of widespread scathing backlash from users around the world, and after searches for "Discord alternatives" surged 10,000%. Clearly, many aren't comfortable with the idea of submitting videos of themselves or their government-issued ID to prove they're not a teen so they can continue accessing age-restricted channels.

Despite assurances from Discord that personal data never leaves your device and is deleted immediately once your age is verified, trust in the platform is at an all-time low after a hack exposed the personal data of 70,000 users last October. Discord no longer works with the third-party vendor responsible, but even so, it's easy to see why users are skeptical of its security.

Discord also recently cut ties with Persona, a verification software used by Roblox and Reddit that's backed by Peter Thiel after connections to U.S. government surveillance were discovered. Discord says it ran a test with Persona in the UK only in January, and decided to drop it afterwards.

Discord has noted that for the full rollout of its age requirements later this year will utilize "non-identifying systems" that only verify your age and not your identity, including credit card verification. You may also not need to verify at all, as Discord has an "internal system that works to accurately determine your age." This, Discord says, will cover "90%+ of users."

To comply with specific age verification laws currently in effect in the UK and Australia and soon coming to Brazil, though, Discord has to rely on facial age estimation and/or ID checks in these regions specifically.

1Password is increasing its prices on March 27th, 2026. In an email sent to users, the password manager says it will raise the price of its individual plan from $3.99 / month ($35.88 / year) to $4.99 / month ($47.88 / year), and that its family plan is going from $6.95 / month ($59.88 / year) to $7.99 / month ($71.88 / year).

“While 1Password has grown substantially in value and capability, our pricing has remained largely unchanged for many years,” 1Password’s email states. 1Password says that the price increase will help it “continue investing in innovation and the world-class security you expect.” The email lists some of the new features the company has recently added to the platform, such as the ability to save logins and payment details, protection against phishing, and faster device setup.

As noted by 1Password, the price increase will go into effect during your next plan renewal, as long as it’s after March 27th.

Update, February 24th: Added monthly price changes.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 25 February 2026 at 12:05 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

This feature was spotted in beta testing, specifically in WhatsApp Beta for Android version 2.26.7.8. It appears that, once they arrive in the public version, passwords won’t be mandatory, as you’ll likely still be able to use your account without setting one up. Passwords will simply be another layer of security that users can implement.

The feature is currently only present in WhatsApp beta for Android, and there’s no mention of whether it will be coming to iOS as well. Given that scheduled messages are currently only present in an iOS test build, it looks like Meta is splitting new features across platforms. Still, it’s reasonable to assume that iOS users will also be able to set up passwords, but no confirmations just yet.

The current process of setting up a WhatsApp account is well-known. You enter your phone number, receive and input the 6-digit SMS verification code, and you're in. The new password won't alter this initial signup; it'll only kick in for logins on new devices or after re-verification. You’ll still be able to set up your WhatsApp account the “old-fashioned” way and further secure it with a password if you choose.

Right now, WhatsApp accounts aren't the most secure by default. Essentially, anyone with access to your SIM card can hijack the OTP codes and sign into your account. Meta hopes to mitigate that by allowing users to add an extra step.

Once set, the password becomes a required step during logins on new devices. First you'll need to enter the 6-digit SMS code, then (if enabled) your existing two-step verification PIN, and finally the account password. This multi-layer approach makes unauthorized access much harder, even if someone hijacks your OTP.

There’s no info on when Meta plans to push passwords to the public version of WhatsApp.

Source: WABetaInfo

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 25 February 2026 at 12:03 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

For those unaware, a security baseline package is essentially a set of pre-configured Group Policy Objects (GPO), registry tweaks, and security policies recommended by Microsoft. The Redmond giant has made several changes to various configurations for Windows Server 2025, version 2602.

Starting off with the sudo command, this mode has been disabled in Member Servers (MS) and Domain Controllers (DCs) because it can be leveraged by attackers to escalate their privileges, bypassing user account control (UAC) prompts. In the same vein, the Configure Validation of ROCA-vulnerable WHfB keys during authentication setting has been set to Block mode in domain controllers to mitigate vulnerabilities Windows Hello for Business (WHfB) keys that are prone to the Return of Coppersmith's attack (ROCA).

Additionally, Internet Explorer 11 Launch Via COM Automation has been disabled similar to Windows 11, version 25H2, as this poses a cybersecurity risk through legacy components. Another configuration borrowed from Windows 11 is the application of the Mark of the Web (MotW) tag on files downloaded from the internet and other untrusted sources. This enforces additional protections on such content such as SmartScreen filtering and blocking of macros in Office applications.

Some NTLM configurations, some of which we also discussed previously, are as follows:

• Audit Incoming NTLM Traffic: Configured as Enable auditing for all accounts on both MS and DC
• Audit NTLM authentication in this domain: Configured as Enable all on DC
• Outgoing NTLM traffic to remote servers: Configured as Audit all on both MS and DC
• NTLM Auditing Enhancements: Already enabled by default to improve visibility into NTLM usage within your environment

Meanwhile, the policy related to preventing the downloading of enclosures has been removed from the latest security baseline package as it is not applicable on Windows Server 2025.

Finally, some updated printer policies are described below:

• Configure RPC connection settings: Enforce the default, RPC over TCP with Authentication Enabled, on both MS and DC
• Configure RPC listener settings: Configure as RPC over TCP | Kerberos on MS
• Impersonate a client after authentication: Add RESTRICTED SERVICES\PrintSpoolerService to allow the Print Spooler’s restricted service identity to impersonate clients securely

Microsoft has also shared some guidance around the expiration of Secure Boot certificates and SMB Server hardening, you can check out additional details here.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 25 February 2026 at 3:41 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

The world’s top AI models can be prompted to generate near-verbatim copies of bestselling novels, raising fresh questions about the industry’s claim that its systems do not store copyrighted works.

A series of recent studies has shown that large language models from OpenAI, Google, Meta, Anthropic, and xAI memorize far more of their training data than previously thought.

AI and legal experts told the FT this “memorization” ability could have serious ramifications on AI groups’ battle against dozens of copyright lawsuits around the world, as it undermines their core defense that LLMs “learn” from copyrighted works but do not store copies.

“There’s growing evidence that memorization is a bigger thing than previously believed,” said Yves-Alexandre de Montjoye, a professor of applied mathematics and computer science at Imperial College London.

AI groups have long argued that memorization does not happen. In a 2023 letter to the US Copyright Office, Google said “there is no copy of the training data—whether text, images, or other formats—present in the model itself.”

The AI industry also claims that training models on copyrighted books is “fair use,” arguing that the technology transforms the original work into something meaningfully new.

But a study published last month showed that researchers at Stanford and Yale Universities were able to strategically prompt LLMs from OpenAI, Google, Anthropic, and xAI to generate thousands of words from 13 books, including A Game of Thrones, The Hunger Games, and The Hobbit.

By asking models to complete sentences from a book, Gemini 2.5 regurgitated 76.8 percent of Harry Potter and the Philosopher’s Stone with high levels of accuracy, while Grok 3 generated 70.3 percent.

They were also able to extract almost the entirety of the novel “near-verbatim” from Anthropic’s Claude 3.7 Sonnet by jailbreaking the model, where users can prompt LLMs to disregard their safeguards.

It builds on a study from last year that found “open” models, such as Meta’s Llama, memorize huge parts of particular books in their training data.

AI experts were previously unsure whether closed models, which tend to have more safeguards that prevent models from generating unwanted content, would also be prone to large-scale memorization.

“It was a surprise that they could memorize entire texts” despite guardrails, said A. Feder Cooper, a researcher at Yale University, who was part of the study.

Researchers have not yet worked out why LLMs memorize things that appear in their training data. It also remains unclear how much of the training data is evident in the outputs they generate.

This memorization feature could also have serious implications in other sectors such as health care and education, where leakage of any training data could lead to privacy and confidentiality issues.

Legal experts said it could potentially create a significant liability for AI groups regarding copyright infringement, as well as ramifications for how AI companies train their models and the costs of developing them.

The research findings “could present a challenge to those who argue that the AI model does not store or reproduce any copyright works,” said Cerys Wyn Davies, an intellectual property partner at law firm Pinsent Masons.

Whether or not AI models memorize their training data has played an important factor in recent legal battles over copyright.

A US court last year found that Anthropic’s training of LLMs on some copyrighted content could be considered fair use as it was deemed “transformative.”

But it determined that storing pirated works was “inherently, irredeemably infringing,” which then led the AI group to pay $1.5 billion to settle the lawsuit.

In Germany, a ruling from November last year found that OpenAI had infringed on copyright because its model had memorized song lyrics. The case, brought by GEMA, an association representing composers, lyricists, and publishers, was considered a landmark ruling in the EU.

Rudy Telscher, a partner at law firm Husch Blackwell, said reproducing an entire book without jailbreaking is “clearly a copyright violation.” But “it’s a matter of whether this is happening enough that [AI models] could be vicariously liable for the infringement,” he added.

Anthropic said the jailbreaking technique used in the Stanford and Yale research was impractical for normal users and would require more effort to extract the text than just purchasing the content.

The company also added that its model does not store copies of specific datasets but learns from patterns and relationships between words and strings in its training data.

xAI, OpenAI, and Google did not respond to requests for comment.

The fact that AI labs have put safeguards in place to prevent training data from being extracted means they are aware of the problem, said Imperial’s de Montjoye.

Ben Zhao, a computer science professor at the University of Chicago, questioned whether AI labs really needed to use copyrighted content in training data to create cutting-edge models in the first place.

“Whether the technical result can be done or not, it’s still a question of should we be doing this?” Zhao said. “The legal side should eventually hold their ground and really be the arbiter in this whole process.”

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 24 February 2026 at 3:23 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

Vulnerable Driver Blocklist is a security feature under Microsoft's Core Isolation umbrella for Windows. For those unaware about Core Isolation itself, this is a collection of capabilities that protect "core" Windows processes from malicious software by isolating them in memory. The Vulnerable Driver Blocklist falls within this category because it essentially offers a list of drivers that are restricted by default from ever running in Windows.

Devices like cameras, microphones, keyboards, and more typically communicate with the operating system through drivers. In the past, there have been documented instances of compromised Windows drivers that were being used to exploit the OS. So, in 2022, Microsoft decided that it would mitigate this attack surface by maintaining a list of drivers known to be compromised in Windows installations.

The Vulnerable Driver Blocklist is the result of an ongoing collaboration between Microsoft and independent hardware vendors (IHVs) and OEMs. Whenever a driver vulnerability is reported, the Redmond tech giant works with vendors to patch the security threat and add a driver version to the blocklist if the threat factor is significantly high and the risk of breaking compatibility is relatively low.

This is a particularly important aspect to understand. Microsoft's Vulnerable Driver Blocklist isn't exhaustive. It doesn't list all the compromised drivers because sometimes, blocking a driver without the user really knowing about it can cause poor user experience on Windows, such as device malfunctions and the dreaded Blue Screen of Death (BSOD). This is exactly why maintaining the list is always a careful balancing act for Microsoft.

The Vulnerable Driver Blocklist is updated through Windows Update during feature updates, which means that it is modified roughly 1-2 times a year. Whenever a driver vendor issues an update for their compromised software, they can contact Microsoft to update this blocklist.

In most Windows installations, the Vulnerable Driver Blocklist is on by default, and it is enforced when hypervisor-protected code integrity (HVCI), Smart App Control, or S mode is active too. It's worth noting that this blocklist explicitly denies vulnerable drivers and allows everything else through "Allow All" rules. This is despite Microsoft's best practice recommendation, which involves maintaining an explicit allowlist approach where drivers are allowed individually rather than blocked; however, it's understandable that this is not feasible in many cases.

The Vulnerable Driver Blocklist is found in the System32 folder and, as mentioned previously, it is enabled by default, so you don't really need to do anything. That said, Microsoft does offer an offline XML policy file, which IT admins can download from here. For regular consumers, the Vulnerable Driver Blocklist can be toggled through the Windows Security app or through the Settings app under Privacy & Security > Windows Security.

What do you think about this security feature in Windows? Were you aware of its existence? Let us know in the comments section below!

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Sunday 22 February 2026 at 12:01 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

Edge's built-in password manager lets you secure passwords and autofill with two security options: Windows Hello or a standalone password. The latter is now on its way out, as Microsoft decided to discontinue the primary password in favor of the device sign-in or Windows Hello.

Starting with Edge 146, users will no longer have the ability to create a custom primary password. However, the feature will remain available for existing users for a couple of additional months. On June 4, 2026, Microsoft will pull the plug for existing users and switch them to device authentication. Here is what the company says in the release notes for Edge 146, which is now available in the Beta Channel:

Custom primary password deprecation. In Microsoft Edge 146, users will no longer be able to create a new custom primary password in Edge Settings edge://settings/autofill/passwords/settings. Users who already have a custom primary password configured will see a warning that the feature won't be available from June 4, 2026. On June 4, 2026, any users who are still using a custom primary password will be automatically migrated to device authentication.

While the change may sound inconvenient for those who use a custom password to protect personal data in Microsoft Edge, a device-wide authentication is a much better option, considering that custom passwords are non-recoverable. Therefore, if you forget your custom password, the only way out is to delete the entire profile. Additionally, using device-wide authentication lets you use biometric sign-in with your face or fingerprint, which is safer and more convenient.

Microsoft plans to release Edge 146 on the Week of March 12, 2026. Besides discontinuing the custom password feature, Microsoft announced that Edge 150 would be the final supported version of the browser on macOS 12 Monterey.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Sunday 22 February 2026 at 3:57 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing.

PayPal discovered the breach on December 12, 2025, and determined that customers' names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth had been exposed since July 1, 2025.

The financial technology company said it has reversed the code change that caused the incident, blocking attackers' access to the data one day after discovering the breach.

"On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital ("PPWC") loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025 to December 13, 2025," PayPal said in breach notification letters sent to affected users.

"PayPal has since rolled back the code change responsible for this error, which potentially exposed the PII. We have not delayed this notification as a result of any law enforcement investigation."

PayPal also detected unauthorized transactions on the accounts of a small number of customers as a direct result of the incident and has issued refunds to those affected.

The company now offers affected users two years of free three-bureau credit monitoring and identity restoration services through Equifax, which require enrollment by June 30, 2026.

Affected customers are advised to monitor their credit reports and their account activity for suspicious transactions. PayPal reminded users that it never requests account passwords, one-time codes, or other authentication credentials via phone, text, or email, a common tactic used in phishing attacks that often follow data breach disclosures.

PayPal has also reset passwords for all impacted accounts and said that users will be prompted to create new credentials upon their next login if they have not already done so.

In January 2023, PayPal notified customers of another data breach after a large-scale credential stuffing attack compromised 35,000 accounts between December 6 and December 8, 2022.

Two years later, in January 2025, New York State announced a $2,000,000 settlement with PayPal over charges that it failed to comply with the state's cybersecurity regulations, leading to the 2022 data breach.

Update February 20, 11:38 EST: After the article was published, a PayPal spokesperson told BleepingComputer that the company's systems were not breached and the incident exposed the data of roughly 100 customers.

"When there is a potential exposure of customer information, PayPal is required to notify affected customers," the spokesperson said. "In this case, PayPal’s systems were not compromised. As such, we contacted the approximately 100 customers who were potentially impacted to provide awareness on this matter.”

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Saturday 21 February 2026 at 6:04 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

While writing my most recent comprehensive guide to improve privacy on Windows 11, I started noticing just how many settings you have to manage to reduce the amount of data Microsoft collects from devices and users.

At one point, I genuinely thought I would never finish that set of instructions. Every time I believed I had found the last toggle, another appeared somewhere else. And even after turning off and reconfiguring dozens of default options, it's still unclear how much data the company continues to collect in the background.

The illusion of privacy controls

Yes, Windows 11 presents a privacy page during the out-of-box experience (OOBE). On the surface, it looks reassuring. You're usually asked about diagnostics, tailored experiences, advertising ID, location, and a few other features.

But let's be honest. That page doesn't include everything, far from it.

It's been about 10 days since Discord revealed that it would be implementing its controversial age verification and "Teen-by-Default" stance globally after a test run in the UK and Australia. The news was met with a severe backlash from its massive community.

Users flooded social channels like Reddit and X with posts talking about canceled Nitro subscriptions, deleted accounts, and Discord alternatives, causing Discord to go into damage control mode.

The company was quick to offer clarification on the new rules; not every user would be forced to submit a government ID or a facial scan to be considered an adult. Not because of any sort of trust, but because Discord's background monitoring could already determine "with high confidence" who is an adult and who is underage.

I've long been someone concerned about data security and privacy. I grew up in a time when your passwords were kept securely in your own organic memory if not jotted down on a page somewhere, so the rise of password managers felt like a godsend.

A place to securely store all passwords (and more) for all accounts? Accessible across your devices? Too convenient to pass up. And yet, I still didn't trust my password manager with the "big" credentials; those, I kept tucked away in my head.

Despite some obvious trepidation, I've never been shy about recommending a password manager to help keep your data secure. It's otherwise impossible to have a secure, different password for all accounts.

At least, that's how it used to be.

According to a new study published by security researchers from ETH Zurich and Università della Svizzera Italiana, password managers might not be as secure as once imagined.

The most popular password managers, like Bitwarden, LastPass, and Dashlane, which together have more than 60 million customers, have all seemingly adopted a stance known as "Zero Knowledge Encryption."

Largely based on nothing technical, it's a term designed to create peace-of-mind for users by conveying the idea that what is stored on password manager servers can't be read by the companies. If the company hosting your encrypted passwords can't read it, surely no one else who breaks in can, either.

As first spotted by Office365ITPros, a recent advisory posted on the Microsoft admin portal indicates that Copilot is reading your confidential emails as it summarizes messages for you. This is a massive violation of privacy and security, considering data loss prevention (DLP) policies like privacy labels are specifically designed to restrict scenarios like these.

Microsoft has noted that this was unintended behavior and was actually due to a programming bug. It primarily impacted emails in the Sent Items and Drafts folder, which were sent to Copilot Chat for summarization of content. This issue was first discovered by customers on January 21, 2026, and is being tracked under the CW1226324 ID.

The bad news is that despite being a fairly severe security lapse, Microsoft is yet to fully roll out a robust fix. It began deploying a fix in a staggered manner starting on February 10, but it is yet to reach all impacted customers. The Redmond tech giant is informing affected customers and testing the impact of remediation measures to ensure that the patch works as expected.

While we await a full incident report, it will be interesting to know if the root cause, that is, the programming bug, has always existed in the implementation of Copilot integration, or if it's the result of a recent change. Regardless, news about this bug will not please organizations, many of which are paying hefty sums to integrate Copilot in their environments. Perhaps it will once again raise alarms about the possibility of Microsoft vibecoding its software and not properly testing it, but long-term impacts are yet to be seen.

Update: In a statement to Neowin, a Microsoft spokesperson has indicated that this issue is now fixed and that it was not the "intended Copilot experience". The full statement is as follows:

We identified and addressed an issue where Microsoft 365 Copilot Chat could return content from emails labeled confidential authored by a user and stored within their Draft and Sent Items in Outlook desktop. This did not provide anyone access to information they weren’t already authorized to see. While our access controls and data protection policies remained intact, this behavior did not meet our intended Copilot experience, which is designed to exclude protected content from Copilot access. A configuration update has been deployed worldwide for enterprise customers.

All that said, it's interesting to note that while the bug was first reported on January 21, it seems like the fix was expedited only after media outlets caught wind of the issue. Regardless, all's well that ends well.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Friday 20 February 2026 at 12:04 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix

In a report today, ESET researcher Lukas Stefanko explains how a new Android malware family named "PromptSpy" is abusing the Google Gemini AI model to help it achieve persistence on infected devices.

"In February 2026, we uncovered two versions of a previously unknown Android malware family," explains ESET.

"The first version, which we named VNCSpy, appeared on VirusTotal on January 13th, 2026 and was represented by three samples uploaded from Hong Kong. On February 10th, 2026, four samples of more advanced malware based on VNCSpy were uploaded to VirusTotal from Argentina."

First known Android malware to use generative AI

While machine learning models have previously been used by Android malware to analyze screenshots for ad fraud, ESET says that PromptSpy is the first known case of Android malware integrating generative AI directly into its execution.

On some Android devices, users can "lock" or "pin" an app in the Recent Apps list by long-pressing it and selecting a lock option. When an app is locked this way, Android is less likely to terminate it during memory cleanup or when the user taps "Clear all."

For legitimate apps, this prevents background processes from being killed. For malware like PromptSpy, it can serve as a persistence mechanism.

However, the method used to lock or pin an app varies between manufacturers, making it hard for malware to script the right way to do so on every device. That is where AI comes into play.

PromptSpy sends Google's Gemini model a chat prompt along with an XML dump of the current screen, including the visible UI elements, text labels, class types, and screen coordinates.

Gemini then responds with JSON-formatted instructions describing the action to take on the device to pin the app.

The malware executes the action through Android's Accessibility Service, retrieves the updated screen state, and sends it back to Gemini in a loop until the AI confirms that the app has been successfully locked in the recent apps list.

"Even though PromptSpy uses Gemini in just one of its features, it still demonstrates how incorporating these AI tools can make malware more dynamic, giving threat actors ways to automate actions that would normally be more difficult with traditional scripting," explains ESET.

While the use of an AI LLM for run-time changes to behavior is novel, PromptSpy's primary functionality is to act as spyware.

The malware includes a built-in VNC module that allows the threat actors to gain full remote access to devices with Accessibility permissions are granted.

Using this access, the threat actors can view and control the Android screen in real time.

According to ESET, the malware can:

• Upload a list of installed apps
• Intercept lockscreen PINs or passwords
• Record the pattern unlock screen as a video
• Capture screenshots on demand
• Record screen activity and user gestures
• Report the current foreground application and screen status

To make removal harder, when users attempt to uninstall the app or turn off Accessibility permissions, the malware overlays transparent, invisible rectangles over UI buttons that display strings like "stop," "end," "clear," and "Uninstall."

When a user taps the button to stop or uninstall the app, they will instead tap the invisible button, which blocks removal.

Unclear if its a proof-of-concept malware

Stefanko says that victims must reboot into Android Safe Mode so that third-party apps are disabled and cannot block the malware's uninstall.

ESET told BleepingComputer that it has not yet observed PromptSpy or its dropper in its telemetry, so it is unclear whether the malware is a proof-of-concept.

"We haven't seen any signs of the PromptSpy dropper or its payload in our telemetry so far, which could mean they're only proofs of concept," Stefanko told BleepingComputer.

However, as VirusTotal indicates that several samples were previously distributed via the dedicated domain mgardownload[.]com and used a web page on m-mgarg[.]com to impersonate JPMorgan Chase Bank, it may have been used in actual attacks.

"Still, because there appears to be a dedicated domain that was used to distribute them, and fake bank website, we can't rule out the possibility that both the dropper and PromptSpy are or were in the wild," Štefanko added.

While the distribution of this malware appears very limited, it demonstrates how threat actors are using generative AI to not only create attacks and phishing sites, but also to modify malware behavior in real time.

Earlier this month, Google Threat Intelligence reported that state-sponsored hackers are also using Google's Gemini AI model to support all stages of their attacks, from reconnaissance to post-compromise actions.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Friday 20 February 2026 at 12:03 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

RIP Matrix