👉 What’s happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. Malicious Npm Packages Steal Secrets

Researchers have identified a new supply chain worm campaign dubbed SANDWORM_MODE that uses 19 malicious npm packages to steal credentials and cryptocurrency keys. The malware spreads by hijacking developer identities on GitHub and npm while using advanced techniques like prompt injection to target AI coding assistants and harvest sensitive environment secrets.

2. MuddyWater Hits Mena With GhostFetch

The Iranian threat actor MuddyWater has launched a new cyberespionage campaign titled Operation Olalampo, targeting organizations across the Middle East and North Africa. This operation utilizes a variety of new malware families, including specialized downloaders and backdoors, to gain remote control over infected systems through phishing and malicious macros.

3. Arkanix Stealer Emerges As AI Test

Arkanix Stealer emerged in late 2025 as a sophisticated data-theft operation likely accelerated by the use of artificial intelligence during its creation. Despite offering advanced features and a dedicated support infrastructure, the developer abruptly shuttered the project only two months after its debut.

For more alerts click here!

RSVP Here

💥 Cyber Incidents

4. PayPal Reveals Extended Data Leak

PayPal recently revealed that a software bug within its business loan application led to a six-month data leak involving sensitive customer details. The breach, which lasted from July to December 2025, exposed personal information such as Social Security numbers and birth dates before the company patched the error.

5. ShinyHunters Demands $1.5M Ransom

Wynn Resorts has reportedly been targeted by the cybercrime group ShinyHunters, which claims to have stolen over 800,000 employee records including Social Security numbers. The extortionists have demanded a ransom of approximately 1.5 million dollars in Bitcoin and threatened further digital disruptions if the company does not comply by February 23.

6. Deutsche Bahn Hit By DDoS Attack

Germany’s national rail operator Deutsche Bahn recently experienced a significant DDoS attack that knocked its booking and information platforms offline for several hours. Although the cyberattack caused temporary service interruptions and technical delays, the company has since restored its IT operations to full functionality.

For more incidents click here!

Claim Your Workspace

📢 Cyber News

7. Anthropic Debuts Claude Code Security

Anthropic has introduced Claude Code Security, a new feature for its Claude Code tool designed to automatically scan software for vulnerabilities and recommend patches. Currently in a limited research preview for Enterprise and Team users, the system aims to give developers a defensive advantage by identifying security flaws that traditional tools might overlook.

8. EC Council Expands AI Certifications

EC-Council has introduced four specialized AI certifications and an updated Certified CISO v4 to address a critical global shortage in skilled personnel. This expansion aims to bridge a $5.5 trillion risk gap and provide necessary training for the hundreds of thousands of workers requiring reskilling to safely manage rapid AI adoption.

9. Online Fraudster Reign Arrested

Michael Ramsden, a Canadian national linked to a global cybercrime network, recently appeared in a Miami court following his arrest for participating in a multimillion-dollar retail fraud scheme. Operating under the alias Reign, Ramsden allegedly collaborated with the Noir’s Luxury Refunds group to systematically defraud major retailers through Telegram-based services.

For more news click here!

Get Help

📈Cyber Stocks

Cybersecurity stocks on Monday, 23 February 2026 opened the week under pressure. Broader tech rotation and sector-wide uncertainty, including investor concerns around new competitive AI tools and earnings guidance shifts, weighed on sentiment.

• Fortinet closed around 80.00 dollars and declined, with network and converged security hardware names underperforming amid rotation.

• Check Point Software Technologies closed at 159.04 dollars and was marginally lower, with legacy threat prevention demand steady yet affected by sector softness.

• SentinelOne closed near 12.97 dollars and was down, as smaller AI-enabled endpoint security stocks saw selective selling.

• Rapid7 closed at 6.57 dollars and moved lower, reflecting vulnerability management and SIEM-focused names under pressure.

• CyberArk Software closed at 408.85 dollars and was modestly lower, with privileged access management demand offset by broader tech flows.

💡 Cyber Tip

📦 Malicious npm Packages Steal Secrets

Researchers uncovered a supply chain worm campaign called SANDWORM_MODE that uses 19 malicious npm packages to steal credentials, crypto keys, and API tokens. The malware hijacks developer identities on GitHub and npm, spreads automatically, and even targets AI coding assistants through prompt injection to extract sensitive environment secrets.

🛠️ What You Should Do

• Audit projects for recently added or unfamiliar npm dependencies

• Rotate GitHub, npm, SSH, and cloud credentials immediately if exposed

• Restrict publishing rights and enable strong MFA on developer accounts

• Review CI/CD pipelines for unauthorized GitHub Actions

• Monitor for unusual outbound HTTPS or DNS-based data exfiltration

⚠️ Why This Matters
This is not just a malicious package, it is a self-propagating worm targeting developer ecosystems. By stealing identities and secrets, it can spread across repositories, compromise pipelines, and potentially deploy destructive payloads across entire organizations.

Visit BookClub

📚 Cyber Book

Mastering AI Home Security Camera by Vector Sentry

Get Book

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium