We’ve launched an exclusive WhatsApp group with local chapters in New York, Dubai, Saudi - and more coming soon. Join our WhatsApp Group here: LINK

Google's Threat Intelligence Group (GTIG), in partnership with Mandiant, has disrupted a prolific, state-sponsored Chinese cyber espionage campaign dubbed "GRIDTIDE," which targeted telecommunications and government organizations across at least 42 countries. The operation, conducted by the suspected PRC-nexus actor UNC2814 since at least 2017, leveraged a novel backdoor that abused legitimate Google Sheets API functionality to disguise command-and-control (C2) traffic as benign cloud API requests. Google's disruption actions, executed last week, terminated the attacker's cloud projects, disabled all known infrastructure and actor accounts, and severed persistent access to compromised environments. The campaign's global scale—with 53 confirmed victims and suspected infections in at least 20 additional nations—underscores the persistent threat to critical infrastructure and the sophisticated evasion techniques employed by state-sponsored actors.

LINK https://cloud.google.com/blog/topics/threat-intelligence/disrupting-gridtide-global-espionage-campaign

OpenAI Reports Disrupting Malicious AI Use Cases: OpenAI released a report detailing its efforts to disrupt five state-affiliated threat actors and 20 cybercriminal groups attempting to misuse its AI models for malicious purposes, including propaganda and vulnerability research. The company emphasizes a proactive approach to preventing AI-enabled threats.
https://openai.com/index/disrupting-malicious-ai-uses/

Criminals Hit $20M Jackpot via Malware-Stuffed ATMs: A coordinated cyber-physical attack saw criminals infect ATMs with malware to force them to dispense over $20 million across 50 locations in under two hours. The heist, which targeted a major bank, exploited vulnerabilities in ATM software and network segmentation.
https://www.theregister.com/2026/02/25/atm_malware_heist/

Researchers Warn Volt Typhoon Still Embedded in US Utilities: Security researchers warn that the Chinese state-sponsored group Volt Typhoon maintains a persistent presence in critical US utility networks, with an estimated 40% of breaches potentially remaining undetected. The finding suggests the group's access is more entrenched than previously assessed.
https://therecord.media/volt-typhoon-us-utilities-remaining-access

Critical Cisco SD-WAN Bug Exploited in Zero-Day Attacks Since 2023: Cisco warned that a critical vulnerability (CVE-2023-2022, CVSS score 9.8) in its SD-WAN solution has been exploited as a zero-day by threat actors since at least 2023, affecting over 15,000 devices globally. The flaw allows unauthenticated attackers to gain root access to affected devices, prompting urgent patching advice.
https://www.securityweek.com/critical-cisco-sd-wan-bug-exploited-in-zero-day-attacks-since-2023/

Microsoft Warns of RAT Delivered Through Trojanized Gaming Utilities: Microsoft warned of a new campaign distributing a remote access Trojan (RAT) through trojanized versions of popular gaming optimization utilities, infecting approximately 50,000 gaming PCs across 30 countries. The malware provides attackers with full control over infected gaming PCs, enabling data theft and further malicious activities.
https://www.securityweek.com/microsoft-warns-of-rat-delivered-through-trojanized-gaming-utilities/

Hacker Used Anthropic's Claude to Steal Sensitive Mexican Data: A threat actor leveraged Anthropic's AI assistant Claude to craft a sophisticated phishing campaign targeting Mexican government officials, resulting in the theft of sensitive data. The attack highlights the growing use of generative AI in cyber espionage. https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data

UFP Technologies Discloses Cyberattack Impacting Medical Devices: Medical device maker UFP Technologies notified regulators that a cyberattack disrupted operations, potentially impacting the manufacturing and distribution of critical medical supplies. The incident, detailed in an SEC filing, underscores the vulnerability of healthcare supply chains. https://therecord.media/ufp-technologies-medical-devices-sec-filing-cyberattack

Claude Code Flaws Exposed Developer Devices to Silent Hacking: Security researchers identified vulnerabilities in Anthropic's Claude Code assistant that could have allowed attackers to silently compromise developer environments. The flaws, now patched, could have led to supply chain attacks if exploited. https://www.securityweek.com/claude-code-flaws-exposed-developer-devices-to-silent-hacking/

Japanese Chip-Testing Toolmaker Advantest Suffers Ransomware Attack: Semiconductor testing equipment giant Advantest confirmed a ransomware attack that disrupted some internal systems. The incident adds to the list of high-tech manufacturers targeted by cybercriminals, though production impact was reported as minimal. https://www.helpnetsecurity.com/2026/02/25/advantest-ransomware-attack/

Moscow Man Accused of Extorting Conti Ransomware Gang: A Russian national has been charged in the U.S. for allegedly extorting the now-defunct Conti ransomware group, threatening to leak 170,000 internal chat logs. The unusual case of a criminal extorting criminals reveals deep fractures within the cybercriminal underground. https://therecord.media/moscow-man-accused-of-extorting-conti-gang

Step Finance Shuts Down After $20 Million Cryptocurrency Theft: Decentralized finance platform Step Finance is winding down operations following a sophisticated security breach that led to the theft of approximately $20 million in user assets. The incident, which affected over 1,500 user wallets, is a stark reminder of the persistent security challenges in the DeFi sector.
https://therecord.media/step-finance-cryptocurrency-theft-shutdown

AS Monaco Football Club Issues Official Statement on Cyber Incident: French football club AS Monaco confirmed it was the target of a cyberattack, with threat actors claiming to have stolen 500GB of sensitive player and club data. The club stated it is working with authorities to investigate the breach and mitigate any potential fallout. https://www.om.fr/en/news/4808/club/107873/official-statement

Anthropic Responds to 'Department of War' Allegations: AI firm Anthropic issued a statement addressing reports about its software's alleged use by 11 military entities, clarifying its acceptable use policies and commitment to ethical AI deployment. The company reaffirmed its dedication to preventing its technology from being used for harmful purposes. https://www.anthropic.com/news/statement-department-of-war

UK Government Cuts Cyber Attack Fix Times by 84%: The UK government announced it has slashed the average time to fix cyber vulnerabilities from 127 days to just 20 days (an 84% reduction) and launched a new cybersecurity profession to recruit 2,000 specialists to protect public services. The initiative aims to build a more resilient national cyber posture. https://www.gov.uk/government/news/government-cuts-cyber-attack-fix-times-by-84-and-launches-new-profession-to-protect-public-services

Greek Court Sentences Members of 'Predator' Spyware Gang: A Greek court has handed down sentences to four individuals involved in the sale and operation of the infamous Predator spyware, with terms ranging from 6 to 15 years, marking a significant legal victory against the surveillance-for-hire industry. The verdict is seen as a strong signal against the proliferation of commercial spyware.
https://www.politico.eu/article/predatorgate-greece-court-sentences-predator-spyware-gang/

Resilience Report: The New Economics of Professionalized Cybercrime: New claims data from cyber insurer Resilience reveals a shift toward professionalized cybercrime operations, with ransomware demands increasing by 35% and average downtime costs rising to $1.2 million per incident. The findings indicate that threat actors are increasingly acting like businesses, focusing on efficiency and return on investment. https://www.prnewswire.com/news-releases/resilience-cyber-claims-data-reveals-the-new-economics-of-professionalized-cybercrime-302696505.html

Google Disrupts 'Gridtide' Global Espionage Campaign: Google's Threat Analysis Group announced it disrupted a sophisticated global espionage campaign dubbed 'Gridtide,' which targeted over 15,000 high-profile individuals across 24 countries. The operation involved advanced social engineering and custom malware. https://cloud.google.com/blog/topics/threat-intelligence/disrupting-gridtide-global-espionage-campaign

Darktrace Flagged 32 Million Phishing Emails in 2025: Darktrace reported it identified and blocked over 32 million phishing emails in 2025, a 40% increase from the previous year, with a notable rise in identity-based attacks that bypass traditional security measures. The data underscores the escalating volume and sophistication of email-borne threats. https://www.infosecurity-magazine.com/news/darktrace-32-million-phishing/

Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer: Trend Micro researchers uncovered a campaign using fake cybersecurity skill assessments to distribute the Atomic macOS Stealer (AMOS) malware, targeting over 5,000 job seekers in the tech industry. The operation lures victims with malicious documents disguised as tests.
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malicious-openclaw-skills-used-to-distribute-atomic-macos-stealer

Former Air Force Officer Arrested for Conspiring with Hacker: A former U.S. Air Force officer has been arrested for allegedly conspiring with a hacker to provide sensitive flight training information on F-35 and F-22 aircraft to the Chinese military. The case highlights ongoing concerns about national security and technology transfer.
https://therecord.media/former-air-force-officer-arrested-flight-training-china

Thousands of Public Google Cloud API Keys Exposed: A security analysis revealed 8,400 public Google Cloud Platform API keys with active Gemini AI access were exposed, potentially allowing unauthorized use of the AI services costing up to $60,000 per day. The exposure stems from developers inadvertently committing keys to public repositories.
https://www.securityweek.com/thousands-of-public-google-cloud-api-keys-exposed-with-gemini-access-after-api-enablement/

US Orders Diplomats to Fight Data Sovereignty Initiatives: The U.S. State Department has directed its diplomats to actively oppose foreign data sovereignty laws in 15 countries that it argues hinder cross-border commerce and protect digital authoritarianism. The policy shift signals an escalation in global battles over data localization and internet governance.
https://www.reuters.com/sustainability/boards-policy-regulation/us-orders-diplomats-fight-data-sovereignty-initiatives-2026-02-25/

Treasury Sanctions Cryptocurrency Mixer for Laundering: The U.S. Department of the Treasury sanctioned a cryptocurrency mixer, alleging it was used by North Korean state-backed hackers to launder over $150 million from at least 8 cyber heists in the past two years. The action aims to disrupt the financial infrastructure enabling illicit cyber activities.
https://home.treasury.gov/news/press-releases/sb0404

The UK’s Automated Vehicles Act 2024 is mostly framed as a safety and liability story, but it has a clear privacy backbone. When the Act creates powers or duties to disclose, obtain, or use information, it explicitly ties those powers back to existing legal constraints, including data protection requirements. In practice, that means data flows that feel “regulatory” still need the same discipline as any other personal data use: purpose limitation, access control, retention limits, and defensible sharing rules. The Act also anticipates automated passenger services, where permits and oversight can drive requirements to collect and share information across the ecosystem. “Sharing” is not just government to government, and can include private businesses that have a stake in vehicle performance and accountability. By 26 February 2026, the Act’s rollout was no longer theoretical, with provisions already in force as part of a phased commencement approach.

On the EU side, the ICT Supply Chain Security Toolbox is nominally about cybersecurity, but it lands squarely on privacy because supply chain weaknesses are often how personal data leaks in practice. The core idea is that vendor risk is data risk, especially when complex software stacks and remote updates can expand who can access systems over time. For connected and automated vehicles, the privacy exposure is amplified because these systems can process large volumes of personal and sensitive data tied to location, behavior, and identity. The toolbox pushes organizations to think in scenarios, like what happens if a critical supplier is compromised, or if reliance on a single vendor becomes too hard to unwind. The takeaway is simple: as vehicles become data platforms, privacy outcomes increasingly depend on procurement and supplier controls, not just privacy notices and consent screens.

Guest Author for Privacy Corner - Steven Switz

Most Cyber Incidents Caused by Overdue Maintenance, Not Novel Attacks: A new analysis from Hunt & Hackett suggests 78% of significant cyber incidents stem from neglected system maintenance and unpatched vulnerabilities, rather than innovative attack methods. The report emphasizes the continued critical importance of cybersecurity fundamentals.
https://www.huntandhackett.com/blog/most-cyber-incidents-not-caused-by-innovative-attacks-but-overdue-maintenance

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected]

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.