Cybersafe Cyber Security News

The UK Information Commissioner’s Office (ICO) has fined Reddit £14.47 million (about $19.5 million) for unlawfully collecting and processing personal data from children under 13 without proper safeguards. The regulator said Reddit failed to implement effective age verification until July 2025, despite its rules banning under-13 users. Before then, many children reportedly used the platform, and their data was processed without a lawful basis, potentially exposing them to harmful content. Although Reddit later introduced age checks and self-declaration prompts, the ICO said these measures were insufficient and easy to bypass. UK Information Commissioner John Edwards criticized the company for failing The post Reddit fined $19M over Children’s data privacy violations first appeared on Cybersafe News.

OpenClaw has released version 2026.2.23, delivering major security improvements alongside new AI capabilities. The update patches multiple vulnerabilities, adds Claude Opus 4.6 support, and introduces optional HTTP security headers to reduce man-in-the-middle risks for local AI deployments on macOS, Windows, and Linux. Session handling has been hardened with disk-budget controls, safer transcript storage, and stricter SSRF policies by default. Sensitive configuration data is now redacted, obfuscated commands require explicit approval, and tool permissions are tightly scoped to prevent unauthorized access. Additional protections block symlink escapes, XSS-prone prompts, and API key leaks in logs. AI upgrades include Kilo Gateway integration, expanded The post OpenClaw 2026.2.23 brings security fixes and AI upgrades first appeared on Cybersafe News.

INTERPOL has announced the arrest of 651 suspects and the recovery of more than $4.3 million in a major cybercrime crackdown across Africa, conducted under Operation Red Card 2.0. The coordinated effort ran from December 8, 2025, to January 30, 2026, and targeted online investment scams, mobile money fraud, and malicious loan applications. Law enforcement agencies from 16 African countries participated in the operation, including Nigeria, Kenya, Ghana, Uganda, Zambia, and Zimbabwe, as part of the African Joint Operation against Cybercrime (AFJOC). Investigations revealed scams linked to over $45 million in losses and identified 1,247 victims across Africa and beyond. The post Operation Red Card 2.0 arrests 651 in African cybercrime sweep first appeared on Cybersafe News.

Researchers have identified a new Android malware family called PromptSpy, marking the first known case of malware using a generative AI model during runtime to guide its actions on infected devices. According to ESET researcher Lukas Stefanko, the malware leverages Google’s Gemini model to automate tasks that vary across Android manufacturers, making it more resilient and harder to remove. The campaign began with an earlier variant named VNCSpy, which appeared on VirusTotal in January 2026, followed by more advanced PromptSpy samples uploaded in February. Unlike traditional malware that relies on static scripts, PromptSpy sends Gemini an XML dump of the The post PromptSpy Android malware uses AI at runtime first appeared on Cybersafe News.

Notepad++ has released version 8.9.2 to fix security flaws that allowed a China-linked threat actor to hijack its update mechanism and deliver targeted malware. The update introduces a “double lock” system that verifies both the signed installer from GitHub and the signed XML update metadata from the official server, making the update process significantly harder to tamper with. Additional security improvements were made to the WinGUp auto-updater, including removing libcurl.dll to prevent DLL side-loading, disabling insecure cURL SSL options, and restricting plugin management to binaries signed with the same certificate.  The release also fixes a high-severity vulnerability (CVE-2026-25926) that could The post Notepad++ patches update hijack used for targeted malware first appeared on Cybersafe News.

Security researchers have identified the first real-world case of infostealer malware stealing sensitive configuration data from the OpenClaw agentic AI framework, exposing API keys, authentication tokens, and other secrets stored on infected systems. OpenClaw (formerly ClawdBot and MoltBot) is a locally running AI agent platform that maintains persistent configuration and memory files on a user’s device. It can access local files, authenticate into communication tools, and interact with online services, making it a powerful personal assistant—but also a high-value target. Due to its growing popularity, experts had warned that attackers would begin targeting OpenClaw’s configuration environment, which contains credentials used The post Infostealer steals OpenClaw AI secrets in First Wild Attack first appeared on Cybersafe News.

Threat actors are abusing DNS queries in a new ClickFix social engineering campaign to deliver malware, which makes it the first known use of DNS as a payload delivery channel in these attacks. ClickFix campaigns typically trick users into manually running malicious commands under the pretense of fixing errors, installing updates, or enabling features. In this new variant, attackers use a novel technique where a malicious DNS server delivers the second-stage payload through DNS lookups. Microsoft observed victims being instructed to run an nslookup command that queries an attacker-controlled DNS server instead of the default system resolver. The DNS response The post ClickFix uses DNS to deliver PowerShell malware first appeared on Cybersafe News.

Google has released an emergency security update for Chrome to address the first actively exploited zero-day vulnerability of 2026. The update patches CVE-2026-2441, a high-severity use-after-free flaw in Chrome’s CSS component that attackers are already exploiting in the wild. The vulnerability is fixed in Chrome version 145.0.7632.75/76 for Windows and macOS, and 144.0.7559.75 for Linux. Google confirmed in its advisory that an exploit for the flaw exists and urged users to update their browsers immediately. Security researcher Shaheen Fazim reported the vulnerability to Google on February 11, and the company released the patch just two days later. Fazim has previously The post Google Fixes First Chrome Zero-Day of 2026 first appeared on Cybersafe News.

Dutch authorities have confirmed cyberattacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), exposing employee contact information at the Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr). The National Cyber Security Center (NCSC) was alerted on January 29 after Ivanti disclosed the flaws. EPMM is used to manage mobile devices, applications, and security policies across government organizations. Attackers accessed work-related contact details, including employee names, business email addresses, and phone numbers. Authorities said the incidents were reported to parliament, and affected employees were promptly notified. Mitigation measures were implemented immediately, while the NCSC continues to assess The post Dutch Govt hit by Ivanti EPMM breach first appeared on Cybersafe News.

North Korean threat actors are launching highly targeted campaigns against cryptocurrency firms using AI-generated videos and the ClickFix technique to deliver malware to macOS and Windows systems. According to Google Mandiant, the financially motivated operation was linked to the UNC1069 group, which has been tracked since 2018. The attackers targeted a fintech company and deployed an unusually large toolkit of malware families to maximize data theft and enable future social engineering. Attack chain The campaign relied heavily on social engineering. The victim was contacted via Telegram from a compromised executive account at a crypto company. After building trust, the attackers The post North Korean Hackers launch new macOS crypto malware first appeared on Cybersafe News.