Cybercriminals Exploit Various Vulnerabilities and Conduct Malicious Activities

Cybercriminals linked to China have exploited the update infrastructure of Notepad++ to distribute malicious code. Italy has blocked attacks targeting diplomatic sites and hotel infrastructures in Cortina d’Ampezzo, attributed to Russian hackers. A fake security application was used to distribute a Trojan (RAT) via Hugging Face. The update servers of eScan were hacked to distribute multi-stage malware. The Russian group APT28 exploited a critical vulnerability (CVE-2026-21509) to target Ukrainian and European entities. A vulnerability with a Flickr provider allowed a third party to access users' personal data. A hacker stole nearly 700,000 user records in October 2025, discovered in February 2026. A malicious actor claims access to an Air France database containing information on 2 million people. A critical vulnerability allows remote code execution via a malicious link, affecting more than 21,000 instances of OpenClaw. A January 2026 update prevents some PCs from shutting down, now extending to Windows 10. A critical vulnerability in the Metro Development Server allows the execution of arbitrary commands, actively exploited since December 2025. Nine vulnerabilities in the Archer BE230 v1.2 router (TP-Link) allow full control. Scammers spoof local Gendarmerie Nationale brigade numbers to steal banking data. A second leader of ShinyHunters has been arrested and their X account suspended. Spain is preparing a law banning social media access for minors under 16. A Coinbase subcontractor abused their access to view customer data. Moltbook, an experimental platform where only AIs interact, has been launched. 250 participants simulated cyber crisis management scenarios in Nancy during the Cyber Humanum Est 2026 exercise. The multi-platform ransomware Lockbit 5.0 targets Windows, Linux, and VMware ESXi with fast encryption (ChaCha20) and reduced detection. French police raided the Paris offices of X as part of an investigation into the dissemination of illegal content. Improvement in France's cyber posture according to the Scovery barometer: the retail and distribution sector shows increased maturity. Generalization of an AI training program for secondary school students with PIX AI. France abandons Microsoft Azure to host its Health Data Hub for a sovereign solution SecNumCloud, strengthening health data security. AI is the second major risk according to the Allianz Risk Barometer 2, with cyber incidents remaining at the top.