(Pierluigi Paganini – Security Affairs) Senegal confirmed a cyberattack on the Directorate of File Automation, the government office that manages national ID cards, passports, and biometric data. After ransomware claims surfaced, authorities temporarily closed the office to contain the incident. The agency warned the country’s 19.5 million residents that operations were suspended while officials assessed the impact and worked to restore services securely. The authorities sought to reassure citizens, stating that the incident did not affect the integrity of their data. A new ransomware group called Green Blood Group claimed it breached the agency and stole 139 GB of data, including citizen records, biometric information, and immigration documents. The group published a list of documents & backup files as proof of the hack. – Senegal shuts National ID office after ransomware attack
(Alessandro Mascellino – Infosecurity Magazine) A high-volume phishing campaign delivering the long-running Phorpiex malware has been observed using emails with the subject line “Your Document,” a lure widely seen throughout 2024 and 2025. The messages include an attachment that appears to be a harmless document but is actually a weaponised Windows Shortcut file designed to initiate a multi-stage infection chain. According to a new advisory by Forcepoint, the campaign relies on the continued effectiveness of Windows shortcut (.lnk) files as an initial access vector and their role in delivering Global Group ransomware, a stealthy, offline-capable ransomware-as-a-service (RaaS) operation. – Phorpiex Phishing Delivers Low-Noise Global Group Ransomware – Infosecurity Magazine
(Phil Muncaster – Infosecurity Magazine) Threat actors favored stealthy persistence and evasion over other techniques, in order to silently exfiltrate data for extortion, according to Picus Security. The security vendor analyzed over 1.1 million malicious files and more than 15.5 million actions in 2025 to compile its latest study: The Red Report 2026. It revealed the increasingly sophisticated methods that threat actors are using to stay hidden from network defenders – by blending in with legitimate traffic and operating through trusted processes. – “Digital Parasite” Warning as Attackers Favor Stealth for Extortion – Infosecurity Magazine
(Alessandro Mascellino – Infosecurity Magazine) A new mobile spyware operation known as ZeroDayRAT has been documented targeting both Android and iOS devices. The cross-platform tool provides attackers with persistent access to personal communications, precise location data and banking activity. According to a new advisory published by iVerify, what’s new is the breadth of control offered to operators and how easily infections can be initiated.
To compromise a device, an attacker must simply persuade a victim to install a malicious binary, typically an Android APK or an iOS payload. Smishing remains the most common lure, with text messages pushing links to fake but convincing apps. Phishing emails, counterfeit app stores and links shared through WhatsApp or Telegram have also been observed. – New Mobile Spyware ZeroDayRAT Targets Android and iOS – Infosecurity Magazine
(Kevin Poireault – Infosecurity Magazine) The Singapore government disrupted cyber-attacks attributed to Chinese-nexus cyber threat group UNC3886 which targeted the country’s four telecommunications operators. The law enforcement operation, dubbed Operation Cyber Guardian, spanned from the summer of 2025 to early 2026 but remained secret until now. The Cyber Security Agency of Singapore (CSA) revealed what happened in a report published on February 9, 2026. – Singapore Takes Down Chinese Hackers Targeting Telco Networks – Infosecurity Magazine
(Danny Palmer – Infosecurity Magazine) The National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) providers, urging them to act now to protect against “severe” cyber threats. The alert comes following coordinated cyber-attacks which targeted Poland’s energy infrastructure with malware in December. Jonathan Ellison, director for national resilience at the NCSC, has urged CNI operators that they must act now to ensure they can respond to any similar campaigns targeting UK critical infrastructure. “Cyber-attacks disrupting everyday essential services may sound far-fetched, but we know it’s not,” he wrote in a LinkedIn post. – NCSC Issues Warning Over “Severe” Cyber-Attacks Targeting CNI – Infosecurity Magazine
(Phil Muncaster – Infosecurity Magazine) Several European government institutions appear to have been targeted in a coordinated campaign designed to steal data on mobile users, it has emerged. First reported late last week, the incidents occurred at the European Commission, the Finnish government, and at least two Dutch government agencies. Tens of thousands of users may have had their personal details exposed. Only the Dutch authorities named the likely target – Ivanti Endpoint Manager Mobile (EPMM) – which has previously been compromised by likely Chinese state actors in attacks on the Norwegian government. However, the timing would suggest a link between all three breaches. – European Governments Breached in Zero-Day Attacks Targeting Ivanti – Infosecurity Magazine
