Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign
(Pierluigi Paganini – Security Affairs) Arkanix Stealer emerged in late 2025 as a short-lived information-stealing malware promoted on dark web forums. Researchers believe it was likely created as an AI-assisted experiment, suggesting the operators were testing automated development techniques rather than running a long-term, large-scale cybercriminal operation. In October 2025, Kaspersky researchers spotted dark web ads for ‘Arkanix Stealer,’ a MaaS offering with a control panel and configurable payloads. It used a C++ build embedding ChromElevator to steal system and crypto wallet data, plus a packed Python version with dynamic configuration. Likely spread via phishing-themed lures, the operation appeared short-lived, and its affiliate program was later shut down. The ads include a link to a Discord server used as the primary communication channel. – https://securityaffairs.com/188431/malware/arkanix-stealer-ai-assisted-info-stealer-shuts-down-after-brief-campaign.html
Everest ransomware hits Vikor Scientific‘s supplier, data of 140,000 patients stolen
(Pierluigi Paganini – Security Affairs) The Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, now operating as Vanta Diagnostics. The healthcare diagnostic firm disclosed a data breach impacting nearly 139,964 individuals, as reported by the US Department of Health and Human Services (HHS). The incident stems from the attack on Catalyst RCM, a third-party provider of revenue cycle management services. Around November 13, 2025, Catalyst detected suspicious activity in its secure file system. The company launched an investigation into the incident that revealed that an authorized login was misused to access a server on November 8–9, 2025, and copy data without permission. In November 2025, the Everest ransomware group added Vikor Scientific and its affiliated labs, KorPath and Korgene, to its Tor data leak site. Catalyst RCM likely did not pay the ransom, and the cybercrime gang published allegedly stolen data, including Vikor Scientific documents. – https://securityaffairs.com/188397/data-breach/everest-ransomware-hits-vikor-scientific-s-supplier-data-of-140000-patients-stolen.html
North Korean Lazarus Group Expands Ransomware Activity With Medusa
(Alessandro Mascellino – Infosecurity Magazine) A new wave of cyber-attacks using Medusa ransomware has been linked to North Korean state-backed hackers, who continue to target the US healthcare sector despite recent indictments. Researchers from the Symantec and Carbon Black Threat Hunter Team said the attackers deployed Medusa against a target in the Middle East and attempted, unsuccessfully, to breach a US healthcare organization. – https://www.infosecurity-magazine.com/news/north-korean-lazarus-group-medusa/
AI Accelerates Attacker Breakout Time to Just Four Minutes
(Phil Muncaster – Infosecurity Magazine) AI is helping threat actors to accelerate attacks, but it can also empower incident responders to quickly contain threats, ReliaQuest has claimed in a new report. The firm’s Annual Cyber-Threat Report 2026 is based on an analysis of customer incidents. It found that breakout time last year took on average just 34 minutes; 29% quicker than in 2024. The fastest ever recorded time taken from access to lateral movement was just four minutes – 85% faster than the year before. The fastest recorded exfiltration time was just six minutes; down from 4 hours 29 minutes in 2024. – https://www.infosecurity-magazine.com/news/ai-accelerates-attack-breakout/
Chinese AI Firms Hit Claude with Distillation Attacks, Anthropic Warns
(Kevin Poireault – Infosecurity Magazine) Generative AI firm Anthropic said three Chinese AI companies have generated millions of queries with the Claude large language model (LLM) in order to copy the model – a technique called ‘model distillation attack.’. In a new blog published on February 23, Anthropic said three GenAI labs based in China, DeepSeek, Moonshot and MiniMax, have generated over 16 million exchanges with Claude through approximately 24,000 fraudulent accounts, in violation of Anthropic’s terms of service and regional access restrictions. Model distillation is a legitimate AI training method that involves training a less capable model on the outputs of a stronger one. – https://www.infosecurity-magazine.com/news/chinese-ai-claude-distillation/
AI-powered Cyber-Attacks Up Significantly in the Last Year, Warns CrowdStrike
(Danny Palmer – Infosecurity Magazine) The number of AI-enabled cyber-attacks has nearly doubled during the last year, CrowdStrike has warned, as threat actors deployed machine learning and Large Language Models (LLMs) to help optimize attack techniques and hacking campaigns. According to the CrowdStrike Global Threat Report 2026, there was an 89% increase in attacks by “AI-enabled adversaries” in 2025 when compared with the previous year. Attackers deployed AI to aid with social engineering, malware development, disinformation campaigns and more. – https://www.infosecurity-magazine.com/news/ai-powered-cyberattacks-up/
Ransomware gangs advancing Moscow’s geopolitical aims, Romanian cyber chief warns
(Daryna Antoniuk – The Record) Recent ransomware attacks targeting Romania’s critical infrastructure were likely part of a broader Russian hybrid operation aimed at undermining the country’s stability, Romania’s top cybersecurity official said. Over the past several months, Romania has faced a series of large-scale ransomware incidents affecting key sectors, including the national water agency and energy providers. Some of the attacks were claimed by or attributed to Russian-speaking ransomware groups, including Qilin and Gentlemen, which said they targeted Romania’s national oil pipeline operator and the country’s largest coal-based power producer. – https://therecord.media/ransomware-gangs-advancing-moscow-geopolitical-interests-warns-romania
Air Côte d’Ivoire confirms cyberattack following ransomware claims
(Jonathan Greig – The Record) The main airline serving the West African nation of Côte d’Ivoire was hit with a cyberattack earlier this month that forced it to institute business continuity plans. Air Côte d’Ivoire did not respond to requests for comment but released a statement on Friday confirming reports that hackers had breached its systems on February 8. Last week, the INC ransomware gang claimed it stole 208 GB of data from the airline. In its statement, the airline said the cyberattack “affected parts of its information system” and it had to call in technical teams to assist with flights and other operations. – https://therecord.media/air-cote-divoire-confirms-cyberattack
Ukraine says cyberattacks on energy grid now used to guide missile strikes
(Daryna Antoniuk – The Record) Russian cyberattacks targeting Ukraine’s energy infrastructure are increasingly focused on collecting intelligence to guide missile strikes rather than immediately disrupting operations, Ukrainian cybersecurity officials said. Although the number of major cyber incidents targeting critical infrastructure has declined, the threat itself has not diminished, according to Oleksandr Potii, head of Ukraine’s State Service of Special Communications and Information Protection. “Cyberattacks on critical infrastructure never happen on their own; they are always part of a broader operation,” Potii told Recorded Future News on the sidelines of the Kyiv International Cyber Resilience Forum last week. – https://therecord.media/ukraine-cyberattacks-guiding-russian-missile-strikes
EU–US draft data pact allows automated decisions on travellers
(DigWatch) A draft data-sharing agreement between the EU and the US Department of Homeland Security would allow automated decisions about European travellers to continue under certain conditions, despite attempts to tighten protections. The text permits such decisions when authorised under domestic law and relies on safeguards that let individuals request human intervention instead of leaving outcomes entirely to algorithms. A deal designed to preserve visa-free travel would require national authorities to grant access to biometric databases containing fingerprints and facial scans. – https://dig.watch/updates/eu-us-draft-data-pact-allows-automated-decisions-on-travellers
