Darknet marketplaces increasingly tap into top privacy coin monero
(Linas Kmieliauskas – Cybernews) As blockchain analysts improve their abilities to track various crypto assets, including bitcoin (BTC) and stablecoins, operators of darknet marketplaces are increasingly supporting monero (XMR), a new analysis showed. Last year, 48% of newly launched darknet markets (DNMs) supported only XMR, compared with slightly above 40% in 2024, according to data from blockchain analysis company TRM Labs. This is also attributed to growing enforcement pressure and improved abilities to track other crypto assets. – https://cybernews.com/crypto/darknet-marketplaces-tap-top-privacy-coin-monero/
Low-Skilled Cybercriminals Use AI to Perform “Vibe Extortion” Attacks
(Kevin Poireault – Infosecurity Magazine) Unsophisticated cyber threat actors have started delegating key steps of extortion campaigns to large language model (LLM)-powered AI assistants. In a report published on February 17, Unit 42, Palo Alto Networks’ research team, shared findings about a low-skilled actor who used an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics. This technique has been dubbed by the researchers as “vibe extortion.”. In one incident investigated by Unit 42, the cybercriminal recorded a threat video from their bed while visibly intoxicated, reading the AI-generated script word-for-word from a screen. While the threat lacked technical depth and seriousness, Unit 42 researchers argued that the LLM “supplied the coherence” and could open the door to more serious ways of using AI for low-skilled actors. “AI didn’t make the attacker smarter; it just made them look professional enough to be dangerous,” they added. – https://www.infosecurity-magazine.com/news/cybercriminals-ai-vibe-extortion/
Over-Privileged AI Drives 4.5 Times Higher Incident Rates
(Phil Muncaster – Infosecurity Magazine) A majority (69%) of security leaders agree that identity management needs to evolve in order to handle mounting risks in AI infrastructure deployments, according to a new report from Teleport. The security vendor polled over 200 US infrastructure security leaders to compile its latest report: 2026 State of AI in Enterprise Infrastructure Security. It defined “AI in infrastructure” as AI-powered workloads, agentic systems, machine-to-machine communication, ChatOps, compliance automation, and incident detection. The report found that while most respondents are seeing benefits from deploying AI in these use cases, such as improving incident investigation time (66%), documentation quality (71%) and engineering output (65%), a majority (85%) are also worried about the risks. This is based on real experience rather than hypothetical concerns: a third (35%) confirmed at least one AI-related incident and a further 24% suspect one may have occurred. – https://www.infosecurity-magazine.com/news/overprivileged-ai-45-times-higher/
Significant Rise in Ransomware Attacks Targeting Industrial Operations
(Danny Palmer – Infosecurity Magazine) There has been a sharp rise in the number of ransomware groups targeting industrial organizations as cybercriminals continue to exploit vulnerabilities in operational technology (OT) and industrial control systems (ICS), researchers at Dragos have warned. A total of 119 ransomware groups targeting industrial organizations were tracked during 2025 according to the Dragos Annual OT Cybersecurity Year in Review for 2026, published on February 17. That figure represents a 49% increase from the 80 which were tracked in 2024. According to Dragos, 2025 saw 3300 industrial organizations around the world hit by ransomware, compared with 1693 in 2024. The most targeted sector was manufacturing, followed by transportation. Oil and gas, electricity and communications were also among the most targeted critical and industrial systems. – https://www.infosecurity-magazine.com/news/rise-in-ransomware-targeting/
Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats
(Danny Palmer – Infosecurity Magazine) Ransomware is a cybersecurity issue that refuses to disappear. If anything, attacks are becoming more disruptive, difficult to fix and financially costly. The average ransom demand in 2025 was $1.3 million and over half of payments cost over $1 million. A stark contrast compared with ransomware attacks a decade ago which saw average ransom demands of under $1000 according to a Symantec report published in 2016. Even when victims refuse to pay a ransom in return for a decryption key, ransomware attacks are still costly. You just have to look at the long-term operational and financial impact ransomware attacks had on organizations like Jaguar Land Rover, Marks & Spencer and Asahi in 2025. – https://www.infosecurity-magazine.com/news-features/why-ransomware-remains/
Polish cybercrime Police arrest man linked to Phobos ransomware operation
(Pierluigi Paganini – Security Affairs) Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices. “Officers from the Central Bureau for Combating Cybercrime detained a 47-year-old man suspected of creating, acquiring, and sharing computer programs used to unlawfully obtain information stored in computer systems.” reads the press release published by Poland’s Central Bureau of Cybercrime Control (CBZC) police. “Officers secured files on the man’s computer containing digital data, such as logins, passwords, credit card numbers, and server IP addresses. This data could have been used to launch various attacks, including ransomware. Furthermore, the 47-year-old used encrypted messaging to contact the Phobos criminal group, known for its ransomware attacks.” – https://securityaffairs.com/188128/cyber-crime/polish-cybercrime-police-arrest-man-linked-to-phobos-ransomware-operation.html
South Korea slaps $25M fine on Dior, Louis Vuitton, Tiffany over Salesforce breach
(Pierluigi Paganini – Security Affairs) South Korea’s Personal Information Protection Commission fined luxury brands including Dior, Louis Vuitton, and Tiffany & Co. a total of 36 billion Korean won ($25 million) after hackers compromised their Salesforce systems. The attack, linked to Scattered LAPSUS$ Hunters, led to major customer data breaches. – https://securityaffairs.com/188064/hacking/south-korea-slaps-25m-fine-on-dior-louis-vuitton-tiffany-over-salesforce-breach.html
Hackers steal OpenClaw configuration in emerging AI agent threat
(Pierluigi Paganini – Security Affairs) Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim’s OpenClaw configuration environment, previously known as Clawdbot and Moltbot. According to cybersecurity firm Hudson Rock, the case highlights a new shift in infostealer activity, moving beyond stealing browser passwords to targeting the identities, settings, and “digital souls” of personal AI agents. “Following our initial research into ClawdBot, Hudson Rock has now detected a live infection where an infostealer successfully exfiltrated a victim’s OpenClaw configuration environment.” reads the report published by Hudson Rock. “This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the “souls” and identities of personal AI agents.” – https://securityaffairs.com/188097/malware/hackers-steal-openclaw-configuration-in-emerging-ai-agent-threat.html
Hackers sell stolen Eurail traveler information on dark web
(Pierluigi Paganini – Security Affairs) Eurail B.V. confirmed that the traveler data stolen in a breach earlier this year is now being offered for sale on the dark web. The company disclosed the development as part of its ongoing response to the cybersecurity incident. “Eurail B.V. has confirmed that certain customer data affected by the previously reported security incident has been offered for sale on the dark web and a sample data set has been published on Telegram.” reads the statement published by the company. “We are continuing to investigate the scope and impact.” – https://securityaffairs.com/188075/data-breach/hackers-sell-stolen-eurail-traveler-information-on-dark-web.html
Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems
(Kevin Townsend – Security Week) The cybersecurity challenge for Industrial Control Systems (ICS) is they were designed in conditions of peace but now operate in a continuous war zone. – https://www.securityweek.com/cyber-insights-2026-the-ongoing-fight-to-secure-industrial-control-systems/
API Threats Grow in Scale as AI Expands the Blast Radius
(Kevin Townsend – Security Week) Application Programming Interfaces (APIs) remain an attacker-favored exploit route. Aggressors continuously target common failures in identity, access control and exposed interfaces – often at scale and machine speed. AI is increasing the threat surface. In an analysis of more than 60,000 published vulnerabilities disclosed in 2025, Wallarm found more than 11,000 (17%) were API-related. A concurrent analysis of CISA KEV Catalog additions for 2025 found 43% of exploited vulnerabilities were API-related. The report demonstrates the severity of the threat by including details of the top ten API-relevant breaches from 2025. The top three are 700Credit, Qantas, and Salesloft. A standout element of the report is the continuing expansion of AI technologies and their effect on APIs and AI security. “API security is at the heart of any AI transformation,” comments Ivan Novikov, founder and CEO at Wallarm. “Every AI application or agent interaction is mediated through an API. API security is integral to successful AI adoption, and AI by its very nature has made the consequences of getting it wrong much larger and much more impactful.” – https://www.securityweek.com/api-threats-grow-in-scale-as-ai-expands-the-blast-radius/
