Weekly Threat Intelligence Summary

Top 10 General Cyber Threats

Generated 2026-02-02T05:00:05.164597+00:00

1. Microsoft Office vulnerability (CVE-2026-21509) in active exploitation (www.sophos.com, 2026-01-27T00:00:00)
   Score: 9.165
   Categories: Threat Research Tags: Microsoft Office, vulnerability, advisory
2. Match, Hinge, OkCupid, and Panera Bread breached by ransomware group (www.malwarebytes.com, 2026-01-30T14:23:28)
   Score: 8.765
   ShinyHunters claims to have stolen millions of records from Match Group dating apps and Panera Bread, with very different consequences for users.
3. Microsoft Office zero-day lets malicious documents slip past security checks (www.malwarebytes.com, 2026-01-29T14:53:57)
   Score: 8.602
   Microsoft issued an emergency patch for a flaw attackers are using to slip malicious code past Office’s document security checks.
4. Eeny, meeny, miny, moe? How ransomware operators choose victims (www.sophos.com, 2026-01-28T00:00:00)
   Score: 8.332
   Most ransomware attacks are opportunistic, not targeted at a specific sector or region Categories: Threat Research Tags: Ransomware, cybercrime, state-sponsored ransomware, victimization
5. WhatsApp rolls out new protections against advanced exploits and spyware (www.malwarebytes.com, 2026-01-28T12:57:36)
   Score: 7.422
   WhatsApp is strengthening how it handles photos and videos, and introducing Strict Account Settings to limit risky messages from unknown senders.
6. Under Armour ransomware breach: data of 72 million customers appears on the dark web (www.malwarebytes.com, 2026-01-22T12:02:27)
   Score: 7.416
   Customer data allegedly stolen during a ransomware attack on sportswear giant Under Armour is now circulating on the dark web.
7. New ransomware tactics to watch out for in 2026 (www.recordedfuture.com, 2026-01-05T00:00:00)
   Score: 6.799
   Ransomware groups made less money in 2025 despite a 47% increase in attacks, driving new tactics: bundled DDoS services, insider recruitment, and gig worker exploitation. Learn the emerging trends defenders must prepare for in 2026.
8. Spammers abuse Zendesk to flood inboxes with legitimate-looking emails, but why? (www.malwarebytes.com, 2026-01-23T16:04:08)
   Score: 6.61
   Spammers are abusing Zendesk to flood inboxes with emails from trusted brands. There’s no phishing or malware—just noise.
9. December 2025 CVE Landscape: 22 Critical Vulnerabilities Mark 120% Surge, React2Shell Dominates Threat Activity (www.recordedfuture.com, 2026-01-13T00:00:00)
   Score: 6.332
   December 2025 saw a 120% surge in critical CVEs, with 22 exploited flaws and React2Shell (CVE-2025-55182) dominating threat activity across Meta’s React framework.
10. PurpleBravo’s Targeting of the IT Software Supply Chain (www.recordedfuture.com, 2026-01-21T00:00:00)
    Score: 6.165
    Discover how PurpleBravo, a North Korean threat group, exploits fake job offers to target software supply chains, using RATs and infostealers like BeaverTail.

Top 10 AI / LLM-Related Threats

Generated 2026-02-02T06:00:16.975374+00:00

1. A Systematic Literature Review on LLM Defenses Against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy (arxiv.org, 2026-02-02T05:00:00)
   Score: 24.29
   arXiv:2601.22240v1 Announce Type: new
   Abstract: The rapid advancement and widespread adoption of generative artificial intelligence (GenAI) and large language models (LLMs) has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs can exploit LLMs, causing data leaks, unauthorized actions, or compromised outputs, for instance. As both offensive and defensive prompt injection tec
2. Detecting Instruction Fine-tuning Attacks using Influence Function (arxiv.org, 2026-02-02T05:00:00)
   Score: 22.59
   arXiv:2504.09026v3 Announce Type: replace-cross
   Abstract: Instruction fine-tuning attacks pose a serious threat to large language models (LLMs) by subtly embedding poisoned examples in fine-tuning datasets, leading to harmful or unintended behaviors in downstream applications. Detecting such attacks is challenging because poisoned data is often indistinguishable from clean data, and prior knowledge of triggers or attack strategies is rarely available. We present a detection method that requires
3. Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility (www.rapid7.com, 2026-01-28T17:04:41)
   Score: 20.819
   Introduction If you received an email with the subject “I LOVE YOU” and an attachment called “LOVE-LETTER-FOR-YOU.TXT”, would you open it? Probably not, but back in the year 2000, plenty of people did exactly that. The internet learned a hard lesson about the disproportionate power available to a university dropout with some VBScript skills, and millions of ordinary people suffered the anguish of deleted family photos or even reputational damage as the worm propagated itself across their entire
4. Protecting Private Code in IDE Autocomplete using Differential Privacy (arxiv.org, 2026-02-02T05:00:00)
   Score: 20.79
   arXiv:2601.22935v1 Announce Type: new
   Abstract: Modern Integrated Development Environments (IDEs) increasingly leverage Large Language Models (LLMs) to provide advanced features like code autocomplete. While powerful, training these models on user-written code introduces significant privacy risks, making the models themselves a new type of data vulnerability. Malicious actors can exploit this by launching attacks to reconstruct sensitive training data or infer whether a specific code snippet wa
5. Whispers of Wealth: Red-Teaming Google's Agent Payments Protocol via Prompt Injection (arxiv.org, 2026-02-02T05:00:00)
   Score: 18.79
   arXiv:2601.22569v1 Announce Type: new
   Abstract: Large language model (LLM) based agents are increasingly used to automate financial transactions, yet their reliance on contextual reasoning exposes payment systems to prompt-driven manipulation. The Agent Payments Protocol (AP2) aims to secure agent-led purchases through cryptographically verifiable mandates, but its practical robustness remains underexplored. In this work, we perform an AI red-teaming evaluation of AP2 and identify vulnerabiliti
6. FraudShield: Knowledge Graph Empowered Defense for LLMs against Fraud Attacks (arxiv.org, 2026-02-02T05:00:00)
   Score: 17.79
   arXiv:2601.22485v1 Announce Type: new
   Abstract: Large language models (LLMs) have been widely integrated into critical automated workflows, including contract review and job application processes. However, LLMs are susceptible to manipulation by fraudulent information, which can lead to harmful outcomes. Although advanced defense methods have been developed to address this issue, they often exhibit limitations in effectiveness, interpretability, and generalizability, particularly when applied t
7. RealSec-bench: A Benchmark for Evaluating Secure Code Generation in Real-World Repositories (arxiv.org, 2026-02-02T05:00:00)
   Score: 17.79
   arXiv:2601.22706v1 Announce Type: new
   Abstract: Large Language Models (LLMs) have demonstrated remarkable capabilities in code generation, but their proficiency in producing secure code remains a critical, under-explored area. Existing benchmarks often fall short by relying on synthetic vulnerabilities or evaluating functional correctness in isolation, failing to capture the complex interplay between functionality and security found in real-world software. To address this gap, we introduce Real
8. Evaluating Large Language Models for Security Bug Report Prediction (arxiv.org, 2026-02-02T05:00:00)
   Score: 17.79
   arXiv:2601.22921v1 Announce Type: new
   Abstract: Early detection of security bug reports (SBRs) is critical for timely vulnerability mitigation. We present an evaluation of prompt-based engineering and fine-tuning approaches for predicting SBRs using Large Language Models (LLMs). Our findings reveal a distinct trade-off between the two approaches. Prompted proprietary models demonstrate the highest sensitivity to SBRs, achieving a G-measure of 77% and a recall of 74% on average across all the da
9. In Vino Veritas and Vulnerabilities: Examining LLM Safety via Drunk Language Inducement (arxiv.org, 2026-02-02T05:00:00)
   Score: 17.79
   arXiv:2601.22169v1 Announce Type: cross
   Abstract: Humans are susceptible to undesirable behaviours and privacy leaks under the influence of alcohol. This paper investigates drunk language, i.e., text written under the influence of alcohol, as a driver for safety failures in large language models (LLMs). We investigate three mechanisms for inducing drunk language in LLMs: persona-based prompting, causal fine-tuning, and reinforcement-based post-training. When evaluated on 5 LLMs, we observe a hi
10. Character as a Latent Variable in Large Language Models: A Mechanistic Account of Emergent Misalignment and Conditional Safety Failures (arxiv.org, 2026-02-02T05:00:00)
    Score: 17.79
    arXiv:2601.23081v1 Announce Type: cross
    Abstract: Emergent Misalignment refers to a failure mode in which fine-tuning large language models (LLMs) on narrowly scoped data induces broadly misaligned behavior. Prior explanations mainly attribute this phenomenon to the generalization of erroneous or unsafe content. In this work, we show that this view is incomplete. Across multiple domains and model families, we find that fine-tuning models on data exhibiting specific character-level dispositions
11. CloudFix: Automated Policy Repair for Cloud Access Control Policies Using Large Language Models (arxiv.org, 2026-02-02T05:00:00)
    Score: 17.79
    arXiv:2512.09957v2 Announce Type: replace-cross
    Abstract: Access control policies are vital for securing modern cloud computing, where organizations must manage access to sensitive data across thousands of users in distributed system settings. Cloud administrators typically write and update policies manually, which can be an error-prone and time-consuming process and can potentially lead to security vulnerabilities. Existing approaches based on symbolic analysis have demonstrated success in aut
12. Hide and Seek in Embedding Space: Geometry-based Steganography and Detection in Large Language Models (arxiv.org, 2026-02-02T05:00:00)
    Score: 16.79
    arXiv:2601.22818v1 Announce Type: new
    Abstract: Fine-tuned LLMs can covertly encode prompt secrets into outputs via steganographic channels. Prior work demonstrated this threat but relied on trivially recoverable encodings. We formalize payload recoverability via classifier accuracy and show previous schemes achieve 100\% recoverability. In response, we introduce low-recoverability steganography, replacing arbitrary mappings with embedding-space-derived ones. For Llama-8B (LoRA) and Ministral-8
13. Evaluating generative AI models with Amazon Nova LLM-as-a-Judge on Amazon SageMaker AI (aws.amazon.com, 2026-01-30T21:07:34)
    Score: 15.136
    Evaluating the performance of large language models (LLMs) goes beyond statistical metrics like perplexity or bilingual evaluation understudy (BLEU) scores. For most real-world generative AI scenarios, it’s crucial to understand whether a model is producing better outputs than a baseline or an earlier iteration. This is especially important for applications such as summarization, content generation, […]
14. MirrorMark: A Distortion-Free Multi-Bit Watermark for Large Language Models (arxiv.org, 2026-02-02T05:00:00)
    Score: 14.79
    arXiv:2601.22246v1 Announce Type: new
    Abstract: As large language models (LLMs) become integral to applications such as question answering and content creation, reliable content attribution has become increasingly important. Watermarking is a promising approach, but existing methods either provide only binary signals or distort the sampling distribution, degrading text quality; distortion-free approaches, in turn, often suffer from weak detectability or robustness. We propose MirrorMark, a mult
15. Secure Tool Manifest and Digital Signing Solution for Verifiable MCP and LLM Pipelines (arxiv.org, 2026-02-02T05:00:00)
    Score: 14.79
    arXiv:2601.23132v1 Announce Type: new
    Abstract: Large Language Models (LLMs) are increasingly adopted in sensitive domains such as healthcare and financial institutions' data analytics; however, their execution pipelines remain vulnerable to manipulation and unverifiable behavior. Existing control mechanisms, such as the Model Context Protocol (MCP), define compliance policies for tool invocation but lack verifiable enforcement and transparent validation of model actions. To address this g
16. FNF: Functional Network Fingerprint for Large Language Models (arxiv.org, 2026-02-02T05:00:00)
    Score: 14.79
    arXiv:2601.22692v1 Announce Type: cross
    Abstract: The development of large language models (LLMs) is costly and has significant commercial value. Consequently, preventing unauthorized appropriation of open-source LLMs and protecting developers' intellectual property rights have become critical challenges. In this work, we propose the Functional Network Fingerprint (FNF), a training-free, sample-efficient method for detecting whether a suspect LLM is derived from a victim model, based on th
17. Now You Hear Me: Audio Narrative Attacks Against Large Audio-Language Models (arxiv.org, 2026-02-02T05:00:00)
    Score: 14.79
    arXiv:2601.23255v1 Announce Type: cross
    Abstract: Large audio-language models increasingly operate on raw speech inputs, enabling more seamless integration across domains such as voice assistants, education, and clinical triage. This transition, however, introduces a distinct class of vulnerabilities that remain largely uncharacterized. We examine the security implications of this modality shift by designing a text-to-audio jailbreak that embeds disallowed directives within a narrative-style au
18. AI Kill Switch for malicious web-based LLM agent (arxiv.org, 2026-02-02T05:00:00)
    Score: 14.79
    arXiv:2511.13725v3 Announce Type: replace
    Abstract: Recently, web-based Large Language Model (LLM) agents autonomously perform increasingly complex tasks, thereby bringing significant convenience. However, they also amplify the risks of malicious misuse cases such as unauthorized collection of personally identifiable information (PII), generation of socially divisive content, and even automated web hacking. To address these threats, we propose an AI Kill Switch technique that can immediately ha
19. Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS (cloud.google.com, 2026-01-30T14:00:00)
    Score: 12.765
    Introduction Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft' , these campaigns leverage evolved voice phishing (vishing) and victim-branded credential harvesting to successfully compromise single sign-on (SSO) credentials and enroll unauthorized devices into victim multi
20. AlienLM: Alienization of Language for API-Boundary Privacy in Black-Box LLMs (arxiv.org, 2026-02-02T05:00:00)
    Score: 12.49
    arXiv:2601.22710v1 Announce Type: new
    Abstract: Modern LLMs are increasingly accessed via black-box APIs, requiring users to transmit sensitive prompts, outputs, and fine-tuning data to external providers, creating a critical privacy risk at the API boundary. We introduce AlienLM, a deployable API-only privacy layer that protects text by translating it into an Alien Language via a vocabulary-scale bijection, enabling lossless recovery on the client side. Using only standard fine-tuning APIs, Al
21. Okara: Detection and Attribution of TLS Man-in-the-Middle Vulnerabilities in Android Apps with Foundation Models (arxiv.org, 2026-02-02T05:00:00)
    Score: 12.49
    arXiv:2601.22770v1 Announce Type: new
    Abstract: Transport Layer Security (TLS) is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle (MitM) attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly instrumentation, and a lack of scalable root-cause analysis. We present Okara, a framework that leverages foundation models to automate the detection and deep att
22. No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network (cloud.google.com, 2026-01-28T14:00:00)
    Score: 12.289
    Introduction This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. This disruption, led by Google Threat Intelligence Group (GTIG) in partnership with other teams, included three main actions: Took legal action to take down domains used to control devices and proxy traffi
23. WiFiPenTester: Advancing Wireless Ethical Hacking with Governed GenAI (arxiv.org, 2026-02-02T05:00:00)
    Score: 11.79
    arXiv:2601.23092v1 Announce Type: new
    Abstract: Wireless ethical hacking relies heavily on skilled practitioners manually interpreting reconnaissance results and executing complex, time-sensitive sequences of commands to identify vulnerable targets, capture authentication handshakes, and assess password resilience; a process that is inherently labour-intensive, difficult to scale, and prone to subjective judgement and human error. To help address these limitations, we propose WiFiPenTester, an
24. Turning threat reports into detection insights with AI (www.microsoft.com, 2026-01-29T21:20:18)
    Score: 11.7
    Security teams often spend days manually turning long incident reports and threat writeups into actionable detections by extracting TTPs. This blog post shows an AI-assisted workflow that does the same job in minutes. It extracts the TTPs, maps them to existing detection coverage, and flags potential gaps. Defenders can respond faster, with human experts still reviewing and validating the results. The post Turning threat reports into detection insights with AI appeared first on Microsoft Securit
25. From Similarity to Vulnerability: Key Collision Attack on LLM Semantic Caching (arxiv.org, 2026-02-02T05:00:00)
    Score: 11.49
    arXiv:2601.23088v1 Announce Type: new
    Abstract: Semantic caching has emerged as a pivotal technique for scaling LLM applications, widely adopted by major providers including AWS and Microsoft. By utilizing semantic embedding vectors as cache keys, this mechanism effectively minimizes latency and redundant computation for semantically similar queries. In this work, we conceptualize semantic cache keys as a form of fuzzy hashes. We demonstrate that the locality required to maximize cache hit rate

Auto-generated 2026-02-02