Weekly Threat Intelligence Summary

Top 10 General Cyber Threats

Generated 2026-02-09T05:00:04.081719+00:00

1. Malicious use of virtual machine infrastructure (www.sophos.com, 2026-02-04T00:00:00)
   Score: 8.632
   Bulletproof hosting providers are abusing the legitimate ISPsystem infrastructure to supply virtual machines to cybercriminals Categories: Threat Research Tags: virtual machine, cybercrime, Ransomware, ISPs
2. CrowdStrike Falcon Scores Perfect 100% in SE Labs’ Most Challenging Ransomware Test (www.crowdstrike.com, 2026-02-03T08:00:00)
   Score: 8.221
3. Microsoft Office vulnerability (CVE-2026-21509) in active exploitation (www.sophos.com, 2026-01-27T00:00:00)
   Score: 7.999
   Categories: Threat Research Tags: Microsoft Office, vulnerability, advisory
4. Match, Hinge, OkCupid, and Panera Bread breached by ransomware group (www.malwarebytes.com, 2026-01-30T14:23:28)
   Score: 7.599
   ShinyHunters claims to have stolen millions of records from Match Group dating apps and Panera Bread, with very different consequences for users.
5. Microsoft Office zero-day lets malicious documents slip past security checks (www.malwarebytes.com, 2026-01-29T14:53:57)
   Score: 7.435
   Microsoft issued an emergency patch for a flaw attackers are using to slip malicious code past Office’s document security checks.
6. Eeny, meeny, miny, moe? How ransomware operators choose victims (www.sophos.com, 2026-01-28T00:00:00)
   Score: 7.165
   Most ransomware attacks are opportunistic, not targeted at a specific sector or region Categories: Threat Research Tags: Ransomware, cybercrime, state-sponsored ransomware, victimization
7. Scam-checking just got easier: Malwarebytes is now in ChatGPT (www.malwarebytes.com, 2026-02-02T13:45:00)
   Score: 7.094
   Malwarebytes' ChatGPT integration makes it the first cybersecurity provider that can deliver its expertise without ever leaving the chat
8. Autonomous Threat Operations in action: Real results from Recorded Future’s own SOC team | Recorded Future (www.recordedfuture.com, 2026-02-01T00:00:00)
   Score: 6.632
   This article explores how Recorded Future served as Customer Zero for Autonomous Threat Operations, testing the new solution within our own SOC to validate its real-world impact before releasing it to the public. The article reveals how the technology transformed inconsistent, analyst-dependent threat hunting into unified, automated operations—enabling junior analysts to run 15–20 hunts weekly and allowing our CISO to launch comprehensive network hunts in five minutes in response to critical thr
9. WhatsApp rolls out new protections against advanced exploits and spyware (www.malwarebytes.com, 2026-01-28T12:57:36)
   Score: 6.255
   WhatsApp is strengthening how it handles photos and videos, and introducing Strict Account Settings to limit risky messages from unknown senders.
10. Apple Pay phish uses fake support calls to steal payment details (www.malwarebytes.com, 2026-02-06T14:43:55)
    Score: 5.768
    This Apple Pay phishing campaign is designed to funnel victims into fake Apple Support calls, where scammers steal payment details.

Top 10 AI / LLM-Related Threats

Generated 2026-02-09T06:00:16.591843+00:00

1. TrailBlazer: History-Guided Reinforcement Learning for Black-Box LLM Jailbreaking (arxiv.org, 2026-02-09T05:00:00)
   Score: 20.79
   arXiv:2602.06440v1 Announce Type: cross
   Abstract: Large Language Models (LLMs) have become integral to many domains, making their safety a critical priority. Prior jailbreaking research has explored diverse approaches, including prompt optimization, automated red teaming, obfuscation, and reinforcement learning (RL) based methods. However, most existing techniques fail to effectively leverage vulnerabilities revealed in earlier interaction turns, resulting in inefficient and unstable attacks. S
2. TamperBench: Systematically Stress-Testing LLM Safety Under Fine-Tuning and Tampering (arxiv.org, 2026-02-09T05:00:00)
   Score: 20.59
   arXiv:2602.06911v1 Announce Type: new
   Abstract: As increasingly capable open-weight large language models (LLMs) are deployed, improving their tamper resistance against unsafe modifications, whether accidental or intentional, becomes critical to minimize risks. However, there is no standard approach to evaluate tamper resistance. Varied data sets, metrics, and tampering configurations make it difficult to compare safety, utility, and robustness across different models and defenses. To this end,
3. VENOMREC: Cross-Modal Interactive Poisoning for Targeted Promotion in Multimodal LLM Recommender Systems (arxiv.org, 2026-02-09T05:00:00)
   Score: 19.79
   arXiv:2602.06409v1 Announce Type: new
   Abstract: Multimodal large language models (MLLMs) are pushing recommender systems (RecSys) toward content-grounded retrieval and ranking via cross-modal fusion. We find that while cross-modal consensus often mitigates conventional poisoning that manipulates interaction logs or perturbs a single modality, it also introduces a new attack surface where synchronised multimodal poisoning can reliably steer fused representations along stable semantic directions
4. Dependable Artificial Intelligence with Reliability and Security (DAIReS): A Unified Syndrome Decoding Approach for Hallucination and Backdoor Trigger Detection (arxiv.org, 2026-02-09T05:00:00)
   Score: 19.29
   arXiv:2602.06532v1 Announce Type: new
   Abstract: Machine Learning (ML) models, including Large Language Models (LLMs), are characterized by a range of system-level attributes such as security and reliability. Recent studies have demonstrated that ML models are vulnerable to multiple forms of security violations, among which backdoor data-poisoning attacks represent a particularly insidious threat, enabling unauthorized model behavior and systematic misclassification. In parallel, deficiencies in
5. Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility (www.rapid7.com, 2026-01-28T17:04:41)
   Score: 19.153
   Introduction If you received an email with the subject “I LOVE YOU” and an attachment called “LOVE-LETTER-FOR-YOU.TXT”, would you open it? Probably not, but back in the year 2000, plenty of people did exactly that. The internet learned a hard lesson about the disproportionate power available to a university dropout with some VBScript skills, and millions of ordinary people suffered the anguish of deleted family photos or even reputational damage as the worm propagated itself across their entire
6. Identifying Adversary Tactics and Techniques in Malware Binaries with an LLM Agent (arxiv.org, 2026-02-09T05:00:00)
   Score: 17.79
   arXiv:2602.06325v1 Announce Type: new
   Abstract: Understanding TTPs (Tactics, Techniques, and Procedures) in malware binaries is essential for security analysis and threat intelligence, yet remains challenging in practice. Real-world malware binaries are typically stripped of symbols, contain large numbers of functions, and distribute malicious behavior across multiple code regions, making TTP attribution difficult. Recent large language models (LLMs) offer strong code understanding capabilities
7. Evaluating and Enhancing the Vulnerability Reasoning Capabilities of Large Language Models (arxiv.org, 2026-02-09T05:00:00)
   Score: 17.79
   arXiv:2602.06687v1 Announce Type: new
   Abstract: Large Language Models (LLMs) have demonstrated remarkable proficiency in vulnerability detection. However, a critical reliability gap persists: models frequently yield correct detection verdicts based on hallucinated logic or superficial patterns that deviate from the actual root cause. This misalignment remains largely obscured because contemporary benchmarks predominantly prioritize coarse-grained classification metrics, lacking the granular gro
8. Meta SecAlign: A Secure Foundation LLM Against Prompt Injection Attacks (arxiv.org, 2026-02-09T05:00:00)
   Score: 16.49
   arXiv:2507.02735v3 Announce Type: replace
   Abstract: Prompt injection attacks, where untrusted data contains an injected prompt to manipulate the system, have been listed as the top security threat to LLM-integrated applications. Model-level prompt injection defenses have shown strong effectiveness, but the strongest defenses are proprietary. Open-source secure models are needed by the AI security community so that co-development of attacks and defenses through open research can drive scientific
9. TrapSuffix: Proactive Defense Against Adversarial Suffixes in Jailbreaking (arxiv.org, 2026-02-09T05:00:00)
   Score: 15.49
   arXiv:2602.06630v1 Announce Type: new
   Abstract: Suffix-based jailbreak attacks append an adversarial suffix, i.e., a short token sequence, to steer aligned LLMs into unsafe outputs. Since suffixes are free-form text, they admit endlessly many surface forms, making jailbreak mitigation difficult. Most existing defenses depend on passive detection of suspicious suffixes, without leveraging the defender's inherent asymmetric ability to inject secrets and proactively conceal gaps. Motivated by
10. Confundo: Learning to Generate Robust Poison for Practical RAG Systems (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.79
    arXiv:2602.06616v1 Announce Type: new
    Abstract: Retrieval-augmented generation (RAG) is increasingly deployed in real-world applications, where its reference-grounded design makes outputs appear trustworthy. This trust has spurred research on poisoning attacks that craft malicious content, inject it into knowledge sources, and manipulate RAG responses. However, when evaluated in practical RAG systems, existing attacks suffer from severely degraded effectiveness. This gap stems from two overlook
11. GhostCite: A Large-Scale Analysis of Citation Validity in the Age of Large Language Models (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.79
    arXiv:2602.06718v1 Announce Type: new
    Abstract: Citations provide the basis for trusting scientific claims; when they are invalid or fabricated, this trust collapses. With the advent of Large Language Models (LLMs), this risk has intensified: LLMs are increasingly used for academic writing, yet their tendency to fabricate citations (“ghost citations'') poses a systemic threat to citation validity.
    To quantify this threat and inform mitigation, we develop CiteVerifier, an open-sourc
12. Next-generation cyberattack detection with large language models: anomaly analysis across heterogeneous logs (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.79
    arXiv:2602.06777v1 Announce Type: new
    Abstract: This project explores large language models (LLMs) for anomaly detection across heterogeneous log sources. Traditional intrusion detection systems suffer from high false positive rates, semantic blindness, and data scarcity, as logs are inherently sensitive, making clean datasets rare. We address these challenges through three contributions: (1) LogAtlas-Foundation-Sessions and LogAtlas-Defense-Set, balanced and heterogeneous log datasets with exp
13. Plato's Form: Toward Backdoor Defense-as-a-Service for LLMs with Prototype Representations (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.79
    arXiv:2602.06887v1 Announce Type: new
    Abstract: Large language models (LLMs) are increasingly deployed in security-sensitive applications, yet remain vulnerable to backdoor attacks. However, existing backdoor defenses are difficult to operationalize for Backdoor Defense-as-a-Service (BDaaS), as they require unrealistic side information (e.g., downstream clean data, known triggers/targets, or task domain specifics), and lack reusable, scalable purification across diverse backdoored models. In th
14. Do Prompts Guarantee Safety? Mitigating Toxicity from LLM Generations through Subspace Intervention (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.79
    arXiv:2602.06623v1 Announce Type: cross
    Abstract: Large Language Models (LLMs) are powerful text generators, yet they can produce toxic or harmful content even when given seemingly harmless prompts. This presents a serious safety challenge and can cause real-world harm. Toxicity is often subtle and context-dependent, making it difficult to detect at the token level or through coarse sentence-level signals. Moreover, efforts to mitigate toxicity often face a trade-off between safety and the cohe
15. CIPHER: Cryptographic Insecurity Profiling via Hybrid Evaluation of Responses (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.79
    arXiv:2602.01438v2 Announce Type: replace
    Abstract: Large language models (LLMs) are increasingly used to assist developers with code, yet their implementations of cryptographic functionality often contain exploitable flaws. Minor design choices (e.g., static initialization vectors or missing authentication) can silently invalidate security guarantees. We introduce CIPHER(Cryptographic Insecurity Profiling via Hybrid Evaluation of Responses), a benchmark for measuring cryptographic vulnerabilit
16. Spider-Sense: Intrinsic Risk Sensing for Efficient Agent Defense with Hierarchical Adaptive Screening (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.79
    arXiv:2602.05386v2 Announce Type: replace
    Abstract: As large language models (LLMs) evolve into autonomous agents, their real-world applicability has expanded significantly, accompanied by new security challenges. Most existing agent defense mechanisms adopt a mandatory checking paradigm, in which security validation is forcibly triggered at predefined stages of the agent lifecycle. In this work, we argue that effective agent security should be intrinsic and selective rather than architecturall
17. SafeCOMM: A Study on Safety Degradation in Fine-Tuned Telecom Large Language Models (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.79
    arXiv:2506.00062v3 Announce Type: replace-cross
    Abstract: Fine-tuning large language models (LLMs) on telecom datasets is a common practice to adapt general-purpose models to the telecom domain. However, little attention has been paid to how this process may compromise model safety. Recent research has shown that even benign fine-tuning can degrade the safety alignment of LLMs, causing them to respond to harmful or unethical user queries. In this paper, we investigate this issue by fine-tuning
18. Malicious Agent Skills in the Wild: A Large-Scale Security Empirical Study (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.49
    arXiv:2602.06547v1 Announce Type: new
    Abstract: Third-party agent skills extend LLM-based agents with instruction files and executable code that run on users' machines. Skills execute with user privileges and are distributed through community registries with minimal vetting, but no ground-truth dataset exists to characterize the resulting threats. We construct the first labeled dataset of malicious agent skills by behaviorally verifying 98,380 skills from two community registries, confirmi
19. AgentDyn: A Dynamic Open-Ended Benchmark for Evaluating Prompt Injection Attacks of Real-World Agent Security System (arxiv.org, 2026-02-09T05:00:00)
    Score: 14.49
    arXiv:2602.03117v2 Announce Type: replace
    Abstract: AI agents that autonomously interact with external tools and environments show great promise across real-world applications. However, the external data which agent consumes also leads to the risk of indirect prompt injection attacks, where malicious instructions embedded in third-party content hijack agent behavior. Guided by benchmarks, such as AgentDojo, there has been significant amount of progress in developing defense against the said att
20. Evaluating generative AI models with Amazon Nova LLM-as-a-Judge on Amazon SageMaker AI (aws.amazon.com, 2026-01-30T21:07:34)
    Score: 13.469
    Evaluating the performance of large language models (LLMs) goes beyond statistical metrics like perplexity or bilingual evaluation understudy (BLEU) scores. For most real-world generative AI scenarios, it’s crucial to understand whether a model is producing better outputs than a baseline or an earlier iteration. This is especially important for applications such as summarization, content generation, […]
21. Subgraph Reconstruction Attacks on Graph RAG Deployments with Practical Defenses (arxiv.org, 2026-02-09T05:00:00)
    Score: 12.49
    arXiv:2602.06495v1 Announce Type: new
    Abstract: Graph-based retrieval-augmented generation (Graph RAG) is increasingly deployed to support LLM applications by augmenting user queries with structured knowledge retrieved from a knowledge graph. While Graph RAG improves relational reasoning, it introduces a largely understudied threat: adversaries can reconstruct subgraphs from a target RAG system's knowledge graph, enabling privacy inference and replication of curated knowledge assets. We sh
22. FuSeFL: Fully Secure and Scalable Federated Learning (arxiv.org, 2026-02-09T05:00:00)
    Score: 12.49
    arXiv:2507.13591v3 Announce Type: replace
    Abstract: Federated Learning (FL) enables collaborative model training without centralizing client data, making it attractive for privacy-sensitive domains. While existing approaches employ cryptographic techniques such as homomorphic encryption, differential privacy, or secure multiparty computation to mitigate inference attacks, including model inversion, membership inference, and gradient leakage, they often suffer from high computational and memory
23. Efficient LLM Moderation with Multi-Layer Latent Prototypes (arxiv.org, 2026-02-09T05:00:00)
    Score: 12.49
    arXiv:2502.16174v3 Announce Type: replace-cross
    Abstract: Although modern LLMs are aligned with human values during post-training, robust moderation remains essential to prevent harmful outputs at deployment time. Existing approaches suffer from performance-efficiency trade-offs and are difficult to customize to user-specific requirements. Motivated by this gap, we introduce Multi-Layer Prototype Moderator (MLPM), a lightweight and highly customizable input moderation tool. We propose leveragin
24. Testing Storage-System Correctness: Challenges, Fuzzing Limitations, and AI-Augmented Opportunities (arxiv.org, 2026-02-09T05:00:00)
    Score: 11.99
    arXiv:2602.02614v2 Announce Type: replace-cross
    Abstract: Storage systems are fundamental to modern computing infrastructures, yet ensuring their correctness remains challenging in practice. Despite decades of research on system testing, many storage-system failures (including durability, ordering, recovery, and consistency violations) remain difficult to expose systematically. This difficulty stems not primarily from insufficient testing tooling, but from intrinsic properties of storage-system
25. Layer of Truth: Probing Belief Shifts under Continual Pre-Training Poisoning (arxiv.org, 2026-02-09T05:00:00)
    Score: 11.79
    arXiv:2510.26829v3 Announce Type: replace-cross
    Abstract: We show that continual pretraining on plausible misinformation can overwrite specific factual knowledge in large language models without degrading overall performance. Unlike prior poisoning work under static pretraining, we study repeated exposure to counterfactual claims during continual updates. Using paired fact-counterfact items with graded poisoning ratios, we track how internal preferences between competing facts evolve across che

Auto-generated 2026-02-09