Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 6 February 2026

Jorge Laurel Β· Β·4 min read Β·Issue #111


Another week, another supply chain nightmare. 🎒

This week’s cybersecurity roundup features everything from compromised software updates (yes, even Notepad++) to record-breaking DDoS attacks that would make your infrastructure cry. We’ve got nation-state actors playing Olympics spoiler, fintech firms losing millions of records, and AI agents getting their own social network (because apparently they need friends too).

Whether you’re defending against WinRAR exploits or wondering if your antivirus just became your biggest threat, this week had something for everyone.

Check out the full breakdown below – your threat intel fix is served. ⬇️

#CyberBreaches #ThreatIntelligence #SupplyChainSecurity #FWU #fridaywrapup


Espionage & Data Extraction

Nation-state actors dominated headlines this week with sophisticated supply chain attacks and targeted espionage campaigns.

  • 🎯 Chinese state hackers hijacked Notepad++’s update feature for months, compromising users through a trusted software channel. (Published on 2-Feb-2026, BleepingComputer). Read More

  • πŸ‰ APT28 deployed espionage-focused malware exploiting Microsoft Office CVE-2026-21509 in targeted attacks against high-value systems. (Published on 3-Feb-2026, The Hacker News). Read More

  • 🎿 Italy successfully thwarted Russian-linked cyberattacks targeting Winter Olympics websites, according to the Foreign Minister. (Published on 5-Feb-2026, SecurityWeek). Read More

  • πŸ”ͺ China-linked DKnife AitM framework targets routers for traffic hijacking and malware delivery through advanced man-in-the-middle techniques. (Published on 6-Feb-2026, The Hacker News). Read More

  • πŸ“¦ Amaranth-Dragon exploits WinRAR vulnerability in sophisticated espionage campaigns targeting sensitive organizational data. (Published on 4-Feb-2026, The Hacker News). Read More

Major Cyberattacks & Incidents This week saw multiple high-profile breaches affecting millions of users across various sectors.

  • πŸ” ShinyHunters-branded extortion activity expands dramatically with escalating threats against compromised organizations worldwide. (Published on 2-Feb-2026, SecurityWeek). Read More

  • πŸ₯– Hackers leaked 5.1 million Panera Bread customer records exposing personal information in a massive data breach. (Published on 3-Feb-2026, SecurityWeek). Read More

  • πŸ’° Fintech firm Betterment suffered a data breach exposing 1.4 million customer accounts and sensitive financial information. (Published on 5-Feb-2026, BleepingComputer). Read More

  • πŸ“§ Newsletter platform Substack notified users of a data breach compromising subscriber information and account credentials. (Published on 5-Feb-2026, BleepingComputer). Read More

  • ☁️ Exposed AWS credentials enabled AI-assisted cloud breach in just 8 minutes, demonstrating automation’s threat potential. (Published on 4-Feb-2026, Hackread). Read More

Malware & Vulnerabilities

Critical vulnerabilities and sophisticated malware strains continued to challenge security teams globally.

  • πŸ›‘οΈ eScan Antivirus update servers were compromised to deliver multi-stage malware to unsuspecting users trusting legitimate updates. (Published on 2-Feb-2026, The Hacker News). Read More

  • πŸ’¬ Stealthy Windows RAT discovered holding live conversations with operators, enabling real-time command and control capabilities. (Published on 2-Feb-2026, CSO Online). Read More

  • βš›οΈ Hackers exploited critical React Native Metro bug to breach developer systems through supply chain attacks. (Published on 3-Feb-2026, BleepingComputer). Read More

  • πŸͺ± GlassWorm malware returns to shatter developer ecosystems with enhanced capabilities targeting software supply chains. (Published on 3-Feb-2026, Dark Reading). Read More

  • ⚠️ Critical n8n workflow automation flaws disclosed publicly along with working exploits posing immediate risk. (Published on 4-Feb-2026, BleepingComputer). Read More

  • 🍎 macOS users targeted by Python infostealers disguised as legitimate AI installer packages stealing credentials and data. (Published on 5-Feb-2026, Hackread). Read More

  • β˜€οΈ Fresh SolarWinds vulnerability actively exploited in attacks targeting enterprise infrastructure and management systems. (Published on 4-Feb-2026, SecurityWeek). Read More

  • πŸ“¦ New hacking campaign exploits Microsoft Windows WinRAR vulnerability in widespread attacks against Windows users. (Published on 5-Feb-2026, Infosecurity). Read More

  • 🌐 Chinese-made malware kit targets Chinese-based routers and edge devices in coordinated infrastructure attacks. (Published on 6-Feb-2026, Infosecurity). Read More

  • πŸͺ 17% of third-party OpenClaw add-ons used in cryptocurrency theft and macOS malware distribution campaigns. (Published on 6-Feb-2026, Hackread). Read More

DDoS, Outages & Infrastructure

Record-breaking attacks and persistent botnets tested infrastructure resilience worldwide.

  • πŸ’₯ AISURU/Kimwolf botnet launched record-setting 31.4 Tbps DDoS attack, breaking previous volumetric attack records. (Published on 5-Feb-2026, The Hacker News). Read More

  • πŸ€– Global SystemBC botnet discovered active across 10,000 infected systems facilitating proxy services and malware delivery. (Published on 4-Feb-2026, Infosecurity). Read More

AI & Policy

Regulatory developments and AI security research shaped policy discussions this week.

  • πŸ›‘οΈ NSA published new Zero Trust implementation guidelines providing comprehensive framework for secure architecture deployment. (Published on 2-Feb-2026, Infosecurity). Read More

  • πŸ€– Moltbook emerges as social platform where AI agents communicate while humans observe interactions passively. (Published on 3-Feb-2026, Hackread). Read More

  • 🚨 CISA orders federal agencies to replace end-of-life edge devices eliminating unpatched vulnerabilities from networks. (Published on 6-Feb-2026, BleepingComputer). Read More

  • πŸ” Claude AI discovered 500 high-severity software vulnerabilities demonstrating AI’s potential in vulnerability research. (Published on 6-Feb-2026, CSO Online). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!