Infosec In Brief An unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.
France’s Ministry of Economics, Finance and Industrial and Digital Sovereignty last week revealed the incident took place in January, after unknown attackers used stolen credentials to access the database.
The Ministry said the attacker’s access was restricted immediately upon discovery of the attack, but that the miscreant still managed to access personal information about 1.2 million accounts, including account numbers, account holder’s addresses, and tax identification numbers.
France’s government has mobilized the agencies that fight this sort of incident, and warned account holders to be on the lookout for suspicious messages.
0days in Ivanti’s EPMM under attack
Palo Alto Networks’ Unit 42 reported last week that the pair of zero-days in Ivanti Endpoint Manager for Mobile (EPMM) that the vendor patched last month are proving popular with attackers.
According to Unit 42 researchers, cyber-scum are aware of the two 9.8-rated CVEs – CVE-2026-1281 and CVE-2026-1340 – and are targeting unpatched systems.
State and local governments, healthcare, manufacturing, professional and legal services, and the tech sector in the US, Germany, Australia, and Canada have all been peppered by attackers leveraging those vulnerabilities.
Unit 42 reports that attackers have tried to exploit them by establishing a reverse shell, installing web shells, downloading malware, and conducting reconnaissance in a search for further vulnerabilities.
The researchers noted that patches are available for both vulnerabilities and point out that installation doesn’t require downtime, so deserves a prominent place on owners’ to-do lists.
0APT a hoax? Not so fast, say researchers
You may recall in last week’s security roundup that we wrote about GuidePoint Security’s opinion that a group calling itself 0APT appears to be a fake gang using other cybercriminals’ ill-gotten data to pass off as their own.
Researchers with security firm Cyderes’ Howler Cell threat research team reached out to warn us not to ignore the group, as there are signs it’s a real threat.
According to Howler Cell’s research, 0APT’s initial presence might be mostly fake, but “the operators behind 0APT are running an active Ransomware-as-a-service platform with functional malicious payloads and a working affiliate model.”
Howler Cell warns that the bluff may have been an attempt to attract attention, like we said, but not just to scam victims – they may also be trying to attract affiliates by making quick reputation gains.
Howler Cell said that it managed to access the group’s ransomware-as-a-service portal, collecting malware samples that were fully viable and just waiting to be deployed.
“The 0APT ransomware demonstrates a clear focus on reliability, operator configurability, and secure cryptographic implementation, aligning with modern trends in Rust‑based ransomware development,” Howler Cell said.
You’ve been warned.
AI helps cybercrims move faster, do more
AI is rapidly becoming a cybercriminal’s best friend, serving as a force multiplier that is increasing attacker success rates at each stage of a campaign.
Unit 42 said in its 2026 Global Incident Response Report published last week that AI contributed to a quadrupling of exfiltration speeds in 2025, making it one of the most dangerous emerging threats for the coming year.
“AI is changing the economics of intrusions,” Unit 42 said in the report. “It increases attacker speed, scale and effectiveness while opening entirely new attack vectors.”
We’ve known that AI has helped cybercriminals for a while. Unit 42’s report, however, suggests whatever trends we’ve seen to date are only going to accelerate and make the problem worse.
AI is enabling attackers to move faster to exploit vulnerabilities, with Unit 42 saying it has seen signs that attackers are using AI to help them scan for exposed vulnerabilities within 15 minutes of a CVE being announced.
“Exploitation attempts often begin before many security teams have even finished reading the vulnerability advisory,” Unit 42 noted. AI assistance has meant that time-to-exfiltration can be as little as 25 minutes, according to Unit 42’s simulations.
AI is further lowering the barrier to entry for new attackers too, by making it easy to personalize social engineering exploits and keeping them free of the spelling and grammar errors that betray their nature.
Constant vigilance and a new line of defenses will be needed to keep up with this latest generation of AI threats, tips for which are included in the Unit 42 report.
Tenga leaks customer details
Sex toy manufacturer Tenga said a “limited segment” of its US customer base who interacted with company support reps have had their details spilled.
Cybercriminals obtained correspondence history and customer email addresses (no other PII or financial information, but even that limited bit of data could get embarrassing) by probing a single employee’s email account, the company said.
It seems a malicious email campaign may also be involved using the addresses obtained by the digi-crook, as Tenga is also warning customers caught in the leak not to open suspicious attachments.
The company said it’s already been in touch with affected customers, and said it intends to use more protection to prevent another such incident in the future. ®