Latest Interesting Cybersecurity News – 09-03-2026

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

1. EU court adviser: Banks should immediately refund unauthorized phishing losses under PSD2

An Advocate General at the Court of Justice of the EU (CJEU) issued an opinion that banks must immediately refund customers for unauthorized transactions—even when customer behavior contributed to the loss—unless the bank has reasonable grounds to suspect customer fraud. The opinion interprets the EU Payment Services Directive (PSD2) as requiring a “refund first” approach, with banks pursuing recovery later if they can prove the customer acted intentionally or with gross negligence. If adopted by the CJEU in a final ruling, this would affect bank refund processes and increase the importance of documenting fraud investigations and customer security obligations across the EU.

Key Details

• Opinion authored by Advocate General Athanasios Rantos of the CJEU.
• Case scenario: phishing link to a fake bank login page; customer entered credentials; fraudster executed an unauthorized payment.
• Victim reported the transaction to the bank and police the next day; fraudsters were not identified; the bank refused to refund, prompting a lawsuit.
• AG states a bank may withhold immediate refund only if it has good reason to suspect customer fraud and must communicate that suspicion in writing to the competent national authority.
• Banks may later seek reimbursement if they prove the customer acted intentionally or with gross negligence regarding personalized security data obligations.

Read more at BleepingComputer

2. OpenAI launches Codex Security to scan repositories, build threat models, and generate vulnerability fixes

OpenAI introduced Codex Security, a new capability in its Codex programming assistant designed to help developers identify and remediate software vulnerabilities. The tool scans a connected code repository in an isolated container, produces a threat model to guide testing, validates findings in a sandbox to reduce false positives, and generates patch code plus explanations. 

Key Details

• Repository analysis can take up to several days after creating a temporary copy in an isolated container
• Outputs a natural-language “threat model” describing the application and likely weak points (including user-upload interfaces)
• Tests discovered flaws in a sandbox to determine exploitability, then ranks vulnerabilities by severity and logs items filtered as false positives
• Originated as an internal OpenAI tool (“Aardvark”); a limited beta reduced false positives by more than 50%
• OpenAI says early adopters found 11,000+ critical and high-severity vulnerabilities; OpenAI also reported 14 findings added to the CVE database from scans of open-source tools

Next Steps

• It will be rolling out Codex Security access to ChatGPT Enterprise, Business, and Edu customers over the coming days. Test it out.

Read more at OpenAI, SiliconANGLE

3. Trump administration releases high-level cyber strategy focused on offensive operations, federal modernization, and streamlined regulation

President Donald Trump released a new, deliberately high-level cyber strategy outlining six “pillars” spanning offensive and defensive cyber operations, modernization of federal networks, critical infrastructure protection, streamlined regulation, emerging technologies (notably AI), and cybersecurity workforce development. The White House says it will issue more detailed guidance later, leaving many implementation specifics undefined for agencies and the private sector. The strategy arrived alongside a separate executive order directing federal actions against cybercrime and fraud, which only minimally overlaps with the strategy’s content.

Key Details

• The published strategy is seven pages total, with about half of the five pages of text described as preamble.
• One pillar, “Shaping adversary behavior,” calls for using U.S. offensive and defensive cyber capabilities and incentivizing private-sector disruption of adversary networks.
• “Modernize and secure federal networks” references post-quantum cryptography, artificial intelligence, and zero-trust, and lowering barriers for vendors to sell technology to the government.
• The critical infrastructure pillar emphasizes supply-chain fortification and prioritizing U.S.-made rather than adversary-made products, plus rapid recovery after incidents.
• The executive order directs the attorney general to prioritize prosecution of cybercrime and fraud and tasks DHS with improving training, according to a White House fact sheet.

Read more at CyberScoop

4. Malicious Chromium AI assistant extensions stole ChatGPT and DeepSeek chat histories across enterprise tenants

Microsoft Defender investigated malicious Chromium-based browser extensions that impersonated legitimate AI assistant tools to harvest users’ LLM chat histories and browsing data. 

Reporting indicates the extensions reached about 900,000 installs, and Microsoft telemetry observed related activity across more than 20,000 enterprise tenants—raising immediate data leakage, privacy, and compliance risks as employees paste sensitive content into browser-based AI chats. 

Key Details

• Collected data included full URLs (including internal sites) plus ChatGPT and DeepSeek prompts/responses, model names, and a persistent UUID.
• Exfiltration used periodic HTTPS POST requests to attacker-controlled domains including deepaichats[.]com and chatsaigpt[.]com (also referenced: chataigpt[.]pro, chatgptsidebar[.]pro).
• Telemetry was staged locally as Base64-encoded JSON and cleared after upload to reduce on-disk artifacts.
• Microsoft lists malicious extension IDs: fnmihdojmnkclgjpcoonkmkhjpjechg and inhcgfpbfdjbjogdfjbclgolkmhnooop.
• Microsoft notes a misleading consent flow: users could initially disable collection, but later updates re-enabled telemetry by default.

Next Steps

• Hunt for the listed malicious extension IDs.
• Consider creating a short allow list of allowed browser extensions and blocking everything else.

Read more at Microsoft Security Blog

5. Microsoft: Attackers abuse OAuth error redirects to bypass phishing checks and deliver malware

Microsoft warned that threat actors are abusing OAuth’s legitimate “error redirect” behavior to send targets from trusted identity-provider domains (like Microsoft Entra ID and Google Workspace) to attacker-controlled infrastructure. 

Because the initial URLs appear is a legitimate OAuth authorization links (disguised like a Teams recording or something similar), this technique can undermine common user guidance and some email/browser anti-phishing controls.

Key Details

• Attack chain starts with a malicious OAuth app registered in an attacker-controlled tenant, configured with a redirect URI pointing to attacker infrastructure
• Observed lures include e-signature requests, Teams recordings/meeting invites, Social Security notices, password resets, and financial/political themes; links may be embedded in PDFs
• Attackers trigger redirects by using intentionally invalid OAuth parameters to force an authorization error flow
• In malware-delivery cases, victims are redirected to a /download path that delivers ZIP archives containing LNK shortcuts and HTML smuggling tools

Read more at Microsoft Security Blog, BleepingComputer, CSO Online, The Hacker News

6. Prompt-injection flaws in agentic AI browsers enabled silent local file exfiltration and password vault takeover in Perplexity Comet

Zenity Labs disclosed a family of vulnerabilities affecting  Perplexity Comet, where untrusted content can hijack the browser’s agent through indirect prompt injection. In reported scenarios, a malicious calendar invite could trigger the agent to access local files, exfiltrate data, and even manipulate authenticated password-manager sessions without obvious user awareness. 

Key Details

• Zenity reported the issues to Perplexity last year; Perplexity issued a fix in February 2026
• Attack delivery demonstrated via a legitimate calendar invite seeded with malicious prompts (indirect prompt injection)
• Demonstrated capabilities included browsing local directories, opening/reading files, and exfiltrating data to a third-party server
• A separate exploit path showed Comet could be steered inside an authenticated 1Password web session to reveal vault entries and exfiltrate usernames/passwords via ordinary web requests
• Zenity said Perplexity added stricter user confirmation for sensitive actions and enterprise controls to disable the agent on designated sites; 1Password added hardening options such as disabling automatic sign-in and requiring explicit confirmation before autofill

Next Steps

• Restrict/disable agentic browsing on sensitive internal sites
• Require explicit confirmations for file, credential, and settings actions

Read more at ZenityLabs, CyberScoop, SiliconANGLE

7. Open-source CyberStrikeAI offensive platform linked to large-scale FortiGate targeting, with growing deployment footprint

Researchers report rising real-world use of CyberStrikeAI, an open-source AI-enabled offensive security tool, including observed targeting of Fortinet FortiGate edge devices at scale. Team Cymru identified multiple Internet-hosted CyberStrikeAI instances and correlated activity using NetFlow, suggesting the tool is moving quickly from code repo to operational attacker infrastructure. 

Key Details

• CyberStrikeAI describes itself as a Go-based “AI-native security testing platform” integrating 100+ security tools, with an orchestration engine, predefined roles, a skills system, lifecycle management, and a web dashboard.
• Team Cymru observed 21 unique IP addresses running CyberStrikeAI between 20 Jan 2026 and 26 Feb 2026 (after the repository’s first commit on 8 Nov 2025).
• Observed hosting locations for CyberStrikeAI servers were concentrated in Chinese-speaking locales, including China, Singapore, and Hong Kong.

Read more at Team Cymru, BleepingComputer, The Hacker News, CSO Online

8. A Europol-coordinated public-private operation led by Microsoft disrupts Tycoon 2FA phishing platform that at one point accounted for 62% of all phishing attempts blocked by Microsoft

A Europol-coordinated public-private operation led by Microsoft disrupted Tycoon 2FA, a phishing-as-a-service kit used to bypass MFA via adversary-in-the-middle (AiTM) attacks. Microsoft says the action seized 330 domains supporting Tycoon 2FA’s control panels and phishing pages, targeting infrastructure that helped generate tens of millions of phishing emails monthly and affected hundreds of thousands of organizations.

Key Details

• Microsoft reported Tycoon 2FA emerged in August 2023 and sent phishing at a scale reaching over 500,000 organizations globally each month.
• By mid-2025, Tycoon 2FA accounted for ~62% of phishing attempts blocked by Microsoft, including more than 30 million emails in a single month.
• Microsoft estimated ~96,000 distinct victims since 2023, including more than 55,000 Microsoft customers.
• Tycoon 2FA was sold via Telegram and Signal, including pricing cited at $350/month (and also $120 for 10 days in some offers).

Read more at Microsoft Security Blog, BleepingComputer, CyberScoop, SecurityWeek, The Hacker News

9. FBI, Europol, and partners from 14 countries seize LeakBase cybercrime forum and capture 142,000-member database

A coordinated operation led by the U.S. and Europol dismantled LeakBase, a large cybercrime forum and marketplace used to trade stolen databases, credentials, and hacking tools. Authorities seized the forum’s domains and infrastructure, preserved user data for evidence, and carried out arrests and searches across multiple countries. 

Key Details

• LeakBase was accessible on the open web, ran in English, and had been active since 2021
• The forum had more than 142,000 registered members, over 32,000 posts/33,000 threads, and more than 215,000 private messages (as of Dec. 2025 in one report)
• Officials said the site hosted hacked databases containing hundreds of millions of account credentials and financial data (e.g., credit/debit card numbers and banking account/routing information)
• Europol said the action involved around 100 enforcement actions globally and measures against 37 of the platform’s most active users; the FBI cited 13 arrests, 32 searches, and interviews with 33 suspects
• The operation (“Operation Leak”) involved enforcement activity in countries including the U.S., Australia, Belgium, Poland, Portugal, Romania, Spain, and the U.K., with Europol hosting coordination in The Hague

Read more at BleepingComputer, The Record, CyberScoop, The Hacker News, CSO Online

10. Phishing campaigns abuse IPv6 reverse-DNS .arpa domains to bypass reputation-based email defenses

Researchers report phishing campaigns using the special-use .arpa domain—specifically IPv6 reverse DNS (ip6.arpa)—to create URLs that evade common domain reputation checks and some email security gateways. 

By controlling reverse-DNS zones for IPv6 address space, attackers can publish non-PTR DNS records that resolve to phishing infrastructure, while leveraging reputable DNS/CDN providers to obscure hosting. 

This matters for organizations that rely on domain age/WHOIS and reputation scoring in email security, as .arpa-based links may lack typical registration metadata and remain active only briefly, reducing detection and takedown opportunities.

Key Details

• Infoblox observed attackers obtaining IPv6 address blocks via IPv6 tunneling services, then generating hard-to-block reverse-DNS hostnames with randomly generated subdomains
• Attackers created A records (not just expected PTR records) on attacker-controlled reverse-DNS zones to point ip6.arpa hostnames to phishing sites
• Victims were redirected through a traffic distribution system (TDS) that filtered targets (e.g., by device type, IP, referrers) and sent non-targets to legitimate sites
• Infoblox found over 100 instances of hijacked dangling CNAMEs involving well-known government agencies, universities, telecoms, media organizations, and retailers

Next Steps

• Flag and inspect .arpa URLs in email content.

Read more at BleepingComputer

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.