Dataproof Communications

By: Adrian Andaya and Gabriel Mamaril, Cofense Phishing Defense CenterBefore you click “Accept” on calendar invites, think twice — it could be a phishing scheme. The Cofense Phishing Defense Center (PDC) has identified a new tactic involving fake Microsoft and Google Calendar invites designed to steal your login credentials.  Phishing invitations are becoming increasingly sophisticated, often mimicking designs from...

In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past...

Full-stack observability helps Gulf IT leaders accelerate ROI, strengthen resilience, and advance digital maturity. Learn how to use AI-driven insights and automation to align with business outcomes and sustain competitive advantage. - Read more

In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records,...

Enterprise customers face an unprecedented security landscape where sophisticated cyber threats use artificial intelligence to identify vulnerabilities, automate attacks, and evade detection at machine speed. Traditional perimeter-based security models are insufficient when adversaries can analyze millions of attack vectors in seconds and exploit zero-day vulnerabilities before patches are available. The distributed nature of serverless architectures compounds this...

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more. The post Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware appeared first on TechRepublic. - Read more

For the latest discoveries in cyber research for the week of 16th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Dutch telecom provider Odido was hit by a data breach following unauthorized access to its customer management system. Attackers extracted personal data of 6.2 million customers, including names, addresses, phone numbers, email addresses, bank account details, dates of...

Security researchers have challenged end-to-end encryption claims from popular commercial password managers - Read more

Nanobot Unauthenticated WhatsApp Session Hijack via WebSocket Bridge Tenable Research has identified and responsibly disclosed a vulnerability to Nanobot.The nanobot WhatsApp bridge server (`bridge/src/server.ts`) binds its WebSocket server to all network interfaces (`0.0.0.0`) and accepts connections without any form of authentication. An attacker with network access to the bridge port (default `3001`) can fully hijack the linked WhatsApp session:...

Gogs Cross-Repository Comment Deletion via DeleteComment Tenable Research has identified and responsibly disclosed an Insecure Direct Object References (IDOR) vulnerability to Gogs. The POST `/:owner/:repo/issues/comments/:id/delete` endpoint does not verify that the comment belongs to the repository specified in the URL.This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment IDs, bypassing authorization controls.The...