{"id":187307,"date":"2026-02-13T13:39:00","date_gmt":"2026-02-13T18:39:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/13\/the-good-the-bad-and-the-ugly-in-cybersecurity-week-7\/"},"modified":"2026-02-14T05:45:12","modified_gmt":"2026-02-14T10:45:12","slug":"the-good-the-bad-and-the-ugly-in-cybersecurity-week-7","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/13\/the-good-the-bad-and-the-ugly-in-cybersecurity-week-7\/","title":{"rendered":"The Good, the Bad and the Ugly in Cybersecurity \u2013 Week 7"},"content":{"rendered":"<p><a href=\"https:\/\/www.sentinelone.com\/blog\/the-good-the-bad-and-the-ugly-in-cybersecurity-week-7-7\/\">The Good, the Bad and the Ugly in Cybersecurity \u2013 Week 7<\/a><\/p>\n<p><a href=\"https:\/\/www.sentinelone.com\/blog\/the-good-the-bad-and-the-ugly-in-cybersecurity-week-7-7\/\">https:\/\/www.sentinelone.com\/blog\/the-good-the-bad-and-the-ugly-in-cybersecurity-week-7-7\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-13 13:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.sentinelone.com\">www.sentinelone.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\t\t\t\t\t\t\t\t\tThe Good | Authorities Crack Down on Identity, Romance Baiting &#038; Phishing Schemes<br \/>\nTwo individuals have been indicted for a years-long scheme that used stolen identities from 3,000 victims to siphon $3 million from sportsbooks. Amitoj Kapoor and Siddharth Lillaney allegedly bought personally identifying information (PII) on dark markets and Telegram, opened thousands of fake accounts on FanDuel, DraftKings, and BetMGM, and harvested new-user bonuses.<br \/>\nThe pair allegedly used background-check services to pass verification checks and cashed out winnings via prepaid cards into controlled accounts. Prosecutors have filed for charges of fraud, identity theft, and money laundering charges carrying several decades in prison.<br \/>\nSource: Madison County Detention Center<br \/>\nIn further crackdowns on fraudulent schemes, a dual Chinese and St. Kitts &#038; Nevis fugitive has been sentenced in absentia to 20 years for orchestrating a romance baiting crypto scam worth over $73 million.<br \/>\nDaren Li built trust with victims via messaging and dating apps before steering them into fake investments, then laundering the stolen funds through shell companies, U.S. bank accounts, and cryptocurrency platforms using assets like Tether. Arrested in 2024, Li fled two months ago while awaiting sentencing. Investigators tied the syndicate to hundreds of millions in laundered crypto and wider global losses.<br \/>\nPolice in the Netherlands have arrested a man for allegedly selling access to JokerOTP, a phishing-as-a-service (PhaaS) tool that intercepts one-time passwords to hijack accounts. The suspect, the third arrest in a three-year long probe, allegedly marketed licenses via Telegram to criminals who used automated calls to impersonate trusted companies and trick victims into revealing codes and sensitive data.<br \/>\nAuthorities say the service enabled over 28,000 attacks across 13 countries, causing roughly $10 million in losses and targeting accounts on PayPal, Venmo, Coinbase, and Apple. While investigations continue, dozens of JokerOTP bot buyers have already been identified and face prosecution in due time.<br \/>\nThe Bad | APT Groups Weaponize Google Gemini in All Stages of Cyber Kill Chain<br \/>\nState-backed hackers and cybercriminals are increasingly exploiting Google\u2019s Gemini AI to streamline their attacks from initial reconnaissance to post-compromise operations. According to new research, actors linked to China, Iran, North Korea, and Russia used the model for target profiling, phishing lure generation, translation, coding, vulnerability testing, command-and-control development, and data exfiltration.<br \/>\nSome operatives even posed as cybersecurity experts to trick the AI tool into producing detailed exploitation plans, including remote code execution (RCE) and web-application (WAF) firewall bypass techniques against specific targets in the U.S.<br \/>\nModel extraction attack (Source: GTIG)<br \/>\nIranian-linked threat group APT42 leveraged the model to accelerate social engineering campaigns and tailor malicious tools, while others integrated AI-assisted capabilities into malware such as a CoinBait phishing kit and HonestCue malware launcher. Criminal groups also used generative AI in ClickFix campaigns that delivered infostealing malware through deceptive troubleshooting ads. Researchers also noted signs of AI-generated code in malware artifacts, indicating that generative platforms are already shaping attacker toolchains.<br \/>\nBeyond direct abuse, the report observed attempts to extract and replicate Gemini itself through large-scale querying and \u201cknowledge distillation\u201d techniques, in which actors use data from one model to train fresh, more advanced ones. While this mostly threatens AI vendors\u2019 intellectual property, it could also eventually affect end users of the tool as AI-as-a-Service continues to rise.<br \/>\nGoogle says it has disabled the malicious accounts and continues to harden its defenses to limit misuse and make it more difficult to exploit. However, researchers warn that AI integration will likely accelerate threat actor capabilities\u00a0across cybercrime ecosystems, lowering barriers to entry and increasing the speed, scale, and sophistication of future attacks.<br \/>\nThe Ugly | China-Based Actors Hit Major Singaporean Telcos in Ongoing Espionage Campaign<br \/>\nSingapore\u2019s Cyber Security Agency (CSA) revealed this week that the China-linked threat actor UNC3886 has targeted each of the country\u2019s four largest telecommunications (teleco) providers \u2013 Singtel, StarHub, M1, and Simba Telecom \u2013 at least once last year.<br \/>\nUsing sophisticated tools and zero-day exploits, the APT gained limited access to critical systems. While it did not disrupt services or exfiltrate sensitive customer data, rootkits helped UNC3886 maintain stealthy persistence while siphoning technical data to support operational objectives.<br \/>\nSource: AsiaOne<br \/>\nCSA has since responded with \u201cOperation Cyber Guardian\u201d, an 11-month long campaign bringing together over 100 investigators across six government agencies to support. Authorities closed access points in the teleco networks, expanded monitoring, and blocked attempts to pivot into banking, transport, or healthcare networks. The agency also emphasized that while UNC3886\u2019s intrusions were deliberate and well-planned, mitigation measures were able to prevent major disruption.<br \/>\nActive since at least 2022, the PRC-based actor is known to target virtualization technologies and edge devices, often fabricating scenarios to test and exploit vulnerabilities without triggering alerts. Previous activity included targeting telecommunications networks in the U.S. and Canada with the goal of developing cross-border espionage capabilities.<br \/>\nCSA described UNC3886 as \u201can advanced persistent threat with deep capabilities\u201d, noting that the recent campaign demonstrates the ongoing risk to critical national infrastructure. The agency stressed the importance of cyber defense readiness, stating that rapid remediation, monitoring, and coordinated response measures continue to be key to containing the attacks and protecting Singapore\u2019s teleco sector.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Good, the Bad and the Ugly in Cybersecurity \u2013 Week 7 https:\/\/www.sentinelone.com\/blog\/the-good-the-bad-and-the-ugly-in-cybersecurity-week-7-7\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":187308,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.sentinelone.com\/wp-content\/uploads\/2026\/02\/GBU_week7_2026.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,31,32,25,34,27],"class_list":["post-187307","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-exploit","tag-malware","tag-phishing","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187307"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=187307"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187307\/revisions"}],"predecessor-version":[{"id":187309,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187307\/revisions\/187309"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/187308"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=187307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=187307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=187307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}