NEWS

week in security

A week in security (February 2 – February 8)

February 9, 2026

A list of topics we covered in the week of February 2 to February 8 of 2026

Apple Pay logo

Apple Pay phish uses fake support calls to steal payment details

February 6, 2026

This Apple Pay phishing campaign is designed to funnel victims into fake Apple Support calls, where scammers steal payment details.

PDF and RAT

Open the wrong “PDF” and attackers gain remote access to your PC

February 5, 2026

The DEAD#VAX campaign tricks users into installing AsyncRAT by disguising a virtual hard disk as a PDF attachment.

Flock cameras shared license plate data without permission

February 5, 2026

A California city pulled the plug on its entire ALPR system when it found Flock had shared data with hundreds of agencies without permission.

Grok deepfake

Grok continues producing sexualized images after promised fixes

February 4, 2026

Journalists retested Grok and found it still generates offensive images even when told the subjects were vulnerable, non-consenting people.

Firefox logo

Firefox is giving users the AI off switch

February 4, 2026

Mozilla and other companies are starting to see why giving users a choice over AI features matters.

Bondu

An AI plush toy exposed thousands of private chats with children

February 3, 2026

Around 50,000 chat transcripts between children and Bondu’s AI dinosaur plushie were accessible to anyone with a Google account.

AT&T logo

AT&T breach data resurfaces with new risks for customers

February 3, 2026

As leaked datasets are merged and enriched, they become more useful to criminals. That makes recycled breach data a bigger risk for customers.

location tracking

Apple’s new iOS setting addresses a hidden layer of location tracking

February 3, 2026

Apple has introduced Limit Precise Location, a new setting that reduces how precisely cellular networks can locate your device, though support is currently limited.