Risky Bulletin: SmarterTools hacked via its own product - Risky Bulletin

Summary5 min read

Risky Bulletin: SmarterTools Hacked via Its Own Product
Podcast: Risky Bulletin | Host: risky.biz | Episode Date: February 9, 2026
Prepared by Catalin Cimpanu, read by Claire Airdrop

Episode Overview

This Risky Bulletin episode covers a sweeping array of global cybersecurity incidents and trends, focusing on impactful breaches affecting government agencies, companies, and individuals. The main story highlights SmarterTools being hacked via vulnerabilities in its own product, with additional coverage of ransomware, phishing campaigns, cybercrime crackdowns, and significant financial losses from cyber incidents.

Key Discussion Points & Insights

1. SmarterTools Compromised via Its Own Software

Summary:
Hackers breached 30 email servers at SmarterTools in late January, exploiting a vulnerability in their “Smarter Mail” product.
Attribution:
SmarterTools links the attack to the Warlock ransomware group but claims its defenses prevented encryption.
Details:
- Vulnerability details unrevealed, but Smarter Mail had three bugs added to CISA’s KEV database this year.
Quote:

“SmarterTools linked the attacks to the Warlock ransomware group but said its security software prevented data encryption.” (00:21)

2. European Institutions Breached via Ivanti Zero-Days

Victims:
Dutch Data Protection Authority, Council for the Judiciary, and reportedly the European Commission.
Tactics:
Exploitation of Ivanti vulnerabilities disclosed in late January and weaponized in active attacks.
Impact:
- European Commission breach on January 30th exposed names and phone numbers of some staff.
Quote:

“Avanti disclosed 20 days in late January and warned of ongoing attacks.” (00:38)

3. State-Sponsored Signal Phishing Campaign in Germany

Target:
German politicians, military personnel, and journalists.
Method:
Phishing via Signal aimed at device pairing.
Attribution:
Not formally attributed, but tactic matches prior Russian campaigns.
Quote:

“The attacks aimed to trick users into pairing hackers’ devices with their accounts.” (01:12)

4. Academic Data Breach in Spain

Incident:
Spain’s Ministry of Science has shuttered its university portal after hacking claims by “Gordon Freeman”.
Data Compromised:
Email addresses, passport scans, banking details for thousands.

5. Senegal Government Extortion Attempt

Actors:
New ransomware group “Green Blood”
Claims:
Theft of 139 TB of national records, including immigration and electoral systems.
Context:
Follows a previous ransomware attack on the tax agency (October).
Quote:

“The agency holds sensitive information on the entire population, including data for electoral and immigration systems.” (01:52)

6. Salt Typhoon Hacks Reach Norway

Info:
Norwegian companies breached by China’s Salt Typhoon (notorious for hitting US telcos in 2024).
Note:
Likely that other countries are also affected, but disclosures are limited.

7. Flickr Data Leak through Third Party Provider

Details:
Names, emails, IP addresses, and site activity leaked due to a breach at a partner, not Flickr directly.

8. Jaguar Land Rover Suffers Major Ransomware Fallout

Losses:
$406 million total; $177.2 million in direct incident response, rest in lost sales.
Quote:

“Jaguar Land Rover and its parent company have reported losses of $406 million following last year’s ransomware attack.” (02:43)

9. ClawHub AI Marketplace Cracks Down on Malicious Skills

Change:
All AI agent submissions will be scanned by VirusTotal, prompted by the discovery of hundreds of malicious uploads.
Threats:
Malware distribution, credential, and crypto theft.
Quote:

“Some skills installed malware or stole credentials and crypto.” (03:02)

10. Major Cybercrime Enforcement & Sentencing Updates

China/Myanmar:
Four Bai crime family members executed for cyber scam operations in Myanmar.
Poland:
Polish police arrest DDoS-for-hire operator, age 20.
USA:
- Illinois man (Kyle Svara) pleads guilty to hacking almost 600 women’s Snapchat accounts, selling/trading explicit images.
- Nigerian scammer Tochukwu Albert Nobocha sentenced to 8 years for inheritance fraud ($6 million from 400+ victims).
Quotes:

“An Illinois man has pleaded guilty to hacking Snapchat accounts of almost 600 women.” (03:45)
“A Nigerian scammer has been sentenced to eight years in a US prison.” (04:14)

11. Anthropic’s Claude Model Exposes Critical Open Source Bugs

Details:
The Opus 4.6 AI model autonomously found 500+ high-severity vulnerabilities in projects like Ghostscript and OpenSC, with no custom prompt tuning.
Quote:

“Anthropic says the Opus 4.6 model found the bugs without task specific tooling, custom scaffolding or specialised prompting.” (04:25)

12. Bithumb’s $44 Billion Crypto Transfer Blunder

Incident:
Bithumb accidentally distributed 2,000 Bitcoin instead of 2,000 KRW to each customer due to an operational error.
Aftermath:
99.7% of funds recovered; $130 million remain lost.
Quote:

“Bithumb says it recovered all but 0.3% of the money, which still leaves them $130 million in the red.” (04:44)

Notable Quotes & Memorable Moments

“SmarterTools linked the attacks to the Warlock ransomware group but said its security software prevented data encryption.” (00:21)
“Avanti disclosed 20 days in late January and warned of ongoing attacks.” (00:38)
“The attacks aimed to trick users into pairing hackers’ devices with their accounts.” (01:12)
“The agency holds sensitive information on the entire population, including data for electoral and immigration systems.” (01:52)
“Jaguar Land Rover and its parent company have reported losses of $406 million following last year’s ransomware attack.” (02:43)
“Anthropic says the Opus 4.6 model found the bugs without task specific tooling, custom scaffolding or specialised prompting.” (04:25)
“Bithumb says it recovered all but 0.3% of the money, which still leaves them $130 million in the red.” (04:44)

Timestamps for Key Segments

SmarterTools Hack: 00:04–00:29
European Ivanti Zero-Day Breaches: 00:29–00:51
German Signal Phishing Campaign: 00:51–01:32
Spanish University Breach: 01:32–01:49
Senegal Ransomware Extortion: 01:49–02:08
Salt Typhoon in Norway: 02:08–02:20
Flickr Data Leak: 02:20–02:30
Jaguar Land Rover Losses: 02:43–02:58
ClawHub Scanning for Malicious AI Skills: 03:02–03:17
Enforcement Updates (China/USA/Poland): 03:17–04:14
Anthropic/Claude Vulnerability Discoveries: 04:14–04:31
Bithumb Crypto Mishap: 04:31–04:52

This episode delivers a rapid-fire, global overview of notable cyber incidents and developments, balancing government, enterprise, and individual targets. Listeners gain a clear perspective on the diversity of threats, response strategies, and the broader impact of persistent cyber risks in both policy and daily operations.

Loading summary

Transcript1 lines

[00:04]
A
A software company gets hacked through vulnerabilities in its own product European agencies are hacked via recent avanti0days Senegal is being extorted by hackers an estate actor is behind a Signal phishing campaign in Germany. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire airdrop. Today is the 6th of February and this podcast episode is brought to you by Trail of Bits. In today's top story, software company SmarterTools has been hacked through a vulnerability in its own email and collaboration server. In late January, hackers breached 30 email servers at the company. SmarterTools linked the attacks to the Warlock ransomware group but said its security software prevented data encryption. SmarterTools did not specify what vulnerability the hackers used. The product in question, Smarter Mail has had three bugs added to the SISA KEV database this year. In other news, recent Avanti Zero Days have been used to hack the Dutch Data Protection Authority and the Council for the Judiciary. Both agencies reported the incidents to the Dutch parliament last week. Avanti disclosed 20 days in late January and warned of ongoing attacks. The European Commission has been breached, likely using those same Ivanti zero days. The commission says hackers may have accessed names and phone numbers of some staff members. The incident occurred on January 30th. A state sponsored threat actor is targeting German politicians, military personnel and journalists via Signal. The country's cyber security agency said the attacks aimed to trick users into pairing hackers devices with their accounts. While German officials didn't attribute the campaign, the technique has been used by Russian hackers targeting the Ukrainian government and military. Spain's Ministry of Science has shut down its university portal to investigate a possible security breach. A hacker using the name Gordon Freeman claims to have obtained the data of thousands of students. The information includes email addresses, passport scans and banking details. A new ransomware group is attempting to extort the government of Senegal. The Green Blood group claims to have stolen 139 terabytes of data from the country's Department for the Automation of Records. The agency holds sensitive information on the entire population, including data for electoral and immigration systems. The country's tax agency was also hit by ransomware in October. Norway has confirmed that Chinese hacking group Salt Typhoon breached local companies. The group is known for breaching major US telcos in 2024. It's unlikely the campaign was restricted to the US but other countries have been less forthcoming about attacks. Photo sharing website Flickr has notified users of a security breach. It originated at a third party email service provider. Flickr says Hackers obtained names, emails, IP addresses and site activity. Jaguar Land Rover and its parent company have reported losses of $406 million following last year's ransomware attack. The cost of incident response was $177.2 million. The remaining amount was due to projected lost sales. Jaguar Land Rover was bought by Tata Motors in 2008. The ClawHub Marketplace will scan all submitted AI agent skills using VirusTotal. The change comes after security researchers found almost 400 malicious skills recently uploaded to the platform. Some skills installed malware or stole credentials and crypto. China has executed a further four individuals who ran cyberscam compounds in Myanmar. The members of the Bai crime family were executed following failed appeals last month. Eleven members of the Ming crime family suffered the same fate for similar offences. Polish police have arrested a 20 year old for launching DDoS attacks. The unnamed suspect is accused of running a DDoS for hire service. He's pleaded guilty to most charges. An Illinois man has pleaded guilty to hacking Snapchat accounts of almost 600 women. Kyle Svara stole explicit images from 59 of those accounts, which he sold or traded online. He he also offered his services for hire. One customer was Steve Waithe, a former Northeastern University track and field coach who paid Svara to hack students accounts. A Nigerian scammer has been sentenced to eight years in a US prison. Tochukwu Albert Nobocha scammed elderly Americans using an inheritance fraud scheme. He made more than $6 million from at least 400 victims. Nobocha was arrested in Poland last year. Anthropic claims its latest Claude model has discovered more than 500 high severity vulnerabilities in open source projects. It identified vulnerabilities in Ghostscript, OpenSC and CGIF. Anthropic says the Opus 4.6 model found the bugs without task specific tooling, custom scaffolding or specialised prompting. And finally, South Korean cryptocurrency exchange. Bithumb accidentally sent more than $44 billion in crypto to its customers. Last the company intended to send users 2,000 Korean won each, but sent them 2,000 Bitcoin instead. Bithumb says it recovered all but 0.3% of the money, which still leaves them $130 million in the red. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Trail of Bits. Find them@trailofbits.com thanks for your. It.