Risky Bulletin: SmarterTools Hacked via Its Own Product
Podcast: Risky Bulletin | Host: risky.biz | Episode Date: February 9, 2026
Prepared by Catalin Cimpanu, read by Claire Airdrop

Episode Overview

This Risky Bulletin episode covers a sweeping array of global cybersecurity incidents and trends, focusing on impactful breaches affecting government agencies, companies, and individuals. The main story highlights SmarterTools being hacked via vulnerabilities in its own product, with additional coverage of ransomware, phishing campaigns, cybercrime crackdowns, and significant financial losses from cyber incidents.

Key Discussion Points & Insights

1. SmarterTools Compromised via Its Own Software

• Summary:
  Hackers breached 30 email servers at SmarterTools in late January, exploiting a vulnerability in their “Smarter Mail” product.
• Attribution:
  SmarterTools links the attack to the Warlock ransomware group but claims its defenses prevented encryption.
• Details:
  • Vulnerability details unrevealed, but Smarter Mail had three bugs added to CISA’s KEV database this year.
• Quote:

  “SmarterTools linked the attacks to the Warlock ransomware group but said its security software prevented data encryption.” (00:21)

2. European Institutions Breached via Ivanti Zero-Days

• Victims:
  Dutch Data Protection Authority, Council for the Judiciary, and reportedly the European Commission.
• Tactics:
  Exploitation of Ivanti vulnerabilities disclosed in late January and weaponized in active attacks.
• Impact:
  • European Commission breach on January 30th exposed names and phone numbers of some staff.
• Quote:

  “Avanti disclosed 20 days in late January and warned of ongoing attacks.” (00:38)

3. State-Sponsored Signal Phishing Campaign in Germany

• Target:
  German politicians, military personnel, and journalists.
• Method:
  Phishing via Signal aimed at device pairing.
• Attribution:
  Not formally attributed, but tactic matches prior Russian campaigns.
• Quote:

  “The attacks aimed to trick users into pairing hackers’ devices with their accounts.” (01:12)

4. Academic Data Breach in Spain

• Incident:
  Spain’s Ministry of Science has shuttered its university portal after hacking claims by “Gordon Freeman”.
• Data Compromised:
  Email addresses, passport scans, banking details for thousands.

5. Senegal Government Extortion Attempt

• Actors:
  New ransomware group “Green Blood”
• Claims:
  Theft of 139 TB of national records, including immigration and electoral systems.
• Context:
  Follows a previous ransomware attack on the tax agency (October).
• Quote:

  “The agency holds sensitive information on the entire population, including data for electoral and immigration systems.” (01:52)

6. Salt Typhoon Hacks Reach Norway

• Info:
  Norwegian companies breached by China’s Salt Typhoon (notorious for hitting US telcos in 2024).
• Note:
  Likely that other countries are also affected, but disclosures are limited.

7. Flickr Data Leak through Third Party Provider

• Details:
  Names, emails, IP addresses, and site activity leaked due to a breach at a partner, not Flickr directly.

8. Jaguar Land Rover Suffers Major Ransomware Fallout

• Losses:
  $406 million total; $177.2 million in direct incident response, rest in lost sales.
• Quote:

  “Jaguar Land Rover and its parent company have reported losses of $406 million following last year’s ransomware attack.” (02:43)

9. ClawHub AI Marketplace Cracks Down on Malicious Skills

• Change:
  All AI agent submissions will be scanned by VirusTotal, prompted by the discovery of hundreds of malicious uploads.
• Threats:
  Malware distribution, credential, and crypto theft.
• Quote:

  “Some skills installed malware or stole credentials and crypto.” (03:02)

10. Major Cybercrime Enforcement & Sentencing Updates

• China/Myanmar:
  Four Bai crime family members executed for cyber scam operations in Myanmar.
• Poland:
  Polish police arrest DDoS-for-hire operator, age 20.
• USA:
  • Illinois man (Kyle Svara) pleads guilty to hacking almost 600 women’s Snapchat accounts, selling/trading explicit images.
  • Nigerian scammer Tochukwu Albert Nobocha sentenced to 8 years for inheritance fraud ($6 million from 400+ victims).
• Quotes:

  “An Illinois man has pleaded guilty to hacking Snapchat accounts of almost 600 women.” (03:45)
  “A Nigerian scammer has been sentenced to eight years in a US prison.” (04:14)

11. Anthropic’s Claude Model Exposes Critical Open Source Bugs

• Details:
  The Opus 4.6 AI model autonomously found 500+ high-severity vulnerabilities in projects like Ghostscript and OpenSC, with no custom prompt tuning.
• Quote:

  “Anthropic says the Opus 4.6 model found the bugs without task specific tooling, custom scaffolding or specialised prompting.” (04:25)

12. Bithumb’s $44 Billion Crypto Transfer Blunder

• Incident:
  Bithumb accidentally distributed 2,000 Bitcoin instead of 2,000 KRW to each customer due to an operational error.
• Aftermath:
  99.7% of funds recovered; $130 million remain lost.
• Quote:

  “Bithumb says it recovered all but 0.3% of the money, which still leaves them $130 million in the red.” (04:44)

Notable Quotes & Memorable Moments

• “SmarterTools linked the attacks to the Warlock ransomware group but said its security software prevented data encryption.” (00:21)
• “Avanti disclosed 20 days in late January and warned of ongoing attacks.” (00:38)
• “The attacks aimed to trick users into pairing hackers’ devices with their accounts.” (01:12)
• “The agency holds sensitive information on the entire population, including data for electoral and immigration systems.” (01:52)
• “Jaguar Land Rover and its parent company have reported losses of $406 million following last year’s ransomware attack.” (02:43)
• “Anthropic says the Opus 4.6 model found the bugs without task specific tooling, custom scaffolding or specialised prompting.” (04:25)
• “Bithumb says it recovered all but 0.3% of the money, which still leaves them $130 million in the red.” (04:44)

Timestamps for Key Segments

• SmarterTools Hack: 00:04–00:29
• European Ivanti Zero-Day Breaches: 00:29–00:51
• German Signal Phishing Campaign: 00:51–01:32
• Spanish University Breach: 01:32–01:49
• Senegal Ransomware Extortion: 01:49–02:08
• Salt Typhoon in Norway: 02:08–02:20
• Flickr Data Leak: 02:20–02:30
• Jaguar Land Rover Losses: 02:43–02:58
• ClawHub Scanning for Malicious AI Skills: 03:02–03:17
• Enforcement Updates (China/USA/Poland): 03:17–04:14
• Anthropic/Claude Vulnerability Discoveries: 04:14–04:31
• Bithumb Crypto Mishap: 04:31–04:52

This episode delivers a rapid-fire, global overview of notable cyber incidents and developments, balancing government, enterprise, and individual targets. Listeners gain a clear perspective on the diversity of threats, response strategies, and the broader impact of persistent cyber risks in both policy and daily operations.