Seiko USA Website Defaced in Extortion Attack, Customer Data Allegedly Stolen Over the weekend, the Seiko USA website was defaced by attackers who claimed to have breached the company’s Shopify customer database and demanded a ransom to prevent its public release. The "Press Lounge" section of the site was replaced with a defacement page titled "HACKED," which included a ransom note and a warning of a data breach. The attackers asserted they had accessed Seiko USA’s Shopify backend and exfiltrated sensitive customer information, including: - Customer details (names, email addresses, phone numbers) - Order history (purchase records, transaction details) - Shipping data (addresses, shipping preferences) - Account information (creation dates, customer notes) To prove their access, the threat actors instructed Seiko USA to locate a specific customer account (ID 8069776801871) in the Shopify admin panel, where they claimed to have added a contact email for negotiations. The attackers set a 72-hour deadline before allegedly publishing the stolen data. As of now, the legitimacy of the breach remains unconfirmed. Seiko USA has not publicly responded to inquiries from BleepingComputer but has since removed the extortion message from its website. The identity of the threat actors and the validity of their claims are still unclear.

Logan Square Vintage Shop Hit by Storefront Crash After $33K Cyberattack A small business in Chicago’s Logan Square neighborhood is recovering from a double blow after a car crashed into its storefront just months after falling victim to a $33,000 cyberattack. On Wednesday, a driver accidentally accelerated into Lost Girls Vintage, causing significant damage to the shop’s front. Fortunately, no one was injured; employees were on lunch break at the time of the incident. The store has since boarded up and remains temporarily closed, with owners uncertain about a reopening timeline. Chicago police reported the driver was attempting to park and faced no citations. The crash compounds an already challenging year for the vintage shop. In a prior incident, hackers breached its Shopify account, opening a fraudulent line of credit in the business’s name and siphoning over $33,000. Co-owner Kyla Embrey described the year as a streak of misfortune but emphasized gratitude that no one was harmed in the crash. With back-to-back financial setbacks, the business is seeking community support through gift card purchases while navigating insurance claims and repairs. Owners have expressed no ill will toward the driver, focusing instead on recovery.

CISA Flags Actively Exploited React Native CLI Vulnerability (CVE-2025-11953) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-11953 to its Known Exploited Vulnerabilities (KEV) catalog on February 5, 2026, after confirming active exploitation of an OS command injection flaw in the React Native Community CLI. Federal agencies must patch the vulnerability by February 26, 2026, under Binding Operational Directive (BOD) 22-01. The flaw affects Metro Development Servers, a core component of React Native, a widely used framework for cross-platform mobile apps deployed by enterprises like Meta and Shopify. Attackers can exploit the vulnerability by sending unauthenticated POST requests to a vulnerable endpoint, enabling remote code execution (RCE). On Windows systems, this escalates to full shell control, allowing threat actors to deploy ransomware, exfiltrate data, or establish persistent backdoors. The open-source nature of the React Native Community CLI amplifies supply chain risks, as the flaw could propagate through third-party libraries and proprietary applications. While no ransomware group has claimed responsibility, such vulnerabilities are frequently leveraged in advanced persistent threat (APT) campaigns for initial access. Organizations with CI/CD pipelines or development environments face heightened risk, particularly if Metro servers commonly exposed in local workflows are accessible. Weak network segmentation could enable lateral movement within compromised environments. Security teams are advised to monitor for anomalous POST requests to CLI endpoints (e.g., `/cli/debugger`) and indicators of compromise (IOCs), such as unexpected process spawns. Mitigation measures include: - Immediate patching via GitHub updates (verified with `npx @react-native-community/cli@latest doctor`). - Firewalling Metro ports (default: 8081). - Endpoint detection and response (EDR) for command-line monitoring. - Discontinuing unpatched instances in production or development environments. CISA has urged Federal Civilian Executive Branch (FCEB) agencies to prioritize remediation, emphasizing that development tools remain prime targets in the expanding 2026 attack surface.

The customer transactional records of some merchants of Ottawa-based tech firm Shopify Inc were illegitimately breached by ogue two members of its support team. The compromised data included personal data including contact details and order details of more than 200 merchants. The company immediately took preventive measures and fired both the employees.