Tag: malicious
-
Russian hackers exploited a critical Office bug within days of disclosure
One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
-
PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users
A new threat called PhantomVAI, a custom >>loader<>RunPE<<. This loader […] The post PhantomVAI Custom Loader Abuses RunPE Utility to Launch Stealthy Attacks on Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/phantomvai-custom-loader/
-
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks
A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
-
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don’t end up getting…
-
Shadow DNS Operation Abuses Compromised Routers to Manipulate Internet Traffic
A sophisticated shadow DNS network that hijacks internet traffic by compromising home and business routers. The operation, active since mid-2022, manipulates DNS resolution through malicious resolvers hosted by Aeza International (AS210644), a bulletproof hosting provider sanctioned by the U.S. Treasury Department in July 2025. The threat campaign targets older router models, modifying their DNS configuration…
-
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
APT28’s attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-hackers-weaponize-office-bug-within-days
-
Fake Dropbox Phishing Campaign Targets Users, Steals Login Credentials
A sophisticated phishing campaign that uses a multi-stage approach to bypass email filtering and content-scanning systems. The attack exploits trusted platforms, benign file formats, and layered redirection techniques to harvest user credentials from unsuspecting victims successfully. The attack chain begins with a professionally crafted phishing email containing a PDF attachment. The malicious payload leverages legitimate…
-
Fake Compliance Emails Weaponize Word and PDF Attachments to Steal Sensitive Data
A newly observed phishing campaign is abusing fake “audit/compliance confirmation” emails to target macOS users and steal highly sensitive data. The campaign uses convincing business-themed lures and malicious attachments that masquerade as Word or PDF files to trick employees into executing an AppleScript-based payload. Attackers begin by sending emails asking recipients to “confirm the company’s…
-
Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw
A security researcher found 386 malicious ‘skills’ published on ClawHub, a skill repository for the popular OpenClaw AI assistant project First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-crypto-trading-skills/
-
Hundreds of Malicious Crypto Trading Addons Found in Moltbot/OpenClaw
A security researcher found 386 malicious ‘skills’ published on ClawHub, a skill repository for the popular OpenClaw AI assistant project First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-crypto-trading-skills/
-
Hundreds of Malicious Skills Found in OpenClaw’s ClawHub
Researchers found hundreds of malicious skills in OpenClaw’s ClawHub, revealing a coordinated AI supply chain attack. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/hundreds-of-malicious-skills-found-in-openclaws-clawhub/
-
JFrog Researchers Surface Vulnerabilities in AI Automation Platform from n8n
JFrog security researchers have discovered a pair of critical vulnerabilities in a workflow automation platform from n8n that makes use of large language models (LLMs) to execute tasks. A CVE-2026-1470 vulnerability, rated 9.9, enables a malicious actor to remotely execute JavaScript code by manipulating a Statement capability in the n8n platform that is used to..…
-
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/
-
Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack
Rapid7 identifies custom malware: Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.”Forensic analysis conducted by the MDR team suggests that the…
-
Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom
Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the…
-
Abuse of OpenClaw AI Capabilities Enables Stealthy Malware Campaigns
Tags: ai, attack, automation, backdoor, cyber, malicious, malware, marketplace, skills, supply-chain, threatHundreds of malicious skills are distributed through OpenClaw’s marketplace, transforming the popular AI agent ecosystem into a new supply chain attack vector. Threat actors are weaponizing the platform’s extensibility features to deliver droppers, backdoors, and infostealers disguised as legitimate automation tools.”‹ OpenClaw Skills Become Malware Distribution Channel OpenClaw is a self-hosted AI agent that executes…
-
GhostChat Malware Locks Victims’ Devices, Demands Passcodes for Restoration
A new Android spyware campaign that uses romance scams and fake chat profiles to spy on users in Pakistan. The malicious app, named GhostChat and detected as Android/Spy.GhostChat.A, disguises itself as a dating chat platform but is actually built for data theft and surveillance. Instead of being listed on Google Play, it is distributed as…
-
Shai-Hulud & Co.: The software supply chain as Achilles’ heel
Tags: access, ai, application-security, attack, backdoor, ciso, cloud, credentials, cyber, github, Hardware, identity, infrastructure, kritis, kubernetes, malicious, network, nis-2, programming, risk, rust, sbom, software, strategy, supply-chain, threat, tool, vulnerability, wormThe polyglot supply chain attack: The most frightening prospect, however, is the convergence of these threats in a polyglot supply chain attack. Currently, security teams operate in isolation. AppSec monitors the code, CloudSec monitors the cloud, NetworkSec monitors the perimeter. A polyglot attack is designed to seamlessly break through these silos.This happens as follows: A…
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Why Your WAF Missed It: The Danger of Double-Encoding and Evasion Techniques in Healthcare Security
Tags: access, ai, api, attack, data, data-breach, detection, exploit, governance, hacker, healthcare, intelligence, malicious, risk, technology, threat, tool, wafThe “Good Enough” Trap If you ask most organizations how they protect their APIs, they point to their WAF (Web Application Firewall). They have the OWASP Top 10 rules enabled. The dashboard is green. They feel safe. But attackers know exactly how your WAF works, and, more importantly, how to trick it. We recently worked…
-
MoltBot Skills exploited to distribute 400+ malware packages in days
Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw…
-
Zero-Day in Microsoft Office Enables Stealthy Malware Infections
Tags: cve, cyber, exploit, government, infection, infrastructure, malicious, malware, microsoft, office, vulnerability, zero-dayMicrosoft disclosed a critical zero-day vulnerability in Office products on January 26, 2026, tracked as CVE-2026-21509, with active exploitation in the wild confirmed. The vulnerability enables attackers to deploy sophisticated malware through malicious document files, targeting government organizations and critical infrastructure. Indicator Type Value CVE CVE-2026-21509 Malicious Domains freefoodaid[.]com, wellnesscaremed[.]com, wellnessmedcare[.]org C2 Infrastructure *.filen.net, *.filen.io…
-
Chinese Hackers Hijack Notepad++ Updates for 6 Months
State-sponsored threat actors compromised the popular code editor’s hosting provider to redirect targeted users to malicious downloads. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chinese-hackers-hijack-notepad-updates-6-months
-
Malicious MoltBot skills used to push password-stealing malware
More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool’s official registry and on GitHub. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-moltbot-skills-used-to-push-password-stealing-malware/
-
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks.ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It’s an extension to the OpenClaw project, a…
-
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks.ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It’s an extension to the OpenClaw project, a…