Microsoft has developed a lightweight scanner designed to detect backdoors in open-weight large language models (LLMs). The scanner identifies three key signals to flag backdoors while maintaining a low false positive rate. The tool can detect model poisoning, where threat actors embed hidden behaviors into the model's weights during training, causing unintended actions upon trigger detection. The scanner works by analyzing memorized content and attention patterns in LLMs without requiring additional training or prior knowledge of backdoor behavior. The scanner is part of Microsoft's broader initiative to address AI-specific security concerns, including prompt injections and data poisoning, as part of its Secure Development Lifecycle (SDL).

CISA has confirmed that ransomware gangs are now exploiting a high-severity VMware ESXi sandbox escape vulnerability (CVE-2025-22225), which was previously used in zero-day attacks. The flaw allows privileged attackers within the VMX process to perform arbitrary kernel writes, leading to a sandbox escape. Broadcom patched this vulnerability in March 2025, but it has since been leveraged in ransomware campaigns. The vulnerability affects multiple VMware products, including ESXi, Fusion, Cloud Foundation, vSphere, Workstation, and Telco Cloud Platform.

Threat actors are exploiting commercial virtual private server (VPS) infrastructure to quickly and discreetly set up attack infrastructure. This tactic has been observed in coordinated SaaS account compromises across multiple customer environments. VPSs are favored due to their low cost, rapid deployment, and minimal open-source intelligence footprints. The abuse of VPS infrastructure has increased in SaaS-targeted campaigns, enabling attackers to bypass geolocation-based defenses and evade IP reputation checks. The SystemBC proxy botnet operators maintain an average of 1,500 bots daily, exploiting vulnerable commercial VPS infrastructure. This network has been active since at least 2019 and is used by various threat actors, including ransomware gangs, to deliver payloads. The use of VPS infrastructure allows attackers to mimic local traffic, blend into legitimate behavior, and rapidly deploy attack infrastructure, making detection and tracking more challenging. The SystemBC network is built for volume with little concern for stealth, and it powers other criminal proxy networks. It has over 80 command-and-control (C2) servers and fuels other proxy network services, including REM Proxy and a Vietnamese-based proxy network called VN5Socks or Shopsocks5. Nearly 80% of the SystemBC network consists of compromised VPS systems from multiple large commercial providers, with infected VPS systems having multiple easy-to-exploit vulnerabilities, with an average of 20 unpatched security issues and at least one critical-severity vulnerability. REM Proxy is a sizeable network, which also markets a pool of 20,000 Mikrotik routers and a variety of open proxies it finds freely available online. The SystemBC botnet comprises over 80 C2 servers and a daily average of 1,500 victims, of which nearly 80% are compromised virtual private server (VPS) systems from several large commercial providers. Close to 40% of the compromises have "extremely long average" infection lifespans, lasting over 31 days. The vast majority of the victimized servers have been found to be susceptible to several known security flaws. Each victim has 20 unpatched CVEs and at least one critical CVE on average, with one of the identified VPS servers in the U.S. city of Atlanta vulnerable to more than 160 unpatched CVEs. The IP address 104.250.164[.]214 hosts the artifacts and appears to be the source of attacks to recruit potential victims. SystemBC is used to brute-force WordPress site credentials, which are likely sold to brokers for malicious code injection. SystemBC has exhibited sustained activity and operational resilience across multiple years, establishing itself as a persistent vector within the cyber threat landscape. SystemBC has been linked to more than 10,000 infected IP addresses worldwide, including systems associated with sensitive government infrastructure. The malware, also known as Coroxy or DroxiDat, turns compromised systems into SOCKS5 relays, allowing threat actors to route malicious traffic through victim machines. Infections have been observed deploying additional malware, expanding the scope of compromise. Silent Push analysts developed a SystemBC-specific tracking fingerprint to identify infections and supporting infrastructure at scale. The infections were globally distributed, with the highest concentration in the US, followed by Germany, France, Singapore, and India. Many affected systems were hosted within data center environments, helping infections persist for weeks or months. A previously undocumented SystemBC variant written in Perl was discovered, targeting Linux systems with no detections across 62 antivirus engines. SystemBC C2 infrastructure frequently relies on abuse-tolerant, bulletproof hosting providers, including BTHoster and AS213790 (BTCloud). Over 10,340 victim IP addresses were identified within a single hosting cluster, with infections lasting an average of 38 days and some persisting for more than 100 days. Compromised IP addresses used to host official government websites in Burkina Faso and Vietnam were found within the dataset. SystemBC activity often appears early in intrusion chains and frequently precedes ransomware deployment.

CISA has added multiple vulnerabilities to its KEV catalog due to active exploitation. The flaws affect Citrix Session Recording, Git, and Citrix NetScaler ADC and NetScaler Gateway. The Citrix Session Recording vulnerabilities were patched in November 2024, the Git flaw (CVE-2025-48384) was addressed in July 2025, and the NetScaler vulnerabilities were patched in August 2025. Additionally, CISA has added a five-year-old GitLab vulnerability (CVE-2021-39935) to its KEV catalog, which is actively being exploited in attacks. Federal agencies must apply mitigations by September 15, 2025, for the earlier vulnerabilities and within 48 hours for the NetScaler vulnerabilities, and by February 24, 2026, for the GitLab vulnerability. The vulnerabilities are CVE-2024-8068, CVE-2024-8069, CVE-2025-48384, CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424. The first two affect Citrix Session Recording, the third affects Git, and the last three affect Citrix NetScaler ADC and NetScaler Gateway. CVE-2025-48384 is an arbitrary file write vulnerability in Git due to inconsistent handling of carriage return characters in configuration files. The vulnerability affects macOS and Linux systems, with Windows systems being immune due to differences in control character usage. The flaw was resolved in Git versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1. The vulnerability impacts software developers using Git on workstations and CI/CD build systems. CVE-2021-39935 is a server-side request forgery (SSRF) flaw in GitLab that allows unauthenticated attackers to access the CI Lint API. The vulnerability affects GitLab CE/EE versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, and all versions starting from 14.5 before 14.5.2. GitLab patched the flaw in December 2021. CISA added the flaw to its KEV catalog on February 4, 2026, mandating federal agencies to patch it by February 24, 2026. CVE-2025-7775 is a memory overflow vulnerability leading to remote code execution and/or denial-of-service. CVE-2025-7776 is a memory overflow vulnerability leading to unpredictable behavior and denial-of-service. CVE-2025-8424 is an improper access control vulnerability in the NetScaler Management Interface. CVE-2025-7775 has been actively exploited in the wild and was added to the CISA KEV catalog on August 26, 2025, requiring federal agencies to remediate within 48 hours. The vulnerabilities affect both supported and unsupported, end-of-life versions of Citrix NetScaler ADC and NetScaler Gateway. Nearly 20% of NetScaler assets identified are on unsupported versions, primarily in North America and the APAC region. The vulnerabilities affect similar components in NetScaler ADC and NetScaler Gateway as the CitrixBleed and CitrixBleed2 vulnerabilities.

Flare researchers discovered over 10,000 Docker Hub container images leaking production API keys, cloud tokens, CI/CD credentials, and AI model access tokens. These non-human identities (NHIs), which authenticate applications and automated services, often have broad privileges and indefinite lifespans. The exposures highlight systemic issues in credential governance and automated secret detection, with real-world incidents like the Snowflake breach and Home Depot's year-long exposure demonstrating the risks of unmanaged NHIs.

ShadowSyndicate, a cybercrime cluster linked to multiple ransomware groups, has expanded its infrastructure. Researchers identified new technical markers, including reused SSH fingerprints, that connect dozens of servers to the same operator. The group has been active since 2023 and maintains a consistent infrastructure pattern. New SSH fingerprints and server transfers between internal clusters were observed, linking previously known servers to newly deployed infrastructure. The group uses commercial red-team frameworks and open-source post-exploitation tools, with ties to ransomware groups like Cl0p, ALPHV/BlackCat, and Ryuk. Group-IB recommends monitoring IoCs, autonomous systems, and unusual login activities to defend against this threat.

A custom EDR killer tool has been observed using a revoked but still valid EnCase kernel driver to disable 59 security tools. The attack involved breaching a network via compromised SonicWall SSL VPN credentials and exploiting the lack of multi-factor authentication (MFA). The tool terminates security processes using the driver's kernel-mode IOCTL interface, bypassing Windows protections like Protected Process Light (PPL). The intrusion is suspected to be related to ransomware activity, though the final payload was not deployed.

Amaranth-Dragon, a China-linked threat actor, has conducted targeted espionage campaigns against government and law enforcement agencies in Southeast Asia throughout 2025. The group exploited CVE-2025-8088, a WinRAR vulnerability, to deliver malicious payloads, including the Havoc C2 framework and TGAmaranth RAT. The campaigns were timed to coincide with sensitive political and security events, demonstrating a high degree of stealth and operational discipline. The group's tactics, tools, and procedures (TTPs) show strong links to APT41, suggesting a shared ecosystem or resource pool.

A path traversal vulnerability in WinRAR (CVE-2025-8088, CVSS 8.8) is being actively exploited in the wild. The flaw allows arbitrary code execution by crafting malicious archive files. The vulnerability affects Windows versions of WinRAR, RAR, UnRAR, portable UnRAR source code, and UnRAR.dll. The issue was discovered by researchers from ESET and addressed in WinRAR version 7.13, released on July 30, 2025. Multiple threat actors, including Paper Werewolf, RomCom, UNC4895, APT44, TEMP.Armageddon, Turla, and China-linked actors, have exploited this vulnerability to target various organizations. A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, has also exploited the CVE-2025-8088 vulnerability in espionage attacks on government and law enforcement agencies in Singapore, Thailand, Indonesia, Cambodia, Laos, and the Philippines. The attacks involve phishing emails with malicious archives that, when opened, exploit the vulnerability to write files outside the intended directory and achieve code execution. The payloads include a .NET loader that sends system information to an external server and receives additional malware. Financially motivated actors are also exploiting the flaw to distribute commodity remote access tools and information stealers. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting the WinRAR vulnerability CVE-2025-8088. The exploit chain often involves concealing the malicious file within the alternate data streams (ADS) of a decoy file inside the archive, causing the payload to be extracted to a specific path (e.g., the Windows Startup folder) and automatically executing it once the user logs in to the machine after a restart.

Phishing attacks detected in 2025 increased more than double compared to 2024, with one email caught every 19 seconds. AI technology is enabling threat actors to generate, test, and deploy phishing campaigns at scale, resulting in faster, more adaptive, and convincing attacks. The rise includes polymorphic, multi-channel campaigns that continuously change their appearance while maintaining malicious intent. AI is helping threat actors compose emails in near-flawless local languages, contributing to a 18% rise in conversational phishing emails. Other trends include highly personalized campaigns, polymorphism by default, and a surge in the use of remote access tools (RATs). The .es TLD saw a 19-fold increase in use for credential phishing, making it the third-most abused domain. The report also noted a 204% increase in phishing emails delivering malware in 2025 compared to 2024.

Multiple critical vulnerabilities have been disclosed in the n8n workflow automation platform. The most recent flaws, tracked as CVE-2026-1470 (CVSS 9.9) and CVE-2026-0863 (CVSS 8.5), allow authenticated users to bypass sandbox mechanisms and achieve remote code execution. These vulnerabilities affect various versions of n8n and have been patched in the latest versions. Additionally, three other critical vulnerabilities (CVE-2025-68613, CVE-2025-68668, and CVE-2026-21877) have been disclosed, affecting various versions of n8n. Over 103,000 instances are potentially vulnerable, with a significant number located in the U.S., Germany, France, Brazil, and Singapore. Users are advised to upgrade to the latest patched versions or implement mitigations such as disabling the Git node and limiting access for untrusted users. The Ni8mare vulnerability (CVE-2026-21858) affects over 100,000 servers potentially exposed. The vulnerability could enable attackers to access API credentials, OAuth tokens, database connections, and cloud storage. The vulnerability is related to the webhooks that start workflows in n8n. The platform parses incoming data based on the 'content-type' header in a webhook. When a request is 'multipart/form-data', the platform uses a special file upload parser (Formidable) which stores the files in temporary locations. For all other content types, a regular parser is used. The file upload parser wraps Formidable's parse() function, populating req.body.files with the output from Formidable. If a threat actor changes the content type to something like application/json, the n8n middleware would call the regular parser instead of the special file upload parser. This means req.body.files wouldn't be populated, allowing attackers to control the file metadata and file path. The vulnerability was reported on November 9 and fixed nine days later. Over 105,753 unpatched instances of n8n were found exposed online, with 59,558 still exposed on Sunday. More than 28,000 IPs were found in the United States and over 21,000 in Europe. n8n is widely used in AI development to automate data ingestion and build AI agents and RAG pipelines. The Pillar Security advisory addressing both flaws has a GitHub vulnerability identifier, GHSA-6cqr-8cfr-67f8, but the CVE identifier for either of the vulnerabilities was not revealed. The vulnerabilities allow authenticated users to achieve complete server control and steal stored credentials, including API keys, cloud provider keys, database passwords, and OAuth tokens. The first flaw was reported by Pillar Security to n8n maintainers, who released a patch, but a second vulnerability bypassing the fix was discovered 24 hours after the initial patch was deployed. n8n released a new patched version, version 2.4.0, with fixes for both vulnerabilities, in January 2026. Companies using n8n for AI orchestration face credential exposure when using OpenAI, Anthropic, Azure OpenAI, and Hugging Face as well as vector database access (e.g., Pinecone, Weaviate, Qdrant). Attackers who exploit these flaws can intercept AI prompts, modify AI responses, redirect traffic through attacker-controlled endpoints, and exfiltrate sensitive data from AI interactions. On n8n cloud, a single compromised user could potentially access shared infrastructure and other customers' data within the Kubernetes cluster. Pillar Security recommended upgrading to n8n version 2.4.0 or later, rotating the encryption key and all credentials, auditing workflows, and monitoring AI workflows for unusual patterns.

Orchid Security has launched a platform for continuous identity observability, addressing the blind spots in traditional Identity and Access Management (IAM) systems. The platform discovers, analyzes, orchestrates, and audits identity usage across enterprise applications, including custom-built apps, legacy systems, and embedded credentials. This approach aims to uncover 'Identity Dark Matter'—identity risks that operate outside the visibility of conventional IAM tools. The solution integrates with existing security workflows to provide real-time visibility and actionable insights into identity risks.

A critical security flaw, dubbed DockerDash, has been disclosed in Docker's Ask Gordon AI assistant. The vulnerability allows attackers to execute arbitrary commands or exfiltrate data by manipulating metadata in Docker images. The flaw stems from the lack of validation in the Model Context Protocol (MCP) gateway, enabling attackers to bypass security boundaries without traditional software bugs. The issue affects both cloud CLI environments and Docker Desktop, with different impacts depending on the deployment. Docker has released patches and mitigation strategies to address the vulnerability. The vulnerability involves a three-stage attack where malicious metadata in Docker images is interpreted and executed by the MCP Gateway without validation. The attack chain involves publishing a malicious Docker image, querying Ask Gordon AI, forwarding instructions to the MCP Gateway, and executing commands with the victim's Docker privileges. The data exfiltration vulnerability in Docker Desktop allows capturing sensitive internal data about the victim's environment using MCP tools. Ask Gordon version 4.50.0 also resolves a prompt injection vulnerability discovered by Pillar Security.

Rui-Siang Lin, the operator of Incognito Market, one of the world's largest dark web drug marketplaces, was sentenced to 30 years in prison. The platform facilitated the sale of over $105 million worth of illegal drugs, including methamphetamine, cocaine, amphetamine, and fentanyl-laced ecstasy. Lin pleaded guilty to money laundering, conspiring to distribute narcotics, and conspiring to sell adulterated and misbranded medication. The marketplace, operational from October 2020 to March 2024, had over 1,800 vendors and 400,000 customer accounts, processing more than 640,000 transactions. Lin's actions were linked to at least one death and exacerbated the opioid crisis.

Researchers discovered two critical vulnerabilities in Google Looker, a business intelligence and data analytics platform used by over 60,000 companies. The first vulnerability, tracked as CVE-2025-12743, allows SQL injection to access sensitive internal databases containing user lists, secrets, and configurations. The second vulnerability enables remote code execution (RCE) on Looker servers, potentially allowing attackers to access highly sensitive data and perform lateral movement within compromised environments. In cloud deployments, this RCE could also facilitate access to other tenants' cloud environments and data. Google has patched these vulnerabilities, but organizations using on-premises deployments must manually update to secure versions, facing challenges such as system downtime, compatibility testing, and shadow IT issues.

SolarWinds has released security updates to address multiple critical vulnerabilities in SolarWinds Web Help Desk, including CVE-2025-40536, CVE-2025-40537, CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, and CVE-2025-40554. These vulnerabilities could result in authentication bypass and remote code execution (RCE). CVE-2025-40551 is actively exploited in attacks and has been added to CISA's KEV catalog. SolarWinds Web Help Desk is used by more than 300,000 customers worldwide, including government agencies, large corporations, healthcare organizations, and educational institutions. SolarWinds has previously released a third patch to address a critical deserialization vulnerability (CVE-2025-26399) in Web Help Desk 12.8.7 and earlier versions. This flaw allows unauthenticated remote code execution (RCE) on affected systems. The vulnerability was discovered by an anonymous researcher and reported through Trend Micro's Zero Day Initiative (ZDI). The flaw is a patch bypass for CVE-2024-28988, which itself was a bypass for CVE-2024-28986. The original vulnerability was exploited in the wild and added to the KEV catalog by CISA. SolarWinds advises users to update to version 12.8.7 HF1 to mitigate the risk. SolarWinds Web Help Desk is a help desk and ticketing suite used by medium-to-large organizations for IT support request tracking, workflow automation, asset management, and compliance assurance. The vulnerability affects the AjaxProxy component, and the hotfix requires replacing specific JAR files.

Incident response (IR) failures often stem from decisions made in the first moments after detection, not from a lack of tools or skills. The 'first 90 seconds' refers to the critical initial phase where responders establish direction, preserve evidence, and determine the scope of the intrusion. This phase repeats as the investigation expands, requiring consistent discipline to avoid compounding mistakes. Effective IR involves understanding the environment, prioritizing evidence, and avoiding premature closure to prevent persistent threats.

A sophisticated malware campaign, codenamed GPUGate, targets IT and software development companies in Western Europe, with recent expansions to macOS users. The campaign leverages Google Ads, SEO poisoning, and fake GitHub commits to deliver malware, including the Atomic macOS Stealer (AMOS) and Odyssey. The attack began in December 2024 and uses a 128 MB Microsoft Software Installer (MSI) to evade detection. The malware employs GPU-gated decryption and various techniques to avoid analysis and detection. The end goal is information theft and delivery of secondary payloads. The threat actors have native Russian language proficiency and use a cross-platform approach. The campaign has expanded to target macOS users through fake Homebrew, LogMeIn, and TradingView platforms. These platforms impersonate popular tools and use SEO poisoning to distribute the Atomic Stealer malware and Odyssey. The threat actors use multiple GitHub usernames to evade takedowns and deploy malware via Terminal commands. Similar tactics have been observed in previous campaigns using malicious Google Ads and public GitHub repositories. The AMOS malware now includes a backdoor component for persistent, stealthy access to compromised systems. The campaign impersonates over 100 software solutions, including 1Password, Dropbox, Confluence, Robinhood, Fidelity, Notion, Gemini, Audacity, Adobe After Effects, Thunderbird, and SentinelOne. The fake GitHub pages were created on September 16, 2025, and were immediately submitted for takedown. The campaign has been active since at least April 2023, with previous similar campaigns observed in July 2025. A new AMOS infostealer campaign abuses Google search ads to lure users into Grok and ChatGPT conversations that lead to installing the AMOS malware on macOS. The campaign was first spotted by researchers at Kaspersky, with a more detailed report by Huntress. The ClickFix attack begins with victims searching for macOS-related terms, leading to malicious instructions in AI chats. The malicious instructions are hosted on legitimate LLM platforms and contain commands to install the malware. The base64-encoded URL decodes into a bash script that loads a fake password prompt dialog. The script validates, stores, and uses the provided password to execute privileged commands, including downloading and executing the AMOS infostealer. AMOS was first documented in April 2023 and is a malware-as-a-service (MaaS) operation targeting macOS systems exclusively. AMOS added a backdoor module earlier this year, allowing operators to execute commands, log keystrokes, and drop additional payloads. AMOS is dropped as a hidden file and scans for cryptocurrency wallets, browser data, macOS Keychain data, and files on the filesystem. Persistence is achieved via a LaunchDaemon running a hidden AppleScript that restarts the malware if terminated. Users are advised to be vigilant and avoid executing commands they found online, especially if they don't fully understand what they do. Kaspersky noted that asking ChatGPT if the provided instructions are safe reveals they are not. Microsoft has warned that information-stealing attacks are rapidly expanding beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since late 2025 to distribute disk image (DMG) installers that deploy stealer malware families like Atomic macOS Stealer (AMOS), MacSync, and DigitStealer. The campaigns use techniques like fileless execution, native macOS utilities, and AppleScript automation to facilitate data theft, including web browser credentials and session data, iCloud Keychain, and developer secrets. The starting point of these attacks is often a malicious ad, often served through Google Ads, that redirects users searching for tools like DynamicLake and artificial intelligence (AI) tools to fake sites that employ ClickFix lures, tricking them into infecting their own machines with malware.

The Eclipse Foundation is introducing mandatory pre-publish security checks for extensions submitted to the Open VSX Registry. This shift from a reactive to a proactive approach aims to prevent malicious extensions from being published and to combat supply chain threats. The new checks will flag impersonation, exposed credentials, and known malicious patterns, with enforcement beginning in March 2026 after a February 2026 trial period. The move follows increasing attacks on open-source package registries and extension marketplaces, including recent incidents of compromised publisher accounts and poisoned updates.

The Dutch National Cyber Security Centre (NCSC-NL) has confirmed active exploitation of the critical Citrix NetScaler CVE-2025-6543 vulnerability in several critical organizations within the Netherlands. The flaw, which allows unintended control flow and denial-of-service (DoS), has been exploited since May 2025. A recent coordinated reconnaissance campaign targeting Citrix NetScaler infrastructure used tens of thousands of residential proxies to discover login panels between January 28 and February 2, 2026. The activity involved 63,000 distinct IPs launching 111,834 sessions, with 79% of the traffic aimed at Citrix Gateway honeypots. Investigations are ongoing to determine the full extent of the impact. The exploitation involved the use of web shells for remote access, and attackers attempted to erase traces of their activities. Organizations are advised to apply the latest updates, terminate active sessions, and run a provided shell script to hunt for indicators of compromise.

AI is increasingly augmenting and even replacing human pen testers, despite challenges like false positives and limitations in finding complex vulnerabilities. AI tools are improving rapidly, with some already outperforming human testers in specific tasks. However, human oversight remains essential for validation, accountability, and handling complex scenarios. The future of penetration testing is likely to be a hybrid model where AI handles repetitive tasks, while humans focus on strategic and creative aspects.

Under Armour is investigating a data breach after 72 million customer records were allegedly exposed online by the Everest ransomware group. The breach reportedly occurred in November 2025, with data including email addresses, personal information, and purchase details being published on a hacking forum in January 2026. Under Armour has confirmed the investigation and stated that there is no evidence the breach affected payment systems or customer passwords. Additionally, Iron Mountain, a data storage and recovery services company, reported a breach by the Everest group, which was limited to marketing materials and did not involve customer confidential or sensitive information.

A security audit by Koi Security identified 341 malicious skills on ClawHub, a marketplace for OpenClaw users, which distribute Atomic Stealer malware to steal sensitive data from macOS and Windows systems. The campaign, codenamed ClawHavoc, uses social engineering tactics to trick users into installing malicious prerequisites. The skills masquerade as legitimate tools, including cryptocurrency utilities, YouTube tools, and finance applications. OpenClaw has added a reporting feature to mitigate the issue. The malware targets API keys, credentials, and other sensitive data, exploiting the open-source ecosystem's vulnerabilities. The campaign coincides with a report from OpenSourceMalware, highlighting the same threat. The intersection of AI agent capabilities and persistent memory amplifies the risks, enabling stateful, delayed-execution attacks. New findings reveal almost 400 fake crypto trading add-ons in the project behind the viral Moltbot/OpenClaw AI assistant tool can lead users to install information-stealing malware. These addons, called skills, masquerade as cryptocurrency trading automation tools and target ByBit, Polymarket, Axiom, Reddit, and LinkedIn. The malicious skills share the same command-and-control (C2) infrastructure, 91.92.242.30, and use sophisticated social engineering to convince users to execute malicious commands which then steals crypto assets like exchange API keys, wallet private keys, SSH credentials, and browser passwords.

A SQL injection vulnerability in the Quiz and Survey Master (QSM) plugin for WordPress, affecting versions 10.3.1 and earlier, has been discovered. The flaw allowed authenticated users with Subscriber-level privileges or higher to interfere with database queries, potentially leading to unauthorized data access. The vulnerability was patched in version 10.3.2, released on December 4, 2025. The issue highlights the risks of improper input validation and the importance of using prepared statements in database queries.

Enterprises face growing security risks due to unmanaged AI agent identities. Traditional identity management systems are inadequate for autonomous, decentralized AI agents, leading to identity sprawl and potential breaches. AI agents operate at machine speed and scale, inheriting human-like intent while retaining machine-like persistence, creating unique security challenges. Effective AI agent identity lifecycle management is crucial to mitigate these risks.

The European Commission has launched a formal investigation into X (formerly Twitter) under the Digital Services Act (DSA) to assess risks associated with its Grok AI tool, which has been used to generate sexually explicit images, including child sexual abuse material (CSAM). French prosecutors have raided X's offices in Paris as part of a criminal investigation into Grok AI, which has been used to generate illegal content. The investigation, opened in January 2025, has expanded to include sexual deepfakes, Holocaust-denial content, and a significant drop in CSAM reports. UK authorities, including the Information Commissioner's Office (ICO), have also launched a formal investigation into X and its Irish subsidiary over reports that Grok AI was used to generate nonconsensual sexual images. The ICO will examine whether X processed personal data lawfully and whether adequate safeguards were in place to prevent Grok from creating harmful, manipulated images. UK and California authorities are also investigating X's compliance with data protection and online safety laws. X has restricted Grok's image generation capabilities to paid subscribers, a move criticized by UK officials.

A webinar titled 'Breaking Down the Modern SOC: What to Build vs Buy vs Automate' is scheduled to address the challenges faced by security operations centers (SOCs). The session will provide practical insights into optimizing SOC operations by determining what to build, buy, and automate. It will feature a real customer case study and a practical checklist for immediate use.

A critical security flaw in the React Native CLI package, tracked as CVE-2025-11953, allowed remote, unauthenticated attackers to execute arbitrary OS commands on development servers. The vulnerability affected versions 4.8.0 through 20.0.0-alpha.2 of the @react-native-community/cli-server-api package, impacting millions of developers using the React Native framework. The flaw was patched in version 20.0.0. The vulnerability is being actively exploited in the wild, with attacks observed on December 21, 2025, January 4, 2026, and January 21, 2026. The attacks involve delivering base-64 encoded PowerShell payloads hidden in the HTTP POST body of malicious requests. The payloads disable endpoint protections, establish a raw TCP connection to attacker-controlled infrastructure, write data to disk, and execute the downloaded binary. Approximately 3,500 exposed React Native Metro servers are still online, according to scans using the ZoomEye search engine. Despite active exploitation being observed for over a month, the vulnerability still carries a low score in the Exploit Prediction Scoring System (EPSS). The vulnerability affects Windows, Linux, and macOS systems, with varying levels of control over executed commands. The flaw was discovered by researchers at JFrog and disclosed in early November 2025. The vulnerability is dubbed Metro4Shell by VulnCheck. The Windows payload is a Rust-based UPX-packed binary with basic anti-analysis logic, and the same attacker infrastructure hosts corresponding Linux binaries, indicating cross-platform targeting.

A new ransomware-as-a-service (RaaS) group named Vect has emerged, targeting organizations in Brazil and South Africa. The group, which began recruiting affiliates in December 2025, uses custom-built C++ malware with ChaCha20-Poly1305 AEAD encryption and intermittent encryption techniques. Vect operates with a high level of maturity, offering cross-platform ransomware targeting Windows, Linux, and VMware ESXi, and employs strong operational security measures. The group has already claimed two victims and operates a double extortion model. Vect's malware is notable for its speed and disruption capabilities, and the group's infrastructure is exclusively hosted on TOR hidden services. Initial access is likely achieved through exposed RDP/VPN, stolen credentials, phishing, or vulnerability exploitation.

Threat actors are actively exploiting a critical remote code execution (RCE) flaw (CVE-2025-11953, CVSS 9.8) in the Metro Development Server within the @react-native-community/cli npm package. First observed on December 21, 2025, the vulnerability allows unauthenticated attackers to execute arbitrary OS commands. Exploits deliver a PowerShell script that disables Microsoft Defender exclusions and downloads a Rust-based binary with anti-analysis features from an attacker-controlled host. The attacks originate from multiple IP addresses and indicate operational use rather than experimental probing.