• FILTER BY YEAR 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2nd February - Threat Intelligence Report For the latest discoveries in cyber research for the week of 2nd February, please download ourThreat Intelligence Bulletin. • TOP ATTACKS AND BREACHES MicroWorld Technologies, maker of eScan antivirus, hassuffereda supply-chain compromise. • Malicious updates were pushed via the legitimate eScan updater, delivering multi-stage malware that establishes persistence, enables remote access, and blocks automatic updates. • In response, eScan shut down its global update service for more than eight hours. • Crunchbase, a private company intelligence platform, hasconfirmeda data breach of over 2 million records claimed by ShinyHunters threat group after a ransom demand was refused. • The published files were stolen from its corporate network and include customer names, contact details, partner contracts and other internal documents.
Article Summaries:
- 2nd February - Threat Intelligence Report
The week’s highlights include a supply‑chain breach at MicroWorld Technologies, where malicious eScan updates delivered multi‑stage malware and forced the antivirus vendor to suspend global updates for eight hours. Crunchbase confirmed a 2 million‑record data leak after a ransom demand was refused, while Qilin ransomware group exposed a database from Tulsa International Airport, though the airport has not confirmed a compromise. Nike suffered a 1.4 TB breach by WorldLeaks. AI‑related threats surfaced: Clawdbot exposed 900 unauthenticated instances, RedKitten targeted Iranian activists with LLM‑assisted implants, and 16 malicious Chrome extensions hijacked ChatGPT sessions. Vulnerabilities included a critical WinRAR path‑traversal (CVE‑2025‑8088) and two SmarterMail RCE flaws, both actively exploited. Check Point’s IPS and Threat Emulation solutions cover the listed threats.
- Check Point Research has traced a series of targeted attacks in Southeast Asia, collectively dubbed “Amaranth‑Dragon,” to a Chinese threat actor. The campaigns focus on government and law‑enforcement agencies, timing strikes around local political events. A new loader, Amaranth Loader, shares code with APT‑41 tools and retrieves an AES‑encrypted payload that is executed in memory. The payload is the Havoc C&C framework, normally used by security professionals. Delivery is believed to be via malicious RAR archives exploiting CVE‑2025‑8088, a WinRAR path‑traversal flaw disclosed in August 2025. The loader’s C&C servers are shielded behind Cloudflare and restricted to target‑country IP ranges.
Sources: