Threat-Intel

• ClickFix uses fake CAPTCHAs and bogus updates to trick users into executing malicious commands. • Traditional mshta and PowerShell vectors are blocked, so attackers shifted to ns

• Credential‑stealing Chrome extensions discovered; Malwarebytes Labs offers detection and removal guide. • Fake online shops target Winter Olympics 2026 fans, phishing for payment

• Researchers have found yet another family of malicious extensions in the Chrome Web Store. • This time, 30 different Chrome extensions were found stealing credentials from more t

• Fake shops target Winter Olympics 2026 fans If you’ve seen the two stoat siblings serving as official mascots of the Milano Cortina 2026 Winter Olympics, you already know Tina an

• Oracle VirtualBox VMSVGA race condition allows local attackers to elevate privileges to hypervisor level. • Exploit requires initial high‑privileged code execution on the guest O

• Advisory Details Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability ZDI-26-101ZDI-CAN-28080 This vulnerability allows local attackers to disclos

• Advisory Details Oracle VirtualBox VMSVGA Out-Of-Bounds Access Local Privilege Escalation Vulnerability ZDI-26-103ZDI-CAN-27923 This vulnerability allows local attackers to escal

• Advisory Details Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability ZDI-26-104ZDI-CAN-28129 This vulnerability allows remote attackers to

• Advisory Details MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability ZDI-26-105ZDI-CAN-26649 This vulnerability allows remote attacker

• Hand over the keys for Shannon’s shenanigans Welcome to this week’s edition of the Threat Source newsletter. • Last week, yet another security AI tool made the rounds on social m

• Outlook add-in goes rogue and steals 4,000 credentials and payment data Researchersfound a malicious Microsoft Outlook add-in which was able to steal 4,000 stolen Microsoft accou

• GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use Google Threat Intelligence Group Google Threat Intelligence Visibilit

• Child exploitation, grooming, and social media addiction claims put Meta on trial Meta is facing two trials over child safety allegations in California and New Mexico. • The laws

• Ryan Liles, master of technical diplomacy Cisco Talos is back with another inside look at the people who keep the internet safe. • This time, Amy chats with Ryan Liles, who bridg

• Cybercriminals use AI website builders like Vercel to clone trusted brands in minutes. • Cheap, fast domain registration lets attackers register plausible brand‑lookalike names w

• In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didnât exist. • I described one

• Advisory Details Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability ZDI-26-094ZDI-CAN-27478 This vulnerability allows

• Malwarebytes earns PCMag Best Tech Brand spot, scores 100% with MRG Effitas Malwarebytes is on a roll. • Recently named one of PCMag’s ‘Best Tech Brands for 2026,’ Malwarebytes a

• - Cisco Talos recently discovered a new threat actor, UAT-9921, leveraging VoidLink in campaigns. • Their activities may go as far back as 2019, even without VoidLink. • - The Vo

• I have survived the biggest Pwn2Own ever, but I’m back in Tokyo for the second Patch Tuesday of 2026. • My location never stops Patch Tuesday from coming, so let’s take a look at

• Discord will limit profiles to teen-appropriate mode until you verify your age Discordannouncedit will put all existing and new profiles in teen-appropriate mode by default in ea

• Beyond the Battlefield: Threats to the Defense Industrial Base Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats that matter most.

• When researchers created an account for a child under 13 on Roblox, they expected heavy guardrails. • Instead, they found that the platform’s search features still allowed kids t

• Man tricked hundreds of women into handing over Snapchat security codes Fresh off a breathless Super Bowl Sunday, we’re less thrilled to bring you this week’s Weirdo Wednesday. •

• UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering Mandiant Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors

• Conpet pipeline attack disrupted IT but not operations. • Qilin ransomware group claimed responsibility. • Check Point Harmony protects against this threat. • Report covers recen

• All gas, no brakes: Time to come to AI church Welcome to this week’s edition of the Threat Source newsletter. • Brothers and sisters, gather close for a moment. • We are all secu

• CVE-2025-6978 exposes command injection in Arista NG Firewall’s diagnostics component. • Remote authenticated attackers can craft HTTP requests to execute arbitrary commands as r

• - Cisco Talos uncovered ‘DKnife,’ a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants that perform deep-packet

• Check Point Research has identified several campaigns targeting multiple countries in the Southeast Asian region. • These related activities have been collectively categorized un

• FILTER BY YEAR 2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2nd February - Threat Intelligence Report For the latest discoveries in cyber research for the week of 2nd F

• Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS Mandiant Introduction Mandiant is tracking a significant expansion and esca

• Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft Mandiant Google Threat Intelligence Visibility and context on the threats that matter most. • C

• Celebrating our 2025 open-source contributions Last year, our engineers submitted over 375 pull requests that were merged into non-Trail of Bits repositories, touching more than

• CVE-2024-54529: type confusion in CoreAudio’s com.apple.audio.audiohald Mach service, causing crashes. • Exploitation involved manipulating Mach messages to fetch wrong HALS_Obje

• Welcome to this week’s edition of the Threat Source newsletter. • I’ve struggled a lot over the last few years with balance. • I want to follow the news closely, but at the same

• Microsoft releases update to address zero-day vulnerability in Microsoft Office Microsoft has published three out-of-band (OOB) updates so far in January 2026. • One of these upd

• Sigstore’s original hard-coded ECDSA P-256 + SHA-256 limited future cryptographic flexibility. • Trail of Bits collaborated to create centralized algorithm registry in Protobuf s

• - Cisco Talos has identified a new campaign by UAT-8099, active from late 2025 to early 2026, that is targeting vulnerable Internet Information Services (IIS) servers across Asia

• Threat actors predominately exploited public-facing applications for the second quarter in a row, with this tactic appearing in nearly 40 percent of Cisco Talos Incident Response

• CATEGORIES Android Malware23 Artificial Intelligence4 ChatGPT3 Check Point Research Publications443 Cloud Security1 CPRadio44 Crypto2 Data & Threat Intelligence1 Data Analysis0 D

• No Place Like Home Network: Disrupting the World’s Largest Residential Proxy Network Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the thr

• CVE-2025-8088: critical path traversal flaw in WinRAR allows arbitrary file writes via ADS. • Exploited by state-backed actors from Russia, China and financially motivated groups

• Article inaccessible; requires JavaScript to load content. • Unable to verify authenticity of threat intel data. • No actionable insights provided due to technical barrier. • Sug

• Windows 11 25H2 introduces Administrator Protection, replacing UAC with a stricter privilege model. • Feature grants admin rights only when necessary, isolating limited and admin

• Reconnaissance is often ignored, yet it’s essential for protecting networks. • Know your environment: attackers excel at mapping assets, from Windows 7 machines to smart fridges.

• Cisco Talos uncovered 25 critical vulnerabilities across Foxit PDF Editor, Epic Games Store, and MedDreams PACS. • Foxit PDF Editor had privilege escalation via Microsoft Store i

• KONNI leverages AI to auto-generate PowerShell backdoor scripts, streamlining malware development. • AI models produce obfuscated code, enhancing stealth against signature-based

• 76 unique 0‑day vulnerabilities discovered across three days, totaling $1,047,000 in rewards. • Fuzzware.io clinched Master of Pwn with 28 points, outperforming rivals like Team

• Pwn2Own Automotive 2026 returns to Tokyo, featuring record 73 entries. • Competition spans real‑world automotive components, testing IVI and Level‑2 EV chargers. • Random draw se

• VoidLink showcases AI-generated malware capable of crafting polymorphic code. • The malware leverages generative models to evade traditional signature-based detection. • Checkpoi

• Unable to access threat intel report due to JavaScript requirement, preventing data retrieval. • Checkpoint Research site blocked without JavaScript, limiting threat intelligence

• Predicting 2026 Welcome to this week’s edition of the Threat Source newsletter. • It’s become traditional at this time of year to make predictions about cybersecurity for the com

• Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation Stop attacks, reduce risk, and advance your security. • Written by: Nic Losby Introduc

• - Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor based on overlaps in tactics,

• With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland conte

• Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. • One effect of this change

• JavaScript is disabled In order to continue, we need to verify that you’re not a robot. • This requires JavaScript. • Enable JavaScript and then reload the page.

• I may be in Tokyo preparing for Pwn2Own Automotive, but that doesn’t stop patch Tuesday from coming. • Put aside your broken New Year’s resolutions for just a moment as we review

• Lack of isolation in agentic browsers resurfaces old vulnerabilities With browser-embedded AI agents, we’re essentially starting the security journey over again. • We exploited a