Issues

LummaStealer Is Getting a Second Life Alongside CastleLoader

,

TLDR: LummaStealer, a prominent info-stealer malware, resurfaces alongside CastleLoader after law enforcement disruptions. It primarily spreads via social engineering tactics, tricking users into executing malware through fake software or media downloads. CastleLoader enhances LummaStealer's distribution, employing in-memory execution and heavy obfuscation. The partnership suggests shared infrastructure between both malware, posing severe privacy risks by harvesting sensitive data like credentials and financial information.

https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader

WSL in the Malware Ecosystem

, ,

WSL (Windows Subsystem for Linux) enables running a Linux environment on Windows, allowing developers and cybersecurity workflows to leverage Linux tools. It poses security risks, as malware can exploit WSL by checking for its presence and executing commands. An infostealer trojan, “ottercookie-socketScript-module-3.js,” utilizes WSL to access the Windows filesystem and obtain user information.

https://isc.sans.edu/diary/rss/32704

Kimwolf Botnet Swamps Anonymity Network I2P

,

Kimwolf botnet disrupts I2P, an anonymity network, by overwhelming it with infected devices. Emerged in late 2025, it turns IoT devices into relays for DDoS attacks. Users reported connectivity issues as Kimwolf attempted to escape detection by taking over I2P nodes. This “Sybil attack” compromised the network's integrity, reducing its capacity. Experts believe Kimwolf's operators are experimenting with I2P for stability amid takedown attempts, though botnet numbers are declining due to internal issues and errors.

https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/

2026-01-14: The Day the Telnet Died

, , , ,

On January 14, 2026, global telnet traffic dropped 59% abruptly due to potential port 23 filtering by U.S. internet providers, coinciding with the discovery of CVE-2026-24061, a critical telnet vulnerability. Eighteen ASNs lost all telnet sessions, and five countries dropped from data completely. The post suggests the drop was a response to an exploitable vulnerability, emphasizing the importance of patching or disabling GNU Inetutils telnetd. The sustained reduction in telnet traffic indicates a shift away from insecure protocols among ISPs.

https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/

The Latest Wave of Ransomware Attacks: As Widespread as Possible

, ,

Ransomware attack on BridgePay disrupts U.S. payment systems, forcing businesses, like restaurants, to go cash-only. The company is working with law enforcement but has found no evidence of compromised payment card data. This incident highlights vulnerabilities in centralized payment systems, emphasizing the need for improved cyber resiliency among service providers.

https://www.paymentsjournal.com/the-latest-wave-of-ransomware-attacks-as-widespread-as-possible/

Italy and Germany Under DDoS Assault: Weekly DDoS Threat Intelligence Analysis

SOCRadar reports a DDoS campaign by the pro-Russian group NoName057(16) targeting Italy and Germany from February 2-8, 2026. It involved 8,101 attacks on 160 domains across multiple sectors, focusing heavily on government infrastructure, sports organizations, and critical services. Italy (42.9%) and Germany (29.5%) were primary targets, demonstrating a shift to geographically diverse attacks against NATO members. Attack methods included HTTP floods and TCP SYN floods, primarily hitting port 443 (HTTPS). This reflects a coordinated strategy aligning with geopolitical contexts.

https://socradar.io/blog/italy-germany-under-ddos-9-feb26/

New Tool Blocks Imposter Attacks Disguised as Safe Commands

,

New open-source tool “Tirith” detects and blocks homoglyph attacks in command-line environments by analyzing URLs in commands to prevent exploitation through deceptive characters. Available on GitHub, it works on multiple shells and platforms, identifies threats like homograph attacks and terminal injections without requiring network access or modifying commands.

https://www.bleepingcomputer.com/news/security/new-tool-blocks-imposter-attacks-disguised-as-safe-commands/

Apple Pay Phish Uses Fake Support Calls to Steal Payment Details

, , ,

Apple Pay phishing campaign hijacks user information through fake support calls. Victims receive emails mimicking Apple alerts about unauthorized transactions, prompting them to call provided numbers. Scammers impersonate Apple agents, extracting sensitive data like Apple ID verification codes and payment details under false pretenses. Users are advised to avoid sharing 2FA codes, scrutinize sender addresses, and verify communications independently.

https://www.malwarebytes.com/blog/news/2026/02/apple-pay-phish-uses-fake-support-calls-to-steal-payment-details

A Rise in Hacktivist Attacks Puts All Web Applications at Risk, Warns UK’s NCSC

, ,

UK's NCSC warns of rising pro-Russia hacktivist DDoS attacks threatening web applications. These attacks disrupt services, erode trust, and may target sensitive data. Organizations must enhance web application security to protect against DDoS and other threats, ensuring operational resilience. Barracuda offers multilayered protection, including real-time threat intelligence, to safeguard digital services.

https://blog.barracuda.com/2026/02/06/hacktivist-attacks-web-applications-risk-ncsc

Inside the Criminal World of Southeast Asia’s Scam Compounds

Scam compounds in Southeast Asia blur the lines between victimhood and criminality. Workers, often trafficked, face brutality while running online scams, and circumstances can shift individuals from victims to perpetrators due to coercion and survival needs. Key cases of individuals like Li, Bao, and Alice highlight the complexities of their experiences—ranging from forced labor to perpetuating scams to repay debts. The moral ambiguity complicates responses from authorities and NGOs, often leading to skepticism towards their stories. This intricate dynamic calls for a rethinking of justice and victim recognition within the scam economy, recognizing that the distinctions between victims and perpetrators are often fluid and intertwined.

https://aeon.co/essays/inside-the-criminal-world-of-southeast-asias-scam-compounds

2025 Q4 DDoS Threat Report: a Record-setting 31.4 Tbps Attack Caps a Year of Massive DDoS Assaults

,

2025 Q4 DDoS Threat Report Summary:
DDoS attacks surged in 2025, with a record of 47.1 million total attacks, a 121% increase. The Aisuru-Kimwolf botnet led significant campaigns, including a peak attack of 31.4 Tbps. Network-layer attacks rose sharply, making up 78% of all incidents. Key targets included telecommunications and gaming industries, with Hong Kong and the UK experiencing notable attacker rises. Bangladesh became the largest source of DDoS attacks. Cloudflare effectively mitigated these threats through autonomous DDoS defense. Overall, organizations must reassess their security strategies to combat escalating DDoS risks.

https://blog.cloudflare.com/ddos-threat-report-2025-q4/

Critical N8n Flaws Disclosed Along With Public Exploits

,

Critical vulnerabilities in the n8n workflow automation platform (CVE-2026-25049) allow any authenticated user to execute remote code, potentially gaining full control over the server. Discovered by multiple cybersecurity firms, these issues stem from inadequate sandboxing, enabling attackers to access sensitive data and configurations. Users are advised to update to versions 1.123.17 and 2.5.2, rotate encryption keys, and scrutinize workflows for suspicious activity, as no exploits have been reported yet.

https://www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/

New Clickfix Variant ‘CrashFix’ Deploying Python Remote Access Trojan

, ,

New Clickfix variant ‘CrashFix' uses social engineering to deploy Python Remote Access Trojan. It disrupts browsers, luring users into executing malicious commands after a deceptive browser extension installation. Attackers exploit native OS utilities to bypass defenses, emphasizing the need for behavior-based detection and user awareness. The model connects to C2 servers to gather information and maintain future access, highlighting evolving attack techniques. Organizations are urged to enable cloud protection and restrict unnecessary outbound access to mitigate risks.

https://www.microsoft.com/en-us/security/blog/2026/02/05/clickfix-variant-crashfix-deploying-python-rat-trojan/

Global SaaS Abuse Surge: U.S., Europe & APAC Targeted in Large‑Scale Phone‑Based Phishing

, ,

Phishing campaign using legitimate SaaS platforms saw 133,260 emails target over 20,000 organizations. Attackers exploited platform features to send authentic-looking scam emails, bypassing traditional detection methods. Techniques included manipulating user fields to create legitimate notifications from companies like Microsoft and Amazon, urging victims to call attacker-controlled phone numbers instead of clicking links. This trend reflects a strategic shift towards trust-based attacks, highlighting vulnerabilities in widely-used enterprise services and the need for improved detection strategies.

https://blog.checkpoint.com/research/saas-abuse-at-scale-phone-based-scam-campaign-leveraging-trusted-platforms/

The Rise of Moltbook Suggests Viral AI Prompts May Be the Next Big Security Threat

,

The rise of AI agents, particularly through platforms like OpenClaw and Moltbook, raises concerns about self-replicating ‘prompt worms' that could exploit these agents, spreading harmful instructions and data risks. Potential interventions from API providers could mitigate threats but may alienate users. The urgency for solutions grows as local AI capabilities improve, leading to a future where unregulated AI interactions might create security crises.

https://arstechnica.com/ai/2026/02/the-rise-of-moltbook-suggests-viral-ai-prompts-may-be-the-next-big-security-threat/

Scroll to Top