New Clickfix Variant ‘CrashFix’ Deploying Python Remote Access Trojan

, ,

New Clickfix variant ‘CrashFix' uses social engineering to deploy Python Remote Access Trojan. It disrupts browsers, luring users into executing malicious commands after a deceptive browser extension installation. Attackers exploit native OS utilities to bypass defenses, emphasizing the need for behavior-based detection and user awareness. The model connects to C2 servers to gather information and maintain future access, highlighting evolving attack techniques. Organizations are urged to enable cloud protection and restrict unnecessary outbound access to mitigate risks.

https://www.microsoft.com/en-us/security/blog/2026/02/05/clickfix-variant-crashfix-deploying-python-rat-trojan/

Global SaaS Abuse Surge: U.S., Europe & APAC Targeted in Large‑Scale Phone‑Based Phishing

, ,

Phishing campaign using legitimate SaaS platforms saw 133,260 emails target over 20,000 organizations. Attackers exploited platform features to send authentic-looking scam emails, bypassing traditional detection methods. Techniques included manipulating user fields to create legitimate notifications from companies like Microsoft and Amazon, urging victims to call attacker-controlled phone numbers instead of clicking links. This trend reflects a strategic shift towards trust-based attacks, highlighting vulnerabilities in widely-used enterprise services and the need for improved detection strategies.

https://blog.checkpoint.com/research/saas-abuse-at-scale-phone-based-scam-campaign-leveraging-trusted-platforms/

The Rise of Moltbook Suggests Viral AI Prompts May Be the Next Big Security Threat

,

The rise of AI agents, particularly through platforms like OpenClaw and Moltbook, raises concerns about self-replicating ‘prompt worms' that could exploit these agents, spreading harmful instructions and data risks. Potential interventions from API providers could mitigate threats but may alienate users. The urgency for solutions grows as local AI capabilities improve, leading to a future where unregulated AI interactions might create security crises.

https://arstechnica.com/ai/2026/02/the-rise-of-moltbook-suggests-viral-ai-prompts-may-be-the-next-big-security-threat/

From Magic to Malware: How OpenClaw’s Agent Skills Become an Attack Surface

, ,

TLDR: OpenClaw presents security risks as its agent skills access sensitive data through markdown files that can disguise harmful commands. Instances of malware disguised as “skills” have been identified, posing threats to corporate devices. Users are warned against using OpenClaw on work devices, emphasizing the importance of security measures for skill registries and agent frameworks to prevent exploitation.

https://1password.com/blog/from-magic-to-malware-how-openclaws-agent-skills-become-an-attack-surface

A New Apple Pay Scam Is Hitting Millions

, ,

A new Apple Pay scam is targeting users by claiming suspicious transactions were blocked and urging them to call a fraudulent number. These messages, which appear official, aim to trick victims into revealing personal information. To stay safe, users should ignore such messages, verify sender details, and contact Apple directly through their website if concerned.

https://www.techradar.com/computing/cyber-security/a-new-apple-pay-scam-is-hitting-millions-heres-how-to-spot-fake-unusual-activity-messages-before-its-too-late

Nitrogen Can’t Unlock Its Own Ransomware After Coding Error

Nitrogen ransomware is ineffective due to a programming error that prevents even the attackers from decrypting victims' files, rendering ransom payments useless. The malware corrupts the public key during encryption, leading to irreversible data loss. Despite its origins in 2023, Nitrogen has evolved from initial access malware to a ransomware threat that has caused significant damage without providing any means for recovery.

https://www.theregister.com/2026/02/04/nitrogen_ransomware_broken_decryptor/

Scam-checking Just Got Easier: Malwarebytes Is Now in ChatGPT

Malwarebytes integrates with ChatGPT to help users identify scams quickly. By asking “Malwarebytes, is this a scam?”, users receive informed answers and risk assessments on suspicious texts, emails, and links, backed by real-time threat intelligence. This tool helps streamline cybersecurity checks without jargon, offering guidance and practical next steps to enhance safety online.

https://www.malwarebytes.com/blog/product/2026/02/scam-checking-just-got-easier-malwarebytes-is-now-in-chatgpt

30 Years of DDoS: Why a Structural Problem Persists

, ,

DDoS attacks, originating in 1996, remain a persistent problem due to known weaknesses in internet architecture and organizational structures. The growth of the internet has amplified the impact of these attacks, exploiting vulnerabilities in IoT devices and combining network overloads with targeted disruptions to business processes.

https://www.igorslab.de/en/30-years-of-ddos-why-a-structural-problem-persists/

Notepad++ Hijacked by State-Sponsored Hackers

, ,

Notepad++ was hijacked by state-sponsored hackers, likely Chinese, compromising update traffic from June to December 2025. The former hosting provider confirmed the server was breached, allowing attackers to redirect Notepad++ updates. All security vulnerabilities were addressed by December 2, 2025, and the site was migrated to a more secure host. Users are advised to download v8.9.1, which includes security enhancements, and manual updates. No specific indicators of compromise were found during the investigation.

https://notepad-plus-plus.org/news/hijacked-incident-info-update/

CTM360 Research Reveals 30,000+ Fake Online Shops Impersonating Fashion Brands

,

TLDR: CTM360's research reveals over 30,000 fraudulent online shops impersonating fashion brands globally, part of a sophisticated scheme called FraudWear. These scams feature realistic e-commerce structures, targeting consumers through ad-driven marketing and localized tactics, exploiting trust in legitimate brands to harvest personal and payment information without delivering products. The scale and infrastructure of such operations make them persistently difficult to combat, necessitating a shift in cybersecurity strategies.

https://thehackernews.com/expert-insights/2026/02/ctm360-research-reveals-30000-fake.html

Russia-linked Attackers Abuse New Microsoft Office Zero-day

,

Russia-linked APT28 hackers exploit latest Microsoft Office zero-day, targeting Ukrainian government and EU organizations. Ukraine's CERT reports rapid weaponization of the CVE-2026-21509 vulnerability, leading to phishing campaigns and malware deployment via malicious DOC files. Microsoft has issued patches, but concerns about increasing cyberattacks persist due to slow user updates.

https://www.theregister.com/2026/02/02/russialinked_apt28_microsoft_office_bug/

Spyware Maker Is Hijacking Diplomatic Efforts to Limit Commercial Hacking, Civil Society Warns

, , ,

Civil society alleges NSO Group, a spyware manufacturer with a history of human rights violations, is using diplomatic initiatives like the Pall Mall Process to rehabilitate its image despite reports of abuses. While NSO claims engagement in reining in spyware misuse, officials from France and the UK affirm they did not invite NSO's participation. Critics stress that NSO's history, including targeting journalists and activists, undermines its claims of responsible governance, while calls for exclusion from future negotiations are growing amid concerns over accountability and transparency.

https://therecord.media/spyware-maker-pall-mall-process-reputation

Malicious MoltBot Skills Used to Push Password-stealing Malware

,

Over 230 malicious packages, dubbed “skills,” targeting the OpenClaw AI assistant have been released in a week, posing as legitimate tools to distribute malware that steals sensitive information like API keys and passwords. The malware exploits misconfigurations in OpenClaw's admin interface and employs social engineering tactics to infect users' systems, using a seemingly crucial tool called ‘AuthTool' to deliver payloads. To mitigate risks, users are advised to carefully verify the safety of skills before use and adopt security measures such as isolating the AI assistant in a virtual environment.

https://www.bleepingcomputer.com/news/security/malicious-moltbot-skills-used-to-push-password-stealing-malware/

How Fake Party Invitations Are Being Used to Install Remote Access Tools

,

Fake party invitations are being used in a scam to trick victims into installing ScreenConnect, a remote access tool, on their Windows computers. Victims receive emails that appear friendly and informal, leading to a seemingly innocent invitation link. Clicking the link downloads an MSI file disguised as an invitation, which silently installs ScreenConnect, allowing attackers full control of the victim's computer. The scam exploits human curiosity and urgency, often going unnoticed until suspicious behavior occurs on the system. To protect against this scam, users should be wary of unsolicited invitations, avoid running unknown MSI files, and verify invitations through other channels.

https://www.malwarebytes.com/blog/threat-intel/2026/02/how-fake-party-invitations-are-being-used-to-install-remote-access-tools

Scroll to Top