VulnHub

A new strain of malware known as GlassWorm has been found targeting macOS systems through compromised OpenVSX extensions. This malware aims to steal sensitive information, including passwords, cryptocurrency wallet data, and developer credentials. Users who have installed these extensions may be at risk, highlighting a significant security issue for developers and crypto users on macOS. Researchers emphasize the importance of vigilance when installing third-party extensions and recommend that users ensure their software is up-to-date. This incident underscores the need for better security practices in the software development ecosystem to prevent such attacks.

Ukraine's Computer Emergency Response Team (CERT) has reported that Russian hackers are taking advantage of a newly patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This flaw affects multiple versions of the software, which could leave users open to various cyberattacks. The exploitation of this vulnerability is concerning, especially as Microsoft Office is widely used in both personal and professional settings. Users and organizations are urged to ensure that their systems are updated with the latest security patches to mitigate the risk of being targeted. The situation underscores the need for vigilance in maintaining software security, especially with ongoing geopolitical tensions.

In a troubling development, researchers have discovered over 230 malicious packages targeting OpenClaw, an AI assistant tool, within just a week. These packages, found on the tool's official registry and GitHub, are designed to steal user passwords. This situation raises concerns as it affects users of OpenClaw who may inadvertently download these harmful packages, putting their sensitive information at risk. The rapid proliferation of these packages indicates a serious security threat to the AI assistant community. Users are urged to be cautious and verify the legitimacy of any packages before installation.

A recent security audit conducted by Koi Security has revealed that out of 2,857 skills available on ClawHub, 341 were identified as malicious. These harmful skills are designed to steal data from users of OpenClaw, an artificial intelligence assistant platform. The presence of these malicious skills raises significant supply chain risks for users who depend on third-party integrations. As ClawHub serves as a marketplace for these skills, the findings indicate a pressing need for enhanced security measures to protect users from potential data breaches. Users of OpenClaw should be vigilant when selecting skills and consider the implications of using third-party applications that may not be secure.

A massive distributed denial-of-service (DDoS) attack has reached a staggering 31.4 terabits per second, setting new records for online attacks. This incident is attributed to a powerful botnet known as the 'apex' botnet, which has been exploiting consumer devices, such as routers and smart home gadgets, to amplify its attack capabilities. As attackers increasingly turn ordinary home devices into tools for cyber warfare, businesses and individuals alike are at risk of service disruptions. The scale of this attack serves as a wake-up call for users to secure their connected devices and for companies to enhance their defenses against such overwhelming assaults. The implications are serious, as these attacks can cripple online services and affect a vast number of users worldwide.

A recent report from CTM360 warns of a significant rise in fake high-yield investment platforms globally. These scams typically lure victims with promises of 'guaranteed' returns, which often turn out to be classic Ponzi schemes. Researchers found that these fraudulent schemes are proliferating through social media, using recycled marketing templates and exploiting referral systems to attract more victims. This surge in HYIP scams poses a serious risk to investors, many of whom may be unaware they are being targeted. The findings highlight the need for increased awareness and caution among potential investors, as well as for regulatory bodies to take action against these deceptive practices.

The ShinyHunters group has expanded its extortion activities by using advanced vishing techniques and login harvesting to compromise Single Sign-On (SSO) credentials. This allows them to enroll unauthorized Multi-Factor Authentication (MFA), making it easier for them to access sensitive information. Organizations that rely on SSO for employee access are particularly at risk, as the attackers can bypass standard security measures. This escalation in tactics is concerning for businesses and individuals alike, as it highlights the increasing sophistication of cybercriminals and their methods for gaining unauthorized access. Companies should be vigilant about their security protocols and ensure that their MFA implementations are robust against these types of attacks.

Ivanti has reported two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These flaws allow remote code execution, meaning attackers could potentially take control of affected systems without needing physical access. The company warns that these vulnerabilities are currently being actively exploited, putting users at risk. Organizations using EPMM should prioritize applying the necessary security updates to safeguard their systems. Failure to address these vulnerabilities could lead to significant security breaches, affecting both the integrity of user data and the overall security posture of the organization.

Poland's Computer Emergency Response Team (CERT) has reported a serious cyberattack on the country's energy facilities. The attack involved the exploitation of default credentials in industrial control systems (ICS), which allowed attackers to gain unauthorized access and cause significant disruptions. This incident raises concerns about the security of critical infrastructure, particularly as it highlights the risks associated with using default login information. The targeted energy facilities are crucial for Poland's power supply, and any breach in their security can have widespread implications for both the economy and public safety. The report also suggests that this attack may be part of a broader trend of cyber threats aimed at critical infrastructure worldwide.