VulnHub

Real-time Cybersecurity News

Mustang Panda updates CoolClient backdoor with enhanced data theft capabilities

SCM feed for Latest
Actively Exploited
Malware

Overview

The CoolClient backdoor malware has received an upgrade from the threat actor group Mustang Panda, enhancing its data theft capabilities. This malware is being delivered through legitimate software from the Chinese company Sangfor, which raises concerns about the potential for widespread infection among users of that software. The updated CoolClient now includes improved features such as system profiling, keylogging, and tunneling, allowing attackers to gather sensitive information more effectively. This development poses a significant risk to organizations and individuals who may unknowingly use the compromised software, emphasizing the need for heightened security measures and vigilance against such threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Sangfor software products
  • Action Required: Users should update their Sangfor software and monitor for unusual activity.
  • Timeline: Newly disclosed

Original Article Summary

The updated CoolClient malware, deployed via legitimate software from Sangfor, refines existing features like system profiling, keylogging, and tunneling.

Impact

Sangfor software products

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should update their Sangfor software and monitor for unusual activity. Implementing endpoint detection systems and conducting regular security audits could also help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Hackers compromise NGINX servers to redirect user traffic

BleepingComputer

Hackers are targeting NGINX servers in a campaign that reroutes user traffic through their own infrastructure. This attack compromises the servers, allowing the perpetrators to intercept and manipulate the data being transmitted. Affected users may experience altered content or be redirected to malicious sites without their knowledge. The incident raises concerns about the security of NGINX, a widely used web server software, and the potential for significant data breaches. Organizations using NGINX should take immediate precautions to safeguard their systems and ensure that their configurations are secure to prevent such hijacking.

Feb 4, 2026

Critical n8n flaws disclosed along with public exploits

BleepingComputer

Researchers have identified multiple serious vulnerabilities in n8n, a widely used open-source workflow automation platform. These flaws could enable attackers to escape the security measures of the software, potentially giving them complete control over the host server. This poses a significant risk to users, especially those running n8n in production environments. If exploited, these vulnerabilities could lead to unauthorized access and data breaches, impacting businesses that rely on n8n for automation tasks. Users are strongly advised to assess their systems and implement necessary security measures as soon as possible.

Feb 4, 2026

Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring

Security Affairs

Rui-Siang Lin, a 24-year-old Taiwanese man, has been sentenced to 30 years in prison for his role in operating Incognito Market, a significant darknet drug marketplace. This platform facilitated the sale of over one ton of illegal drugs, amounting to more than $105 million in transactions. Lin was found guilty of various charges, including conspiracy to distribute narcotics. The case illustrates the ongoing challenges law enforcement faces in combating illicit online drug trade and underscores the risks associated with the anonymity provided by darknet platforms. The long sentence reflects the severity of his actions and serves as a warning to others involved in similar activities.

Feb 4, 2026

Half of Chrome AI extensions are harvesting your data - see the surprising worst offenders

Latest news

Recent research reveals that nearly half of Chrome AI extensions are collecting user data without proper consent. Tools focused on coding, transcription, and productivity seem to be the worst offenders, raising significant privacy concerns for users. This issue could affect anyone using these extensions, as they often require extensive permissions to function. The findings suggest that many users may unknowingly expose their personal information to third parties through these seemingly helpful tools. As the use of AI technology grows, it’s crucial for users to be aware of what data they are sharing and how it might be used.

Feb 4, 2026

CISA: VMware ESXi flaw now exploited in ransomware attacks

BleepingComputer

CISA has reported that ransomware gangs are now exploiting a serious vulnerability in VMware ESXi, which allows attackers to escape sandboxes and gain unauthorized access to systems. This vulnerability, which had previously been used in zero-day attacks, poses a significant risk to organizations using affected VMware products. Companies relying on VMware ESXi for virtualization need to be particularly vigilant, as attackers are actively targeting this flaw. The exploitation of such vulnerabilities can lead to severe data breaches and financial losses. Organizations should prioritize patching their systems to mitigate this risk and protect sensitive data from potential ransomware attacks.

Feb 4, 2026

Global SystemBC Botnet Found Active Across 10,000 Infected Systems

Infosecurity Magazine

Researchers have identified the SystemBC malware, which is currently active across approximately 10,000 infected systems. This botnet is particularly concerning as it poses risks to sensitive government infrastructure, potentially exposing critical data and functionalities to malicious actors. The malware's widespread presence raises alarms about the security of various networks, especially those that manage important public services. Organizations, particularly in the public sector, need to take immediate action to secure their systems against this threat. Failure to address this could lead to significant operational disruptions and data breaches.

Feb 4, 2026