VulnHub

Hackers have been exploiting a serious vulnerability in the React Native CLI, identified as CVE-2025-11953, to execute remote commands and deploy stealthy Rust-based malware. This flaw arises from the React Native CLI's Metro server, which, by default, binds to external interfaces, making it susceptible to unauthorized access. This exploitation occurred weeks before the vulnerability was publicly disclosed, indicating that attackers are actively targeting this weakness. Users of React Native should be particularly vigilant, as the impact could extend to various applications built on this framework. Prompt action is necessary to secure affected systems and prevent further malicious activities.

A newly discovered vulnerability in React Native has been exploited in the wild, allowing attackers to disable security protections and deliver malware to affected devices. This flaw, which was previously thought to be a theoretical risk, has now raised alarms among developers and users of applications built with React Native. The impact of this vulnerability can be significant, as it compromises the integrity and security of applications, potentially affecting millions of users. Developers are urged to take immediate action to secure their applications and protect user data from malicious exploitation.

Researchers have identified a new ransomware-as-a-service (RaaS) variant known as 'Vect'. This operation stands out due to its custom malware, which poses a significant threat to organizations. The Vect RaaS allows attackers to easily deploy ransomware attacks, potentially affecting a wide range of victims, from small businesses to larger enterprises. The introduction of this variant raises concerns about the increasing sophistication of ransomware operations, making it crucial for companies to bolster their cybersecurity measures. Users are advised to stay vigilant and regularly update their security protocols to defend against such evolving threats.

A new strain of malware known as GlassWorm has been found targeting macOS systems through compromised OpenVSX extensions. This malware aims to steal sensitive information, including passwords, cryptocurrency wallet data, and developer credentials. Users who have installed these extensions may be at risk, highlighting a significant security issue for developers and crypto users on macOS. Researchers emphasize the importance of vigilance when installing third-party extensions and recommend that users ensure their software is up-to-date. This incident underscores the need for better security practices in the software development ecosystem to prevent such attacks.

In a troubling development, researchers have discovered over 230 malicious packages targeting OpenClaw, an AI assistant tool, within just a week. These packages, found on the tool's official registry and GitHub, are designed to steal user passwords. This situation raises concerns as it affects users of OpenClaw who may inadvertently download these harmful packages, putting their sensitive information at risk. The rapid proliferation of these packages indicates a serious security threat to the AI assistant community. Users are urged to be cautious and verify the legitimacy of any packages before installation.

A recent security audit conducted by Koi Security has revealed that out of 2,857 skills available on ClawHub, 341 were identified as malicious. These harmful skills are designed to steal data from users of OpenClaw, an artificial intelligence assistant platform. The presence of these malicious skills raises significant supply chain risks for users who depend on third-party integrations. As ClawHub serves as a marketplace for these skills, the findings indicate a pressing need for enhanced security measures to protect users from potential data breaches. Users of OpenClaw should be vigilant when selecting skills and consider the implications of using third-party applications that may not be secure.

Bitdefender has identified a new Android malware campaign that uses Hugging Face, a platform typically associated with artificial intelligence and machine learning. This malware, classified as a Remote Access Trojan (RAT), is designed to gain unauthorized access to Android devices, potentially compromising user data and privacy. The campaign raises concerns as it exploits a legitimate platform to distribute malicious software, making it harder for users to detect the threat. Users of Android devices should be particularly cautious and ensure they download apps only from trusted sources to avoid falling victim to this malware. The implications are significant, especially for those who may unknowingly install infected applications, leading to data theft or device control by attackers.

A new form of malware, known as Pulsar RAT, is being used by hackers to conduct live chat sessions with victims while simultaneously stealing sensitive data. This malware operates on Windows systems, allowing attackers to engage with users in real-time, making it more personal and deceptive. The presence of live chat functionality means that victims may not realize they are being compromised until it's too late. Researchers are warning that this method poses a significant risk to both individuals and organizations, as it can lead to the unauthorized access of personal and financial information. Users are urged to remain vigilant and ensure their systems are secure against such threats.

Hackers have successfully compromised an update server belonging to MicroWorld Technologies, the company behind eScan Antivirus. This breach allowed attackers to inject malicious files into updates that were sent to eScan customers, effectively turning the antivirus software into a delivery mechanism for malware. Users who updated their eScan software during this incident may have inadvertently installed harmful files on their systems. This incident raises significant concerns about the security of software supply chains, highlighting how even trusted software can be weaponized. Users are advised to remain vigilant and consider checking their systems for any signs of compromise.

A new malware campaign known as RedKitten is targeting individuals in Iran who are seeking information about missing persons or political dissidents. The campaign uses deceptive tactics to lure users into clicking on malicious links, taking advantage of the heightened concern surrounding the ongoing protests in the country. This malware not only compromises personal security but also poses a significant risk to those involved in activism or seeking justice for their loved ones. As tensions continue in Iran, the campaign's focus on vulnerable populations underscores the need for heightened cybersecurity awareness among those seeking information online. Users are urged to be cautious about the sources they trust and to verify the links they click on.

Researchers have discovered that malicious Python packages were uploaded to the Python Package Index (PyPI), posing a significant risk to developers. The harmful code was hidden within a file that appeared to be a Basque language dictionary but was actually a compressed archive containing a Remote Access Trojan (RAT). This incident could affect any developers who inadvertently install these malicious packages, potentially allowing attackers to gain unauthorized access to their systems. It serves as a reminder for users to be cautious when downloading packages from open-source repositories, as they can be exploited to distribute malware. Vigilance and thorough vetting of software dependencies are crucial for maintaining security.

TA584, a known threat actor, is currently using compromised email accounts to distribute malicious content through services like SendGrid and Amazon SES. Their attack method incorporates tools such as Tsundere Bot and XWorm, which are designed to gain unauthorized access to networks. This tactic raises concerns for organizations that rely on these email services, as attackers can exploit trusted channels to deliver malware. The use of legitimate platforms for malicious purposes complicates detection and prevention efforts. Companies need to be vigilant and enhance their security measures to protect against such sophisticated email-based attacks.

Pillar Security Research has identified a significant cyberattack campaign called Operation Bizarre Bazaar, orchestrated by a hacker going by the name Hecker. This operation took place between December 2025 and January 2026, with over 35,000 sessions aimed at infiltrating AI systems. The attackers sought to hijack computing power and monetize their access through a platform called silver.inc. This incident raises serious concerns for organizations that rely on AI technologies, as it highlights vulnerabilities in unprotected models that can be exploited for malicious purposes. Companies using AI systems need to be vigilant about security measures to prevent unauthorized access and potential misuse of their resources.