VulnHub

Since 2020, a Chinese-linked hacking group known as CL-STA-1087 has been targeting military organizations in Southeast Asia. This group has utilized two types of malware, named AppleChris and MemFun, to carry out its espionage activities. The group's operations show a calculated approach, focusing on gathering specific intelligence rather than conducting widespread attacks. This ongoing campaign raises concerns about the security of military data in the region and highlights the risks posed by state-sponsored cyber espionage. The implications of such targeted attacks could undermine national security and diplomatic relations in Southeast Asia.

The GlassWorm supply chain attack campaign has escalated, involving dozens of malicious Open VSX extensions and over 150 compromised GitHub repositories, according to reports from The Hacker News. This campaign targets software development environments, potentially affecting developers who use these extensions and repositories for their projects. By infiltrating trusted sources, attackers can distribute malicious code that may compromise the integrity of software development processes. Users and organizations relying on these platforms need to be vigilant and ensure their systems are secure to mitigate the risk of infection. The widespread nature of this attack highlights the growing threat to software supply chains and the need for heightened security measures in development practices.

The FBI has issued a warning to gamers about malware embedded in certain Steam games that has been stealing sensitive browser data and draining cryptocurrency wallets. This malicious activity reportedly took place between May 2024 and January 2026, affecting users who downloaded these compromised games. The malware exploits vulnerabilities to access personal information, making it a significant concern for the gaming community, especially as the popularity of cryptocurrencies continues to rise. Gamers are advised to be cautious about the games they download and to monitor their cryptocurrency accounts for any unusual activity. This incident underscores the need for heightened security awareness among gamers.

Researchers have discovered a new evolution of the GlassWorm malware, which now includes several malicious browser extensions that employ advanced evasion techniques. These extensions can hide within legitimate software dependencies, making them harder to detect. Users of affected browsers are at risk, as these extensions can compromise their systems by stealing sensitive information or enabling unauthorized access. This development is particularly concerning for organizations that rely on various web applications, as it can lead to significant data breaches if not addressed. Companies and users should remain vigilant and ensure their security measures are up-to-date to combat this growing threat.

The GlassWorm malware campaign is actively exploiting stolen GitHub tokens to inject malicious code into numerous Python repositories. Researchers at StepSecurity reported that this attack primarily targets various Python projects, including Django applications, machine learning research code, and Streamlit dashboards. The attackers are modifying critical files like setup.py, main.py, and app.py to include obfuscated malware, which could compromise any project that relies on these repositories. This situation poses a significant risk to developers and organizations using Python, as running compromised code could lead to serious security breaches. Developers need to be vigilant about the integrity of their repositories and monitor for unauthorized changes.

Recent ClickFix campaigns are targeting macOS users through malicious tools disguised as ChatGPT applications. Attackers are utilizing deceptive tactics, including fake software and Terminal commands, to install the MacSync infostealer on infected systems. This infostealer is designed to harvest sensitive information from users, which poses a significant risk to personal and organizational security. Users who inadvertently download these fake tools could find their data compromised, leading to potential identity theft or financial loss. It's crucial for macOS users to remain vigilant and avoid downloading software from untrusted sources.

A group known as Storm-2561 is targeting VPN users by distributing fake VPN clients through search engine optimization (SEO) poisoning. This tactic leads users to download malicious software that can steal their login credentials. The campaign employs trojans to compromise users' systems and gain access to sensitive information. This threat is particularly concerning as it exploits the growing reliance on VPN services for online security, making it crucial for users to verify the authenticity of software before installation. Researchers warn that users should be cautious and ensure they are downloading VPN clients from trusted sources to avoid falling victim to this scheme.

A new espionage campaign has been detected, targeting Ukrainian entities and believed to be linked to Russian threat actors. This operation utilizes a backdoor known as DRILLAPP and exploits Microsoft Edge's debugging feature to remain stealthy. The campaign was first observed in February 2026 and shows similarities to a previous attack by a group known as Laundry Bear, which also focused on Ukrainian defense forces. This ongoing threat raises concerns about the security of sensitive information within Ukraine, especially as tensions in the region continue to escalate. Cybersecurity experts urge vigilance and prompt action to mitigate the risks posed by such sophisticated attacks.

A recent report from HoxHunt reveals a significant rise in AI-generated phishing attacks, which jumped from 4% to 56% of all phishing attempts in December. This surge coincided with the holiday season, a time when many people are more susceptible to scams due to increased online shopping and communication. These AI-driven phishing emails often appear more legitimate, making it harder for users to distinguish between real and fraudulent messages. As a result, both individuals and businesses are at higher risk of falling victim to these scams. Organizations are encouraged to enhance their security training and email filtering systems to better protect against these evolving threats.

A new banking Trojan is targeting users of Brazil's Pix payment system. This malware operates with a unique twist: it employs a real-time human operator who monitors transactions and waits for the right moment to intervene. Once the operator identifies a vulnerable transaction, they can manipulate it to steal funds. The attack poses a significant risk to Pix users, as it combines traditional malware tactics with human oversight, making detection and prevention more challenging. As Brazil's Pix system continues to gain popularity, the potential for financial loss increases, highlighting the urgent need for users to be vigilant about their online banking security.

An international law enforcement operation has successfully dismantled SocksEscort, a criminal proxy service that had infected around 369,000 residential and small business routers across 163 countries. The U.S. Department of Justice revealed that this botnet was used for large-scale fraud, leveraging malware to control the infected routers. Users of these routers were largely unaware that their devices had been compromised. The operation underscores the ongoing threat posed by botnets and the importance of securing home and business networks. With thousands of routers involved, this incident serves as a reminder for individuals and businesses to regularly update their devices and apply security patches to protect against such malware infections.

A new strain of malware called Slopoly has been linked to an Interlock ransomware attack, allowing attackers to infiltrate a compromised server and remain undetected for over a week. This malware is believed to be generated using AI tools, showcasing the evolving capabilities of cybercriminals. During this time, sensitive data was stolen, raising concerns for organizations that may be targeted. The incident highlights the need for enhanced security measures to detect and respond to such sophisticated attacks. Companies must remain vigilant and update their defenses to protect against similar threats in the future.

An Iranian-linked group has claimed responsibility for a wiper attack that targeted the medical device manufacturer Stryker, marking a significant escalation in cyberattacks against U.S. companies since the onset of the Iran conflict on February 28. Wiper malware is designed to erase data and disrupt operations, posing serious risks to critical healthcare infrastructure. Stryker, known for its surgical and medical devices, may face operational challenges as a result of this incident. This attack underscores the increasing use of cyber warfare tactics in geopolitical conflicts, raising concerns about the security of other companies in the healthcare sector and beyond. Organizations are urged to bolster their cybersecurity measures to defend against similar threats.