VulnHub

A new banking malware known as VENON has been discovered, targeting 33 banks in Brazil. This malware is notable for being written in Rust, which differentiates it from other prevalent malware in the region that typically uses Delphi. It specifically aims to steal user credentials by infecting Windows systems. Researchers first identified VENON last month, raising concerns about its potential impact on Brazilian banking customers. This malware represents an evolving threat in the Latin American cybercrime landscape, and users should be vigilant about their online security.

A Chinese-speaking cyber actor has reportedly been targeting critical sectors in Asia for several years using a mix of custom malware, open-source tools, and living-off-the-land (LOTL) binaries. This activity appears to be focused on espionage, affecting both Windows and Linux systems. The attackers' tactics, which combine tailored malware with readily available tools, suggest a sophisticated approach aimed at infiltrating sensitive networks. The long-term nature of this threat raises concerns for organizations in the region, as prolonged access could lead to significant data breaches and intelligence gathering. Companies in critical infrastructure sectors need to be vigilant and enhance their cybersecurity measures to defend against these persistent threats.

Despite the widespread implementation of multi-factor authentication (MFA) in organizations, many still fall victim to credential theft. Attackers are exploiting valid usernames and passwords to gain unauthorized access to networks, particularly in Windows environments. The problem isn't with MFA itself, but rather with how comprehensively it is enforced through identity providers like Microsoft Entra ID and Okta. If MFA isn't applied consistently across all access points, attackers can bypass these security measures. This situation emphasizes the need for companies to ensure that MFA is enforced everywhere, not just in select areas, to truly safeguard their systems from credential abuse.

In February 2026, Microsoft addressed over 50 security vulnerabilities during its Patch Tuesday update, including six zero-day flaws that were actively exploited by attackers. Notably, three of these zero-days involve security feature bypasses. One of the vulnerabilities, identified as CVE-2026-21513, impacts the MSHTML/Trident browser engine used in Internet Explorer on Windows, while CVE-2026-21514 affects Microsoft Word. Attackers can exploit these vulnerabilities by tricking users into opening malicious files or links. As these security holes are actively being exploited, users and organizations must apply the updates promptly to protect their systems from potential breaches.

A North Korea-associated hacking group known as UNC1069 is targeting cryptocurrency organizations to steal sensitive information from both Windows and macOS systems. Their approach involves social engineering tactics, including the use of a compromised Telegram account to set up a fake Zoom meeting. This deception leads victims to download malware through a method called ClickFix, which researchers believe may also utilize AI-generated content to enhance its effectiveness. The implications of these attacks are significant, as they not only threaten the financial security of targeted companies but also highlight the evolving tactics used by cybercriminals in the cryptocurrency sector. Protecting against such sophisticated schemes is increasingly critical for organizations in this space.

A UK construction firm has fallen victim to an attack by the Russian Prometei botnet, as detailed by cybersecurity firm eSentire. The attack involved the use of TOR for anonymity, and attackers focused on stealing passwords and employing decoy tactics to mislead security measures. This incident raises concerns about the security of critical infrastructure in the construction sector, which may not be as fortified against cyber threats as other industries. The implications are significant, as compromised systems can lead to operational disruptions and financial losses for businesses. Companies in similar sectors should take note and assess their own cybersecurity defenses to prevent similar attacks.

A new form of malware, known as Pulsar RAT, is being used by hackers to conduct live chat sessions with victims while simultaneously stealing sensitive data. This malware operates on Windows systems, allowing attackers to engage with users in real-time, making it more personal and deceptive. The presence of live chat functionality means that victims may not realize they are being compromised until it's too late. Researchers are warning that this method poses a significant risk to both individuals and organizations, as it can lead to the unauthorized access of personal and financial information. Users are urged to remain vigilant and ensure their systems are secure against such threats.

Attackers are employing a combination of social engineering tactics, including fake CAPTCHAs and counterfeit Blue Screen of Death (BSOD) messages, to trick users into executing harmful code. This method, known as ClickFix, prompts victims to copy and paste malicious scripts, potentially compromising their systems. The attacks primarily target unsuspecting Windows users who may panic upon seeing the fake BSOD, believing their computer has crashed. It's crucial for users to be aware of these tactics and to verify the legitimacy of any error messages before taking action. This incident serves as a reminder of the importance of maintaining vigilance against deceptive online threats.

A new social engineering attack called ClickFix is targeting the hospitality industry in Europe by using fake Windows Blue Screen of Death (BSOD) screens. This scheme tricks users into believing their systems have crashed, prompting them to manually compile and run malicious software. The attackers are specifically focusing on employees in hotels and related businesses, making this a significant threat to sensitive customer data and operational continuity. Companies in this sector need to raise awareness among staff and implement training to recognize such scams. The use of a familiar error screen is particularly deceptive, as it plays on users' fears of system failures, leading them to take harmful actions without realizing the risks.