Zero Day Wire - Zero Day Wire (Page 2)

Threats

GS7 Threat Group Targets Fortune 500 Financial Institutions With Near-Perfect Brand Impersonation in Operation DoppelBrand

A financially motivated threat group tracked as GS7 has been running a large-scale phishing operation against Fortune 500 financial institutions, constructing near-perfect replicas of corporate login portals to harvest credentials and deploy remote access tools, according to research published by SOCRadar. The campaign, dubbed Operation DoppelBrand, was first observed between

Threats

Infostealers Begin Targeting OpenClaw AI Agent Configuration Files, Stealing Gateway Tokens and Cryptographic Keys

Information-stealing malware has been caught exfiltrating configuration files from OpenClaw, the rapidly growing open-source AI agent platform, in what researchers describe as the first observed case of infostealers targeting AI agent infrastructure. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser

Threats

Former L3Harris Cyber Executive Sold Eight Zero-Day Exploit Kits to Russian Broker, DoJ Reveals

A former senior executive at L3Harris's cyber subsidiary Trenchant sold eight zero-day exploit kits to a broker who regularly provided exploits to the Russian government, according to a sentencing memorandum published by the US Department of Justice. Peter Williams, the former General Manager of Trenchant, pleaded guilty to

Threats

Hijacked Google Ads and Fake Claude AI Guides Used to Deliver MacSync Infostealer Through ClickFix Campaign

Attackers are hijacking verified Google Ads accounts and abusing a public Claude AI artifact page to deliver the MacSync infostealer to macOS users through ClickFix social engineering, according to researchers at Moonlock Lab. The campaign combines three distinct social engineering layers — hijacked advertising infrastructure, trusted AI platform content, and Terminal

Breaches

ShinyHunters Claims 600,000 Customer Records From Canada Goose as Third-Party Payment Processor Breach

Data extortion group ShinyHunters has published over 600,000 customer records from Canadian luxury outerwear brand Canada Goose, including personal information, partial payment card data, and detailed e-commerce order histories. Canada Goose, a Toronto-based brand founded in 1957 with a global retail footprint and nearly 4,000 employees, confirmed awareness

Alerts

Google Patches First Chrome Zero-Day of 2026 After Active Exploitation of CSS Use-After-Free Flaw (CVE-2026-2441)

Google has released emergency Chrome updates to address CVE-2026-2441, a high-severity use-after-free vulnerability in Chrome's CSS handling that was being actively exploited before a fix was available — marking the first Chrome zero-day of 2026. CVE-2026-2441 The vulnerability (CVSS 8.8) allows a remote attacker to execute arbitrary code

Alerts

BeyondTrust CVSS 9.9 Pre-Auth RCE Now Exploited in the Wild as Attackers Target Remote Access Infrastructure

Threat actors have begun actively exploiting a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances, with exploitation detected across global sensor networks overnight. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," said Ryan Dewhurst, head of threat

Breaches

Qilin Ransomware Gang Breaches Romania's National Oil Pipeline Operator Conpet, Claims 1TB Data Theft

Romania's national oil pipeline operator Conpet S.A. has confirmed that the Qilin ransomware group breached its corporate IT infrastructure and stole company data in an attack last week, marking another critical infrastructure target hit by the increasingly aggressive ransomware operation. Conpet S.A. is a strategic company

Threats

Lazarus Group Poisons npm and PyPI With Fake Recruitment Campaign Deploying Token-Based RAT

The North Korea-linked Lazarus Group has been planting malicious packages across both npm and PyPI repositories through an elaborate fake recruitment campaign targeting developers in the blockchain and cryptocurrency space, deploying a modular remote access trojan with a command-and-control mechanism unique to North Korean operations. ReversingLabs researchers discovered the campaign,

Breaches

30 Fake AI Chrome Extensions With 300,000 Installs Caught Stealing Credentials, Gmail Data, and Audio

Thirty malicious Chrome extensions with a combined 300,000 installations have been caught masquerading as AI assistants while stealing credentials, email content, browsing data, and even activating voice recognition to capture audio from victim environments. Researchers at browser security platform LayerX discovered the campaign, dubbed AiFrame, and confirmed all 30

Breaches

Comcast Agrees to $117.5M Settlement Over Citrix Bleed Breach That Exposed 31.6 Million Customers

Comcast has agreed to pay $117.5 million to settle a class action lawsuit stemming from the October 2023 data breach in which attackers exploited the Citrix Bleed vulnerability to compromise the personal information of 31.6 million customers. US District Judge John Milton Younge granted preliminary approval on January

China's APT31 Used Gemini AI and Hexstrike to Automate Vulnerability Analysis Against US Targets

China's APT31 used Google's Gemini AI chatbot combined with the Hexstrike red-teaming framework to automate vulnerability analysis and plan cyberattacks against specific US-based targets, according to Google's latest AI Threat Tracker report. APT31 — also tracked as Violet Typhoon, Zirconium, and Judgment Panda — is a