Threats

Threats

Check Point Demonstrates AI Chatbots as Covert C2 Channels — Grok and Copilot Exploited Without Authentication

Check Point Research (CPR) has published findings showing that AI assistants with web-browsing capabilities can be weaponized as covert command-and-control infrastructure — allowing malware to communicate with attacker servers through trusted AI domains that blend seamlessly into normal enterprise traffic. The technique was demonstrated against Grok and Microsoft Copilot, both of

Threats

Microsoft Exposes "AI Recommendation Poisoning" — Businesses Secretly Manipulating Chatbot Memory via Summarize Buttons

Microsoft's Defender Security Research Team has uncovered a widespread campaign in which legitimate businesses are embedding hidden prompt injection commands inside "Summarize with AI" buttons on their websites — hijacking AI assistant memory to bias future recommendations in their favor. The technique, which Microsoft has dubbed AI

Threats

GS7 Threat Group Targets Fortune 500 Financial Institutions With Near-Perfect Brand Impersonation in Operation DoppelBrand

A financially motivated threat group tracked as GS7 has been running a large-scale phishing operation against Fortune 500 financial institutions, constructing near-perfect replicas of corporate login portals to harvest credentials and deploy remote access tools, according to research published by SOCRadar. The campaign, dubbed Operation DoppelBrand, was first observed between

Threats

Infostealers Begin Targeting OpenClaw AI Agent Configuration Files, Stealing Gateway Tokens and Cryptographic Keys

Information-stealing malware has been caught exfiltrating configuration files from OpenClaw, the rapidly growing open-source AI agent platform, in what researchers describe as the first observed case of infostealers targeting AI agent infrastructure. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser

Threats

Former L3Harris Cyber Executive Sold Eight Zero-Day Exploit Kits to Russian Broker, DoJ Reveals

A former senior executive at L3Harris's cyber subsidiary Trenchant sold eight zero-day exploit kits to a broker who regularly provided exploits to the Russian government, according to a sentencing memorandum published by the US Department of Justice. Peter Williams, the former General Manager of Trenchant, pleaded guilty to

Threats

Hijacked Google Ads and Fake Claude AI Guides Used to Deliver MacSync Infostealer Through ClickFix Campaign

Attackers are hijacking verified Google Ads accounts and abusing a public Claude AI artifact page to deliver the MacSync infostealer to macOS users through ClickFix social engineering, according to researchers at Moonlock Lab. The campaign combines three distinct social engineering layers — hijacked advertising infrastructure, trusted AI platform content, and Terminal

Threats

Lazarus Group Poisons npm and PyPI With Fake Recruitment Campaign Deploying Token-Based RAT

The North Korea-linked Lazarus Group has been planting malicious packages across both npm and PyPI repositories through an elaborate fake recruitment campaign targeting developers in the blockchain and cryptocurrency space, deploying a modular remote access trojan with a command-and-control mechanism unique to North Korean operations. ReversingLabs researchers discovered the campaign,

Threats

Single Bulletproof Hosting IP Behind 83% of Ivanti EPMM Exploitation as Sleeper Shells Target MDM Infrastructure

A single IP address on bulletproof hosting infrastructure is responsible for 83% of all exploitation attempts targeting the critical Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have already compromised multiple European government agencies. Threat intelligence firm GreyNoise recorded 417 exploitation sessions from 8 unique source IPs between February 1-9, with

Threats

Crazy Ransomware Operator Weaponizes Employee Monitoring Software for Stealth Persistence

A Crazy ransomware affiliate is abusing legitimate employee monitoring software and remote support tools to maintain stealth persistence inside corporate networks, blending malicious activity with normal administrative operations before deploying ransomware. Researchers at Huntress investigated multiple intrusions where the threat actor deployed Net Monitor for Employees Professional alongside the SimpleHelp

Threats

North Korean UNC1069 Deploys AI-Generated Deepfakes and Seven Malware Families to Target Crypto Sector

Google Mandiant has detailed a sophisticated North Korean intrusion campaign in which the threat group UNC1069 used AI-generated deepfake video calls, compromised Telegram accounts, and ClickFix social engineering to deploy seven unique malware families against cryptocurrency sector targets. UNC1069 — also tracked as CryptoCore and MASAN — has been active since at

Threats

LummaStealer Rebounds With CastleLoader Campaigns as ClickFix Infections Surge Globally

LummaStealer — the prolific infostealer-as-a-service operation that law enforcement disrupted in May 2025 — has staged a significant comeback, with Bitdefender researchers documenting a major surge in infections between December 2025 and January 2026. The resurgence is powered by CastleLoader, a modular malware loader that uses ClickFix social engineering to trick users

Threats

Kimwolf IoT Botnet Disrupts I2P Anonymity Network in Massive Sybil Attack

The massive IoT botnet known as Kimwolf has spent the past week disrupting the Invisible Internet Project (I2P), a decentralized anonymity network, after its operators attempted to join approximately 700,000 infected devices as nodes on the network. The incident represents one of the largest Sybil attacks ever observed against