News
-
Malicious npm package posing as OpenClaw installer deploys RAT, steals credentials
A JFrog technical analysis reported a malicious npm package posing as an OpenClaw installer. Uploaded March 3, 2026, the package installs a RAT and steals credentials, browser data, wallets and other sensitive macOS data.
-
Two Chrome extensions weaponized after ownership transfers, affecting about 7,800 users
Two Chrome extensions were weaponized after ownership transfers, allowing remote JavaScript to bypass protections and harvest credentials. QuickLens affected about 7,000 users and ShotBird about 800 users. Users should remove unknown extensions and audit browsers.
-
CL-UNK-1068 espionage campaign targets critical sectors across Asia
Palo Alto Networks Unit 42 reported a years-long CL-UNK-1068 campaign that targeted critical sectors across Asia, using web server exploits, web shells and credential theft tools to steal sensitive files and maintain persistent access.
-
FBI investigates breach affecting wiretap management system
The FBI is probing a breach that affected an unclassified system used to manage wiretaps and surveillance warrants. The agency began investigating on February 17 after spotting abnormal logs, and said it addressed suspicious activity.
-
CISA adds two critical Hikvision and Rockwell vulnerabilities to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency added two critical CVE-2017-7921 and CVE-2021-22681 vulnerabilities affecting Hikvision and Rockwell products to its Known Exploited Vulnerabilities catalog, both rated CVSS 9.8.
-
Iran-linked MuddyWater embeds Dindoor backdoor in multiple U.S. corporate networks
Iran-linked MuddyWater deployed a Dindoor backdoor across multiple U.S. corporate networks, including banks and an airport, and used cloud utilities in suspected data exfiltration attempts, with success unconfirmed.
-
China-linked group targets South American telecoms with Windows Linux and edge implants
A Cisco Talos technical analysis found a China-linked APT has targeted South American telecommunications since 2024 using three implants for Windows Linux and edge devices aimed at reconnaissance and brute force operations.
-
Self-propagating JavaScript worm vandalizes Meta-Wiki pages
Engineers restricted editing on March 5 2026 after a self-propagating JavaScript worm modified about 3,996 pages and replaced roughly 85 users’ common.js scripts. Injected code was removed and edits were reverted while investigation continues.
-
Suspected Iran-nexus actor impersonated Iraqi ministry to deploy novel malware
Zscaler ThreatLabz observed a January 2026 campaign that impersonated Iraq’s Ministry of Foreign Affairs to deliver SPLITDROP, TWINTASK, TWINTALK and GHOSTFORM using staged payloads, evasion and fileless execution.
-
New Russian-linked campaign uses BadPaw loader to deploy MeowMeow backdoor in Ukraine
A new cyber campaign targeted Ukrainian organizations using a .NET loader named BadPaw that deploys a MeowMeow backdoor after a phishing ZIP archive and HTA lure, with sandbox checks and persistence tactics.
