Research
-
Google links Axios npm compromise to suspected North Korean group
Google has linked the Axios npm supply chain compromise to a suspected North Korean group after attackers pushed trojanized package versions that could deliver malware to Windows, macOS and Linux systems.
-
Claude-assisted analysis finds Vim and Emacs flaws that can run code when files open
Researchers using Claude found remote code execution flaws in Vim and GNU Emacs that can trigger when a file is opened. Vim has been patched, while the Emacs issue remains unresolved.
-
TrueConf zero-day exploited in attacks on Southeast Asian government entities
A zero-day in TrueConf client video conferencing software was exploited in attacks on Southeast Asian government entities. The flaw let a tampered update run arbitrary code, and the vendor has since patched it in Windows client 8.5.3.
-
Google Vertex AI flaw could expose cloud data, researchers say
Researchers say a Google Cloud Vertex AI flaw could let an attacker abuse AI agent permissions to reach customer data and restricted internal repositories. Google has updated guidance and urged least-privilege controls.
-
OpenAI patches ChatGPT data leak bug, researchers say
OpenAI patched a ChatGPT flaw on February 20, 2026, after researchers said a malicious prompt could leak chat messages, uploaded files and other sensitive data through a hidden DNS-based channel.
-
DeepLoad malware uses ClickFix lure and WMI to spread and steal credentials
A new DeepLoad malware campaign is using ClickFix lures, Windows tools and WMI to steal credentials, hide activity and reinfect cleaned hosts, according to a technical analysis from ReliaQuest.
-
Russian-origin CTRL toolkit spread through malicious Windows shortcut files, researchers say
Researchers say a Russian-origin toolkit called CTRL was spread through malicious Windows shortcut files disguised as private key folders. The malware adds phishing, keylogging, RDP hijacking and reverse tunneling while limiting network traces.
-
Three China-linked clusters targeted Southeast Asian government, researchers say
Researchers said three China-linked clusters targeted a Southeast Asian government organization in 2025, using several malware families and techniques aimed at staying inside networks for long-term access.
-
China-linked group embeds stealthy kernel backdoors in telecom networks, Rapid7 says
Security firm Rapid7 reported that a China-linked threat cluster known as Red Menshen has embedded kernel-level implants and stealthy backdoors such as BPFDoor inside telecommunications networks to gather intelligence while evading conventional detection.
-
Researchers find flaw that could let websites inject prompts into Anthropic’s Claude Chrome extension
Researchers disclosed a flaw called ShadowPrompt in Anthropic’s Claude Chrome extension that combined an overly permissive origin allowlist and a DOM-based XSS in an Arkose Labs CAPTCHA, allowing websites to inject prompts; Anthropic and Arkose issued fixes in December 2025 and February 2026.
