Research
-
New Russian-linked campaign uses BadPaw loader to deploy MeowMeow backdoor in Ukraine
A new cyber campaign targeted Ukrainian organizations using a .NET loader named BadPaw that deploys a MeowMeow backdoor after a phishing ZIP archive and HTA lure, with sandbox checks and persistence tactics.
-
SloppyLemming deploys BurrowShell and Rust keylogger against Pakistan and Bangladesh
SloppyLemming attacked government and critical infrastructure in Pakistan and Bangladesh from January 2025 to January 2026, deploying the BurrowShell backdoor and a Rust keylogger through spear-phishing PDF and Excel lures.
-
Starkiller phishing suite proxies live login pages to bypass MFA
Researchers disclosed Starkiller, a phishing suite that proxies live login pages through attacker controlled headless browsers to capture keystrokes, session tokens and MFA codes. The toolkit centralises deployment and uses URL masking to hide destinations.
-
CyberStrikeAI observed on infrastructure tied to FortiGate campaign, researchers say
A Team Cymru report says the open source CyberStrikeAI platform was observed on infrastructure tied to a campaign that compromised more than 500 FortiGate firewalls. The report found 21 IPs running the tool between January 20 and February 26, 2026.
-
Patched Chrome flaw allowed malicious extensions to hijack Gemini panel
A Unit 42 technical analysis found CVE-2026-0628 could let malicious Chrome extensions inject code into the Gemini panel and access camera, microphone, screenshots, and local files. Google patched the issue in early January 2026.
-
Chrome to adopt Merkle Tree Certificates in phased move toward quantum resistance
Google said Chrome will develop Merkle Tree Certificates to make HTTPS resilient to future quantum threats and plans a phased rollout through Q3 2027, beginning with a feasibility study with Cloudflare.
-
North Korean actors publish 26 malicious npm packages that deploy credential stealer and RAT
North Korean-linked actors published 26 malicious npm packages in March 2026 that use Pastebin text steganography and Vercel hosted C2 to deliver a credential stealer and remote access trojan targeting developer systems.
-
Agentic AI moves into production, raising governance and monitoring demands
Agentic AI is moving into production, enabling models to plan and execute multi-step tasks without continuous human input. This increases the need for supervised fine-tuning, continuous monitoring and traceability to manage operational and regulatory risk.
-
ClawJacked flaw let malicious websites brute force local OpenClaw instances
A high severity OpenClaw vulnerability called ClawJacked let malicious websites brute force local management passwords at hundreds of guesses per second. OpenClaw issued a fix in version 2026.2.26 on February 26 to block the attack.
-
Malicious NuGet package impersonated Stripe library and logged 180,000 downloads
A malicious NuGet package posing as a Stripe payments library was uploaded on February 16, 2026 and amassed over 180,000 downloads across 506 versions before removal. Researchers documented the campaign.
