Cybersec Sentinel

GlassWorm Exploits Trust in Open Source Ecosystems

GlassWorm Exploits Trust in Open Source Ecosystems

Threat Group – Unattributed Threat Type – Supply chain malware, infostealer, credential theft Exploited Vulnerabilities – No CVE assigned. Abuse of trusted package registries, compromised publisher access, stolen developer credentials, invisible Unicode obfuscation, and extension dependency abuse Malware Used – GlassWorm loader and follow on JavaScript based payloads Threat Score – 8.7 🔥 Critical Last

VodkaStealer Malware Harvests Browser Credentials and Session Token

VodkaStealer Malware Harvests Browser Credentials and Session Token

Threat Group – Unidentified financially motivated threat actor associated with the ClickFix WordPress compromise campaign Threat Type – Information Stealer Exploited Vulnerabilities – ClickFix social engineering using compromised WordPress sites and fake Cloudflare verification prompts Malware Used – VodkaStealer, DoubleDonut loader, ChromElevator Threat Score – 🔴 7.6 High – Advanced credential harvesting malware delivered through large

Microsoft Excel Vulnerability CVE-2026-26144 May Allow Data Exposure Through Copilot

Vulnerabilities

Microsoft Excel Vulnerability CVE-2026-26144 May Allow Data Exposure Through Copilot

Threat Group – Unknown / Opportunistic Threat Actors Threat Type – Information Disclosure Vulnerability Exploited Vulnerabilities – CVE-2026-26144 Malware Used – None required (AI-assisted data exfiltration via Copilot Agent) Threat Score – 7.2 🔴 High – The vulnerability enables zero interaction data leakage through an automated AI agent integrated into Microsoft Office. The flaw can be triggered

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

Threat Group – UnsolicitedBooker Threat Type – Backdoor / Advanced Persistent Threat Exploited Vulnerabilities – CVE-2018-0802 Malware Used – MarsSnake, MarsSnakeLoader, LuciDoor, LuciLoad Threat Score – 8.7 🔥 Critical – State aligned espionage platform with wormable capability, decentralised IPFS command fallback, telecommunications targeting, long term persistence and advanced evasion techniques Last Threat Observation – 24 February 2026 Overview

What Is Moonrise RAT and Why It Poses a Serious Risk

What Is Moonrise RAT and Why It Poses a Serious Risk

Threat Group – Unattributed Threat Type – Remote Access Trojan Exploited Vulnerabilities – No confirmed CVEs. Delivery aligned with user execution and social engineering techniques Malware Used – Moonrise RAT Threat Score – 7.8 🔴 High. Enables interactive remote control, credential theft, surveillance, and persistence with low early static detection which increases dwell time and

MIMICRAT Campaign Uses Fake Verification Lure

MIMICRAT Campaign Uses Fake Verification Lure

Threat Group – Unknown financially motivated operators Threat Type – Remote Access Trojan and social engineering campaign Exploited Vulnerabilities – User driven execution abuse of Windows Run dialog and PowerShell Malware Used – MIMICRAT Threat Score – 8.2 🔴 High Last Threat Observation – February 2026, reported by multiple security research teams including Securonix and independent

Reynolds Ransomware Shows Why BYOVD Is the New EDR Bypass

Reynolds Ransomware Shows Why BYOVD Is the New EDR Bypass

Threat Group Reynolds Ransomware Group Threat Type Ransomware with integrated Bring Your Own Vulnerable Driver exploitation Exploited Vulnerabilities CVE-2025-68947 abuse of the NsecSoft NSecKrnl driver authorisation model Malware Used Reynolds Ransomware with embedded NSecKrnl.sys kernel driver Threat Score 🔴 9.1/10 High risk Last Threat Observation 11 February 2026

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Threat Group Lotus Blossom Billbug Threat Type Supply chain compromise via updater infrastructure hijack and malicious plugin persistence Exploited Vulnerabilities Weak certificate and signature validation in the Notepad++ auto updater prior to version 8.8.9. Abuse of shared hosting infrastructure trust. DLL search order hijacking in plugin loading mechanisms.

MoonPeak and the Growing Sophistication of DPRK Intrusions

MoonPeak and the Growing Sophistication of DPRK Intrusions

Threat Group UAT-5394 with strong tactical overlap to Kimsuky Threat Type Remote Access Trojan derived from XenoRAT delivered via weaponised LNK files and PowerShell droppers Exploited Vulnerabilities Windows LNK execution trust abuse, PowerShell execution policy bypass, LOTS and LOLBins abuse, trusted cloud and code hosting platforms Malware Used MoonPeak RAT

PeckBirdy Exposes a New Living off the Land Threat

PeckBirdy Exposes a New Living off the Land Threat

Threat Group China aligned APT operators tracked as SHADOW VOID 044 and SHADOW EARTH 045 Threat Type JScript based command and control framework abusing trusted Windows utilities Exploited Vulnerabilities Abuse of Windows Script Host trust model, mshta.exe execution, ScriptControl ActiveX usage, browser watering hole injection, legacy Chrome V8 flaws