Cybersec Sentinel

Axios npm Backdoored: UNC1069 Deploys Cross-Platform RAT via Supply Chain Attack

Supply Chain Attack

Axios npm Backdoored: UNC1069 Deploys Cross-Platform RAT via Supply Chain Attack

GroupUNC1069 (North Korea-nexus, BlueNoroff-linked, financially motivated threat actor)Typenpm Supply Chain Compromise / Cross-Platform Remote Access TrojanMalwareSILKBELL: postinstall dropper embedded in plain-crypto-js@4.2.1. WAVESHAPER.V2: updated cross-platform RAT linked to prior BlueNoroff RustBucket campaignsScore🔴 9.5 Critical. Nation-state supply chain attack on one of npm's most downloaded

TeamPCP Injects Credential Stealer Into Trivy Releases and Spreads to npm via CanisterWorm

TeamPCP Injects Credential Stealer Into Trivy Releases and Spreads to npm via CanisterWorm

GroupTeamPCP (financially motivated threat actor, reportedly collaborating with LAPSUS$ for extortion; nationality unconfirmed)TypeMulti-Ecosystem Supply Chain Attack, Infostealer, Self-Propagating Worm, Kubernetes WiperDeliveryCompromised GitHub Actions (trivy-action, setup-trivy, kics-github-action, ast-github-action) plus poisoned PyPI packages (litellm) and self-propagating npm infection via CanisterWormMalwareTeamPCP Cloud Stealer — three-stage CI/CD credential harvester; CanisterWorm —

DarkSword iOS Exploit Chains Six Vulnerabilities for Silent Device Takeover

DarkSword iOS Exploit Chains Six Vulnerabilities for Silent Device Takeover

GroupUNC6353 (suspected Russian espionage); UNC6748 (cybercriminal); PARS Defense (commercial surveillance vendor)TypeiOS Exploit Kit, Infostealer, APT CampaignCVEsCVE-2025-31277 (JavaScriptCore JIT type confusion); CVE-2025-43529 (JavaScriptCore DFG garbage collection bug); CVE-2026-20700 (dyld PAC bypass); CVE-2025-14174 (ANGLE memory corruption, CVSS 8.8); CVE-2025-43510 (XNU copy-on-write privilege escalation, CVSS 8.6); CVE-2025-43520 (XNU VFS race

GlassWorm Exploits Trust in Open Source Ecosystems

GlassWorm Exploits Trust in Open Source Ecosystems

Threat Group – Unattributed Threat Type – Supply chain malware, infostealer, credential theft Exploited Vulnerabilities – No CVE assigned. Abuse of trusted package registries, compromised publisher access, stolen developer credentials, invisible Unicode obfuscation, and extension dependency abuse Malware Used – GlassWorm loader and follow on JavaScript based payloads Threat Score – 8.7 🔥 Critical Last

VodkaStealer Malware Harvests Browser Credentials and Session Token

VodkaStealer Malware Harvests Browser Credentials and Session Token

Threat Group – Unidentified financially motivated threat actor associated with the ClickFix WordPress compromise campaign Threat Type – Information Stealer Exploited Vulnerabilities – ClickFix social engineering using compromised WordPress sites and fake Cloudflare verification prompts Malware Used – VodkaStealer, DoubleDonut loader, ChromElevator Threat Score – 🔴 7.6 High – Advanced credential harvesting malware delivered through large

Microsoft Excel Vulnerability CVE-2026-26144 May Allow Data Exposure Through Copilot

Vulnerabilities

Microsoft Excel Vulnerability CVE-2026-26144 May Allow Data Exposure Through Copilot

Threat Group – Unknown / Opportunistic Threat Actors Threat Type – Information Disclosure Vulnerability Exploited Vulnerabilities – CVE-2026-26144 Malware Used – None required (AI-assisted data exfiltration via Copilot Agent) Threat Score – 7.2 🔴 High – The vulnerability enables zero interaction data leakage through an automated AI agent integrated into Microsoft Office. The flaw can be triggered

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

Threat Group – UnsolicitedBooker Threat Type – Backdoor / Advanced Persistent Threat Exploited Vulnerabilities – CVE-2018-0802 Malware Used – MarsSnake, MarsSnakeLoader, LuciDoor, LuciLoad Threat Score – 8.7 🔥 Critical – State aligned espionage platform with wormable capability, decentralised IPFS command fallback, telecommunications targeting, long term persistence and advanced evasion techniques Last Threat Observation – 24 February 2026 Overview

What Is Moonrise RAT and Why It Poses a Serious Risk

What Is Moonrise RAT and Why It Poses a Serious Risk

Threat Group – Unattributed Threat Type – Remote Access Trojan Exploited Vulnerabilities – No confirmed CVEs. Delivery aligned with user execution and social engineering techniques Malware Used – Moonrise RAT Threat Score – 7.8 🔴 High. Enables interactive remote control, credential theft, surveillance, and persistence with low early static detection which increases dwell time and

MIMICRAT Campaign Uses Fake Verification Lure

MIMICRAT Campaign Uses Fake Verification Lure

Threat Group – Unknown financially motivated operators Threat Type – Remote Access Trojan and social engineering campaign Exploited Vulnerabilities – User driven execution abuse of Windows Run dialog and PowerShell Malware Used – MIMICRAT Threat Score – 8.2 🔴 High Last Threat Observation – February 2026, reported by multiple security research teams including Securonix and independent

Reynolds Ransomware Shows Why BYOVD Is the New EDR Bypass

Reynolds Ransomware Shows Why BYOVD Is the New EDR Bypass

Threat Group Reynolds Ransomware Group Threat Type Ransomware with integrated Bring Your Own Vulnerable Driver exploitation Exploited Vulnerabilities CVE-2025-68947 abuse of the NsecSoft NSecKrnl driver authorisation model Malware Used Reynolds Ransomware with embedded NSecKrnl.sys kernel driver Threat Score 🔴 9.1/10 High risk Last Threat Observation 11 February 2026