Cybersecurity

The sophisticated Tycoon phishing group is now employing an advanced technique known as device code phishing, a shift from traditional 2FA credential theft. This innovative method leverages legitimate new-device login flows from various services, effectively tricking users into granting direct account access and bypassing even robust multi-factor authentication (MFA). It represents a significant escalation in the ongoing cat-and-mouse game between attackers and security defenses.

The cybersecurity world is grappling with a significant shift as the National Institute of Standards and Technology (NIST) begins to scale back its National Vulnerability Database (NVD) data enrichment efforts. This move creates a critical void in the actionable CVE intelligence that security teams have long relied upon for vulnerability management and risk prioritization. In response, industry leaders and ad hoc coalitions are rapidly forming to develop alternative solutions and fill this essential data gap.

Vercel, the company behind the popular Next.js framework, recently disclosed an expanded data breach, revealing unauthorized access to its internal systems and additional compromised customer accounts. The incident's root cause has been linked to stolen OAuth tokens, stemming from an employee's interaction with an AI tool, Context.ai. This incident highlights the evolving threat landscape where third-party AI tools can inadvertently become vectors for sophisticated supply chain attacks.

Chinese Advanced Persistent Threat (APT) groups have significantly escalated their surveillance of India's financial sector, employing "stale TTPs" that suggest either a low-effort approach or a high degree of confidence in these known methods. These same actors are also observed actively monitoring Korean policy circles, indicating a broader, multifaceted intelligence gathering operation across key Asian nations. The seemingly outdated tactics raise questions about the immediate objectives and the perceived value of the targeted information.

Google has addressed a critical Remote Code Execution (RCE) vulnerability within its 'Antigravity' AI agent, a sophisticated prompt-injection sanitization issue that allowed attackers to escape the product's sandbox. This flaw granted arbitrary code execution capabilities, particularly during filesystem operations, highlighting a significant security exposure in advanced AI systems. The successful patch mitigates a direct threat to Google's AI infrastructure and user data.

A critical remote code execution (RCE) flaw, identified as CVE-2026-1731, has been discovered in Bomgar's Remote Monitoring and Management (RMM) tools, posing an immediate and severe threat to organizations globally. This vulnerability allows attackers to execute arbitrary code on compromised systems, opening the door for widespread supply chain exploitation and devastating ransomware attacks. The flaw's potential for pervasive impact on IT infrastructure cannot be overstated, demanding urgent attention from cybersecurity teams.

North Korea is intensifying its cyber operations, weaponizing sophisticated fake job scams to infiltrate organizations and deploy malware. These campaigns exploit trusted platforms, with compromised developer repositories acting as insidious, worm-like vectors to spread Remote Access Trojans (RATs) and other malicious payloads. The strategy leverages social engineering alongside supply chain vulnerabilities, posing a significant threat across industries.

Microsoft's built-in security platform, Windows Defender, is being actively weaponized by three proof-of-concept exploits, two of which remain unpatched and pose ongoing critical risks. These sophisticated attacks transform the very tool designed to protect Windows systems into an attacker's asset. This development highlights a severe escalation in adversarial tactics, as attackers leverage trusted security software against its users.

Microsoft has issued urgent out-of-band updates to address CVE-2026-40372, a critical privilege escalation vulnerability in ASP.NET Core with a severe CVSS score of 9.1. This flaw allows an unauthorized attacker to gain SYSTEM privileges, disclose sensitive files, and modify data, primarily impacting Linux/macOS applications that utilize specific versions of Microsoft.AspNetCore.DataProtection.

On January 31, 2026, Moltbook, a social network designed for AI agents, was found to have left its database exposed, leaking 35,000 email addresses and a staggering 1.5 million agent API tokens. Critically, the breach also included plaintext third-party credentials, such as OpenAI API keys, shared within private messages, revealing a severe permission breakdown at the intersection of interconnected AI services.

Cybersecurity researchers have uncovered a new and highly destructive data wiper, dubbed Lotus Wiper, which has been actively targeting Venezuela's critical energy and utilities sectors since late last year. This previously undocumented malware is engineered to obliterate systems by overwriting physical drives, deleting recovery mechanisms, and erasing files, leaving affected infrastructure inoperable.

The sophisticated Harvester APT group has escalated its threat landscape by deploying a new Linux variant of its GoGra backdoor, significantly expanding its operational capabilities beyond Windows environments. This latest iteration cunningly utilizes the legitimate Microsoft Graph API and Outlook mailboxes for covert command-and-control, enabling it to evade conventional network defenses and posing a formidable challenge to cybersecurity measures. Evidence suggests these espionage activities are primarily targeting entities within South Asia, with artifacts traced to India and Afghanistan, highlighting a focused regional threat.