Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [03 Feb 2026]

admin
Cybersecurity News | Daily Recap [03 Feb 2026]

Daily Recap, attackers hijacked an OpenVSX publisher to push the GlassWorm macOS infostealer via malicious extension updates and Notepad++ update tampering, while researchers uncovered 341 ClawHub skills, OpenClaw one-click RCE from a critical token-exfiltration bug (CVE-2026-25253), and MoltBot used to push password-stealing malware across developer ecosystems. The Microsoft section notes APT28 exploiting CVE-2026-21509 to deploy the Covenant loader, NTLM is being phased out in favor of Kerberos, a Windows shutdown bug affects Windows 11 and 10 with a temporary workaround, ShinyHunters expanded extortion to vishing and MFA-credential harvesting alongside the PaneraBread breach, and destructive attacks on Polish energy sites via Fortinet devices, with Mozilla adding an AI controls panel in Firefox and policy moves toward stronger age verification and platform oversight. #GlassWorm #OpenVSX #Notepad++ #ClawHub #OpenClaw #MoltBot #AtomicStealer #CVE-2026-25253 #CVE-2026-21509 #APT28 #CovenantLoader #NTLM #Kerberos #PaneraBread #ShinyHunters #Sandworm #PolandGrid #Fortinet #Firefox #VirtualSecureMode

Supply-chain & Developer Ecosystems

  • Attackers hijacked an OpenVSX publisher account to push the GlassWorm macOS infostealer via malicious extension updates that harvested passwords, wallets and developer secrets from ~22,000 downloads – GlassWorm, GlassWorm
  • State-backed actors compromised Notepad++ update infrastructure for months to deliver selective malicious updates, prompting hosting migration and stronger update signing in new releases — Notepad++ Hijack, Notepad++ Hijack
  • Audit and exploits in developer ecosystems: researchers found 341 malicious ClawHub skills (mostly dropping the Atomic Stealer) while OpenClaw had a critical token-exfiltration bug (CVE-2026-25253, CVSS 8.8) enabling one-click RCE and MoltBot skills were used to push password-stealing malware – ClawHub Skills, OpenClaw RCE, MoltBot

Microsoft & Vulnerabilities

  • APT28 is actively exploiting the Office zero-day CVE-2026-21509 via malicious DOCs to deploy the Covenant loader (COM hijack + Filen C2), prompting urgent patching and mitigations – Office Bug, Office Bug
  • Microsoft announced a three-stage plan to phase out NTLM and move Windows to Kerberos, starting with enhanced auditing and pre-release migration features before disabling NTLM by default in a future release – NTLM Phase-out
  • A January update shutdown bug affecting Windows 11 also impacts Windows 10 when Virtual Secure Mode (VSM) is enabled; affected users can use shutdown /s /t 0 as a temporary workaround while Microsoft readies a fix – Shutdown Bug

Extortion & Breaches

  • ShinyHunters-branded extortion campaigns have expanded into vishing and SSO credential-harvesting phishing to enroll unauthorized devices into MFA and target 100+ organizations, coinciding with the group publishing the Panera breach that exposed 5.1 million unique accounts (not 14M) — revoke tokens and contain IdP access now – ShinyHunters, Panera Breach

Critical Infrastructure

  • Russia‑linked actors exploited internet‑exposed Fortinet devices using default credentials to compromise ICS at roughly 30 Polish energy sites, upload malicious firmware and deploy wipers (attributed to groups including Sandworm) causing permanent device damage – Poland Grid

Privacy & Browsers

  • Mozilla will add an AI controls panel to Firefox v148 with a “Block AI enhancements” toggle (rolling out Feb. 24 in Nightly) to disable current and future generative AI features and block reminders/pop-ups persistently – Firefox AI

Policy & Regulation

  • The Netherlands government is pushing for an enforceable Europe‑wide minimum social media age of 15, privacy-friendly age verification, bans on addictive algorithms and stricter platform oversight following similar moves elsewhere – Social Media Age

Trends & Research

  • SecurityWeek’s Cyber Insights 2026 warns that agentic AI will increasingly automate the cyberattack lifecycle, enabling one-click, adaptive intrusions and driving the need for AI-aware, behavioral defenses – Cyber Insights

Cybersecurity News | Daily Recap – hendryadrian.com