Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [16 Feb 2026]

admin
Cybersecurity News | Daily Recap [16 Feb 2026]

Daily Recap, researchers report a live ClawdBot infection that exfiltrates OpenClaw configurations (including private keys) enabling AI‑agent impersonation, while CTM360 warns of a global campaign distributing Lumma Stealer and a trojanized Ninja Browser via Google Groups and weaponized ad fraud. Patch alerts follow, with BeyondTrust CVE-2026-1731 requiring patching within 3 days, Google Chrome’s high‑severity zero‑day CVE-2026-2441 being fixed across platforms, Windows 11 boot issues addressed by KB5077181, Lotus Blossom hijacking Notepad++ updates to deploy Chrysalis and Cobalt Strike in high‑value targets, and VoidLink campaigns affecting technology and financial sectors alongside ShinyHunters’ Canada Goose data leak. #ClawdBot #OpenClaw #LummaStealer #NinjaBrowser #ModeloRAT #NotepadPlusPlus #Chrysalis #CobaltStrike #LotusBlossom #VoidLink #ShinyHunters #CanadaGoose #BeyondTrust #ChromeZeroDay

Infostealers & Ad Fraud

  • Researchers observed a live ClawdBot infection that exfiltrated OpenClaw configs (including private keys) enabling AI‑agent impersonation, while CTM360 warns of a global campaign using Google Groups to distribute Lumma Stealer and a trojanized “Ninja Browser”, and industry experts say agentic browsers are being weaponized for ad fraud. – ClawdBot/Infostealers, Lumma/Ninja, Ad Fraud

ClickFix & Crypto Attacks

  • Microsoft and researchers disclosed a new ClickFix variant that tricks users into running nslookup to perform DNS‑based staging and deliver payloads including ModeloRAT, and related campaigns abuse Pastebin comments and malicious JavaScript to hijack crypto swap deposits. – DNS ClickFix, Microsoft ClickFix, Swap Hijack

Patch Alerts & Zero‑days

  • CISA ordered federal civilian agencies to patch an actively exploited BeyondTrust RCE (CVE‑2026‑1731) within 3 days, warning that thousands of exposed on‑prem deployments may already be compromised. – BeyondTrust Patch
  • Google released emergency updates to fix a high‑severity Chrome zero‑day (CVE‑2026‑2441) exploited in the wild and backported fixes to Stable Desktop on Windows, macOS, and Linux. – Chrome Zero‑day
  • Microsoft delivered Patch Tuesday KB5077181 to resolve boot failures (UNMOUNTABLE_BOOT_VOLUME) affecting some Windows 11 25H2/24H2 systems, though previously unbootable devices may require manual remediation. – Win11 Fix

Supply‑Chain & Targeted Attacks

  • Unit 42 says state‑sponsored Lotus Blossom hijacked Notepad++ update hosting to selectively deliver the Chrysalis backdoor or Cobalt Strike via DLL side‑loading and injected scripts to high‑value targets in Southeast Asia and beyond. – Notepad++ Hijack
  • Threat actor UAT‑9921 is deploying VoidLink malware to target the technology and financial sectors, aiming for access and persistence in high‑value environments. – VoidLink Campaign

Data Breaches

  • ShinyHunters published a 1.67 GB dataset claiming over 600,000 Canada Goose customer records (names, contacts, partial card data, IPs, orders); Canada Goose says it has found no evidence of an internal breach and is investigating. – Canada Goose Leak

Cybersecurity News | Daily Recap – hendryadrian.com