Threat Research | Weekly Recap [22 Mar 2026]

Cybersecurity Threat Research ‘Weekly’ Recap: this overview surveys vulnerabilities, supply-chain and developer-tooling abuse, phishing and malware campaigns across Langflow (CVE-2026-33017), CanisterWorm, CursorJack, SnappyClient, Vidar Stealer, AsyncRAT, GhostMail, Boggy Serpens, DieNet and Konni, with notable operational exposures such as Myclaw360 TLS key and Larva26002. Cybersecurity Threat Research ‘Weekly’ Recap: it also highlights evolving trends in AI-assisted threats, container security with Defend for Containers (D4C) guidance and TeamPCP container attack scenarios, plus CI/CD risk from Trivy action hijacking and related supply-chain abuses. #Langflow #CVE-2026-33017 #CanisterWorm #CursorJack #SnappyClient #VidarStealer #AsyncRAT #GhostMail #BoggySerpens #DieNet #Konni #Myclaw360 #Larva26002 #DefendForContainers #TeamPCP #TrivyAction #Kubernetes

Vulnerabilities & Exploits

Unauthenticated RCE in Langflow’s flow build endpoint was weaponized within ~20 hours to run arbitrary Python and exfiltrate creds; rapid scanning and staged dropper infrastructure observed. CVE-2026-33017: Langflow RCE
Weekly vuln telemetry: 1,641 flaws tracked (175 PoCs, 200 CVSS‑critical) with high‑impact auth bypass/RCEs in Juniper, Cisco SD‑WAN, Qwik and EV charging stacks — Energy & Transportation hit hardest. Week in Vulnerabilities: Juniper, Cisco & ICS
Ingress‑nginx configuration‑injection CVEs require detection across clusters — guidance for rule/telemetry mappings and mitigation checks. Detecting CVE-2026-3288 / CVE-2026-24512
Proof‑of‑concept deeplink exploit for Cursor IDE can fetch and run staged MCP servers or arbitrary commands via user click + install prompt. CursorJack: Cursor IDE deeplink POC

Supply Chain & Developer-Tooling Abuse

An npm publisher compromise deployed a worm (postinstall hooks + republish) across 29+ packages, pulling rotatable second‑stage payloads from an ICP canister. CanisterWorm: npm publisher compromise
GitHub Actions supply‑chain sabotage: aquasecurity/trivy-action had 75 tags force‑updated to malicious commits that steal CI secrets and exfiltrate to typosquatted domains (attributed to TeamPCP). Trivy Action tag compromise (TeamPCP)
GlassWorm evolved to abuse Open VSX transitive dependencies (extensionPack/extensionDependencies) to convert benign extensions into staged loaders and persistent delivery channels. GlassWorm via Open VSX transitive deps
SnappyClient C++ implant (HijackLoader linkage) provides remote access, keylogging, screenshot theft and custom ChaCha20‑Poly1305 C2, using advanced evasion (direct syscalls, transacted hollowing). SnappyClient analysis (HijackLoader)

Phishing, Social Engineering & SaaS Abuse

Malicious Google Forms link business-themed ZIPs in a multi‑stage chain that installs the PureHVNC .NET RAT via DLL hijack, scheduled tasks and process injection. Job‑brief Google Forms → PureHVNC
Invoice/payment‑themed phishing with malicious PDFs and QR codes targets finance/procurement to harvest credentials via reusable templates and rotating backends. Invoice‑themed phishing targeting finance
Fake CAPTCHA / ClickFix social engineering compromises sites to coerce victims into running clipboard PowerShell, delivering in‑memory stealers and a crypto clipboard hijacker across rotating C2s. Fake CAPTCHA / ClickFix stealer campaigns
LiveChat SaaS abused to impersonate brands (PayPal, Amazon) in real‑time chats to capture credentials, cards, MFA codes and PII. LiveChat brand‑impersonation abuse
AI‑augmented phishing campaigns exploit browser permissions to capture data and scale targeted credential theft. AI‑assisted phishing exploiting browser permissions
Vishing + Microsoft Teams impersonation used to socially engineer victims into running staged PowerShell and establish a WebSocket backdoor. Teams vishing → PhantomBackdoor

Malware, RATs & Backdoors

Multi‑stage, fileless campaigns delivering the PureLog stealer use Python/dual .NET loaders, AMSI bypass and remote key retrieval to exfiltrate Windows artifacts in memory. PureLog stealer multi‑stage attack
Infostealer.Speagle hijacks legitimate Cobra DocGuard client/server flows to exfiltrate targeted files (including niche ballistic missile docs) while masquerading as normal traffic. Infostealer.Speagle abusing Cobra DocGuard
ZPHP (SmartApeSG) campaigns use fake CAPTCHAs/ClickFix to deliver Remcos RAT with DLL sideloading, steganography and persistent “Intel PLLQ Components.” ZPHP campaign delivering Remcos
Vidar Stealer 2.0 (C rewrite, polymorphic builds, Telegram/Steam C2) distributed via fake “game cheats” and compromised sites to harvest credentials and wallets. Vidar Stealer 2.0 distribution
macOS campaign uses SEO poisoning + ClickFix social engineering to run Terminal commands that install a staged loader and AppleScript stealer (harvests wallets, SSH keys, modifies Ledger Live). MacSync stealer via SEO poisoning
Malicious KakaoTalk installer via SEO poisoning infected 5,000+ PCs with Winos4.0, adding Defender exclusions and establishing persistence. Winos4.0 via fake KakaoTalk installer
Statically linked 64‑bit Linux backdoor netd (RC4 C2, PTY shell, file transfer) with Mach‑O variant observed on VT; uses dynamic DNS challenge–response over TCP/443. netd low‑detection Linux/macOS backdoor
Technical analysis: SnappyClient implant, Warlock post‑exploit enhancements (TightVNC, tunneling, NSecKrnl BYOVD) and GO‑based scanners highlight expanding post‑exploit toolsets and evasion. Warlock / SnappyClient post‑exploit toolset
Fake Telegram typosquat delivered a multi‑stage loader (DLL loader reconstructing PE from XML) with Defender exclusion manipulation and registry persistence markers. Fake Telegram typosquat multi‑stage loader

APT, Espionage & Targeted Campaigns

Long‑running spear‑phishing delivered VBS/PowerShell droppers and AsyncRAT to Libyan targets (oil refinery, telecom, state) with scheduled task persistence named “devil” — likely focused/possibly state‑sponsored. AsyncRAT campaign targeting Libyan orgs
Operation GhostMail: stored XSS in Zimbra used to steal session tokens, credentials and mailbox data; exfiltration over DNS/HTTPS attributed with medium confidence to APT28. Operation GhostMail: Zimbra XSS (APT28)
Boggy Serpens (Iran‑aligned) evolved to use Rust tooling and AI assistance across diplomatic/critical‑infra targets; toolkit includes BlackBeard, LampoRAT and GhostBackDoor. Boggy Serpens threat assessment
DieNet hacktivist franchise conducted mass DDoS claims and disruption campaigns targeting governments and Western firms, operating as a rented‑infrastructure franchise. DieNet hacktivist network
Detection case: suspected North Korea‑linked remote IT worker uncovered via integrated OTX + XDR behavioral analytics and rapid account termination. North Korea‑linked remote IT worker detected
Konni group used spear‑phishing LNK droppers and abused KakaoTalk sessions to distribute AutoIt RATs for long‑term access and data theft. Konni spear‑phishing & KakaoTalk campaign

Cloud, Containers & CI/CD Security

Elastic Security Labs mapped a TeamPCP container attack scenario showing how Defend for Containers (D4C) telemetry and Kubernetes audit events can surface execution→persistence→miner deployment stages. TeamPCP container attack scenario & D4C
Getting started guidance for Defend for Containers (Elastic Stack) emphasizes runtime detection rules, selectors/responses and cluster deployment models for workload‑aware security. Defend for Containers: getting started
CI/CD exposures: Trivy action compromise and other workflow tool abuses demonstrate the high blast radius of malicious action entrypoints and tag hijacking. CI/CD action tag hijacking (Trivy)

AI, LLMs & Agent Security

Unit42 found early experimental use of LLMs in malware (GPT‑3.5/GPT‑4) for logging, obfuscation suggestions and execution gating — mostly “AI theater” but with a plausible path to AI‑gated payloads. AI use in malware (Unit42)
SentinelOne describes a multi‑agent “adversarial consensus” pipeline for automated malware analysis that cross‑validates multiple reverse‑engineering tools to reduce false positives and decompiler artifacts. Adversarial consensus engine: multi‑agent LLMs
TrendMicro + NVIDIA outline layered controls (pre‑execution policy, runtime enforcement, AI‑specific inspection) to safely deploy autonomous agentic AI at enterprise scale. Securing agentic AI with TrendAI & NVIDIA OpenShell

Scams, Fraud & E‑commerce Abuse

Researchers mapped 20,000+ fraudulent online shops (many on Sellvia WP templates) running on concentrated IPs as an industrialized payment‑credential and PII harvesting ecosystem. Network of 20k+ fake shops
Keitaro Tracker widely abused for domain cloaking, conditional routing and large‑scale AI‑driven investment/tech‑support scams; thousands of malicious instances and RDGA patterns observed. Keitaro abuse for AI‑driven scams
LABScon talk unpacks crypto crime ecosystem (developer‑machine compromises, JS tampering, laundering via cross‑chain swaps/Tornado Cash) and ~US$9B in stolen funds. Crypto crime realities: LABScon25 replay

Ransomware & Extortion Trends

Ransomware actors continued to evolve (data‑theft extortion, VPN/firewall exploits, REDBIKE prevalence); ecosystem profitability shifting toward smaller targets and new tooling (RMM/tunnelers/AI). Ransomware TTPs in 2025 (Google Cloud)

Notable Operational/Infrastructure Exposures

RSA private TLS key for *.myclaw[.]360[.]cn was exposed in distributed installer material for Qihoo 360’s “Security Claw” AI platform, enabling namespace‑wide impersonation if used in production (rotated after discovery). Myclaw 360 TLS private‑key exposure
MS‑SQL servers with weak credentials exploited via brute force/BCP abuse by Larva‑26002 to write downloaders and deploy a Go scanner (ICE Cloud Client); actor has ties to previous ransomware families. Larva‑26002: MS‑SQL compromise & ICE Cloud scanner

Threat Research | Weekly Recap – hendryadrian.com