Cybersecurity Newsfeed - 02/04/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 02/04/26
🛡️ Vulnerabilities
Apple Issues Emergency iOS 18 Patch for “DarkSword”: Apple released an out-of-band patch to address a rare zero-day vulnerability allowing kernel-level code execution. The exploit was used in targeted attacks to bypass standard sandboxing. More info
ImageMagick Zero-Day RCE Targets Linux/WordPress: A remote code execution flaw in the ImageMagick library is being used to target WordPress servers via specially crafted image uploads. More info
TrueConf Zero-Day Hijacks Update Mechanism: Attackers are exploiting a vulnerability in the TrueConf video conferencing platform to distribute malicious software updates directly to users. More info
CISA Adds New Flaw to KEV Catalog: CISA has mandated that federal agencies patch a newly identified actively exploited vulnerability, emphasizing the risk of unpatched software in the wild. More info
- Microsoft Releases Emergency Windows 11 Update (KB5086672): An out-of-band update was issued to fix a service stack issue that caused previous security patches to fail installation. More info
🎯 Adversaries
Mustang Panda (TA416) Targets European Entities: The Chinese threat actor is targeting diplomatic and government sectors in Europe using updated PlugX trojan variants and geopolitical lures. More info
Axios NPM Supply Chain Compromise: Threat actors injected malicious code into the popular Axios library, potentially impacting millions of applications with credential theft and RCE risks. More info
“NoVoice” Android Malware Infects 2.3M Devices: Approximately 2.3 million devices were infected via Google Play by malware designed to steal SMS-based OTPs and bypass banking security. More info
Casbaneiro Banking Trojan Resurfaces: A new phishing campaign in Latin America is distributing the Casbaneiro trojan to steal financial credentials via browser monitoring. More info
“EvilTokens” Service Fuels Phishing Attacks: A new Malware-as-a-Service (MaaS) automates Microsoft device code phishing, allowing attackers to bypass MFA and hijack accounts. More info
Venom Stealer Commoditizes “ClickFix” Attacks: The Venom Stealer MaaS is now utilizing social engineering scripts that trick users into “fixing” their browsers to exfiltrate data. More info
DeepLoad Malware Deployed via Fake Updates: A sophisticated new loader called “DeepLoad” is using anti-analysis techniques to drop secondary payloads during “ClickFix” campaigns. More info
- Malicious WhatsApp Messages Spread Backdoors: Microsoft warns of a social engineering campaign on WhatsApp using fake documents to install backdoors on mobile devices. More info
📈 Trends
“Routine Access” Driving Modern Intrusions: Attackers are shifting away from complex zero-days in favor of using compromised legitimate credentials to “live off the land” undetected. More info
Ransomware Groups Weaponizing IT Management Tools: Threat actors are increasingly using legitimate RMM tools to bypass antivirus detection and maintain persistence. More info
LATAM Cyber Talent Overlooked Amid Attack Surge: Despite a massive spike in regional attacks, Latin America faces a “brain drain” of security talent, leaving critical infrastructure vulnerable. More info
LinkedIn Phishing Hijacks Professional Accounts: Highly convincing “notification” emails are being used to lead users to spoofed login pages to capture credentials and bypass 2FA. More info
The Debate Over “Hackback” Strategy: Bruce Schneier explores the legal and ethical risks of the U.S. potentially adopting retaliatory “hackback” measures as an official strategy. More info
💥 Breaches & Leaks
Anthropic Leaks Claude AI Internal Code: A misconfiguration in an internal repository allowed unauthorized access to proprietary algorithms and model architecture. More info
Toy Giant Hasbro Targeted in Cyberattack: Hasbro confirmed a breach of internal systems, with reports suggesting a ransomware incident has disrupted business operations. More info
Latin American Governments Hit by Unprecedented Wave: Ransomware and espionage attacks have disrupted public services across several LATAM nations, targeting legacy infrastructure. More info
📚 Others
SentinelOne Blocks Trojaned LiteLLM Package: Autonomous detection systems blocked a malicious package triggered by the Claude Code AI tool designed to steal developer API keys. More info
RedLine Stealer Developer Extradited to U.S.: In a major blow to the MaaS ecosystem, the developer of the notorious RedLine info-stealer has been extradited to face criminal charges. More info
TAC Security Ranked Top 5 in VM and AppSec: Industry reports highlight TAC Security’s unified platform for its effectiveness in managing complex digital attack surfaces. More info