Anomali Cyber Watch: LockBit 5.0, Chrome Zero-Day CVE-2026-2441, Infostealer Targets OpenClaw, and more

<div id="weekly"> <div id="trending-threats" class="trending-threats-article"> <h2 id="article-1"><a href="https://www.helpnetsecurity.com/2026/02/16/lockbit-5-0-ransomware-windows-linux-esxi/" target="_blank" rel="noopener noreferrer">LockBit 5.0 Ransomware Targets Windows, Linux, and VMware ESXi in Active Campaigns </a></h2> <p>(published: February 16, 2026)</p> <p> Researchers identified a new version of LockBit ransomware, version 5.0, released in September 2025 and currently deployed in active attacks. Unlike earlier versions, LockBit 5.0 includes dedicated builds for Windows, Linux, and VMware ESXi, allowing attackers to strike endpoints, servers, and virtualized infrastructure within a single campaign. The group operates a ransomware-as-a-service (RaaS) model and applies double-extortion, encrypting files while also stealing data to increase pressure on victims. All three variants use the same encryption scheme, append a randomly generated extension to encrypted files, and drop an identical ransom note. The Windows build is the most technically complex, employing multiple techniques to evade detection and hinder forensic investigation, including injecting into a legitimate Windows process, disabling system monitoring functions, clearing event logs, and deleting itself after encryption. The Linux and ESXi builds are simpler in construction but check for analysis tools and terminate if any are detected. The ESXi variant specifically targets virtual machine files and shuts down running virtual machines before encrypting them, ensuring files are not locked during the process. The ransomware avoids systems in post-Soviet regions. Since December 2025, 60 victims have appeared on the group's data leak site, primarily U.S. private sector organizations. <br> <br><b>Analyst Comment:</b> LockBit 5.0 represents a deliberate broadening of scope rather than a fundamental change in how the group operates. The most significant shift for defenders is the maturity of the ESXi variant. Virtualised environments can be treated as lower-priority targets in security programs, but a single compromised hypervisor can result in the simultaneous encryption of multiple virtual machines, making recovery complex and time-consuming. Organisations running ESXi or Proxmox infrastructure should ensure these environments are included in backup, monitoring, and incident response planning with the same priority as Windows endpoints. Offline, regularly tested backups remain the most reliable recovery control. Defenders should also monitor for behaviors consistent with the Windows variant's post-encryption activity, specifically the disabling of Event Tracing for Windows and systematic log clearing, as detection of these actions may indicate an encryption event is already underway or complete. The victim profile, primarily U.S. private sector organizations across multiple industries, may suggest opportunistic affiliate-driven targeting rather than a narrowly focused campaign.<br> <br><b>MITRE ATT&amp;CK: </b> <a href="https://ui.threatstream.com/attackpattern/9592">T1027.002 - Obfuscated Files or Information: Software Packing</a> | <a href="https://ui.threatstream.com/attackpattern/18584">T1027.007 - Obfuscated Files or Information: Dynamic Api Resolution</a> | <a href="https://ui.threatstream.com/attackpattern/37188">T1027.013 - Obfuscated Files or Information: Encrypted/Encoded File</a> | <a href="https://ui.threatstream.com/attackpattern/9598">T1036.001 - Masquerading: Invalid Code Signature</a> | <a href="https://ui.threatstream.com/attackpattern/9920">T1055.012 - Process Injection: Process Hollowing</a> | <a href="https://ui.threatstream.com/attackpattern/9768">T1070.001 - Indicator Removal on Host: Clear Windows Event Logs</a> | <a href="https://ui.threatstream.com/attackpattern/9770">T1070.004 - Indicator Removal on Host: File Deletion</a> | <a href="https://ui.threatstream.com/attackpattern/9982">T1485 - Data Destruction</a> | <a href="https://ui.threatstream.com/attackpattern/10080">T1486 - Data Encrypted For Impact</a> | <a href="https://ui.threatstream.com/attackpattern/9950">T1489 - Service Stop</a> | <a href="https://ui.threatstream.com/attackpattern/10089">T1497.001 - Virtualization/Sandbox Evasion: System Checks</a> | <a href="https://ui.threatstream.com/attackpattern/10079">T1562.001 - Impair Defenses: Disable Or Modify Tools</a> | <a href="https://ui.threatstream.com/attackpattern/9938">T1562.006 - Impair Defenses: Indicator Blocking</a> | <a href="https://ui.threatstream.com/attackpattern/12893">T1622 - Debugger Evasion</a><br> <b>Target Region:</b> Americas<br> <b>Target Country:</b> United states<br> <b>Source Country:</b> Russian federation<br> <b>Source Region:</b> Europe<br> </p> <h2 id="article-1"><a href="https://www.theregister.com/2026/02/16/chromes_zeroday/" target="_blank" rel="noopener noreferrer">Google Patches Actively Exploited Chrome Zero-Day CVE-2026-2441 </a></h2> <p>(published: February 16, 2026)</p> <p> Google released an emergency update for Chrome on February 13, 2026, to address CVE-2026-2441, a use-after-free vulnerability in the browser's Cascading Style Sheets (CSS) component, rated high severity with a Common Vulnerability Scoring System (CVSS) score of 8.8. The flaw allows a remote attacker to execute arbitrary code inside the browser's sandboxed renderer process via a specially crafted HTML page, meaning a victim needs only to visit a malicious page for the exploit to trigger. A security researcher reported the vulnerability on February 11, 2026, and Google confirmed active in-the-wild exploitation two days later. Google has not disclosed whether exploitation has been targeted or opportunistic, and is withholding further technical detail until the majority of users are patched. This is the first Chrome zero-day confirmed exploited in 2026. Patched versions are 145.0.7632.75 for Windows and macOS, and 144.0.7559.75 for Linux. Users must restart the browser after updating for the fix to take effect. No attribution has been provided.<br> <br><b>Analyst Comment:</b> The critical detail here is that exploitation requires nothing more than a page load. No click, no download, no unusual user behaviour is needed, which lowers the bar considerably compared to vulnerabilities requiring deliberate user interaction. Delivery via phishing, malvertising, or a compromised legitimate site are all plausible vectors. Google has not confirmed whether exploitation has been targeted or opportunistic; that distinction matters, as opportunistic exploitation broadens exposure to any unpatched user browsing normally. The patch has been available since February 13, but a downloaded update that has not prompted a browser restart leaves the vulnerable code still running in memory. For defenders, this is a reminder that the browser is a primary attack surface for most users in most organisations, and restart compliance is a gap that is easy to overlook in fleet management. Verifying that affected endpoints have both received and applied the update through a confirmed restart should be the immediate priority. Finally, awareness outside the enterprise matters too. Defenders are encouraged to remind family and friends to update Chrome and restart their browser, as simple awareness can meaningfully reduce broader exposure.<br> </p> <h2 id="article-1"><a href="https://www.infosecurity-magazine.com/news/infostealer-targets-openclaw/" target="_blank" rel="noopener noreferrer">Infostealer Targets OpenClaw Configuration Files to Capture Credentials and User Context </a></h2> <p>(published: February 17, 2026)</p> <p> Researchers documented the first observed live attack in which an infostealer exfiltrated configuration files belonging to OpenClaw, a locally run agentic AI assistant formerly known as Clawdbot and Moltbot. The malware did not target OpenClaw specifically. Instead, it used a broad file-grabbing routine that swept for sensitive file extensions and directory names, including the .openclaw directory, and captured the platform's configuration files as a byproduct. The stolen data included openclaw.json, which held the victim's email address, workspace path, and a gateway authentication token that could allow an attacker to remotely connect to the victim's local OpenClaw instance or impersonate them in requests to the AI gateway. Also taken was device.json, containing the cryptographic public and private key pair used for device pairing and signing operations within OpenClaw. An attacker with the private key could potentially bypass device trust checks and access encrypted logs or connected cloud services. Finally, the malware captured memory files (soul.md, agents.md, memory.md), which likely contained daily activity logs, private messages, and calendar data. Researchers assessed the combined data could enable full compromise of the victim's digital identity, and warned that purpose-built infostealer modules targeting OpenClaw are likely to emerge as adoption grows. <br> <br><b>Analyst Comment:</b> Security researchers had flagged concerns about OpenClaw's permission model, insecure default settings, and plaintext storage of sensitive material before this incident occurred. This case confirms those reservations were well-founded. What makes this finding particularly significant is that the exfiltration required no specialist tooling and no OpenClaw-specific capability. A commodity infostealer, executing a routine file-grabbing function, inadvertently captured authentication tokens, cryptographic keys, and persistent personal context that together could enable broad compromise of a victim's digital identity. That should be a warning for defenders: the threat surface created by locally run AI agents already falls within the reach of existing malware, before purpose-built modules arrive. And they will. As adoption of agentic AI frameworks grows in professional environments, the incentive to develop targeted tooling increases. Organisations should treat AI agent configuration directories with the same security discipline applied to credential stores and secrets vaults. For most, formal policy on AI agent frameworks probably does not yet exist. Closing that gap now, through access controls, monitoring, and avoiding plaintext storage of secrets, is likely to become more urgent as the threat matures. <br> <br><b>MITRE ATT&amp;CK: </b> <a href="https://ui.threatstream.com/attackpattern/9794">T1119 - Automated Collection</a> | <a href="https://ui.threatstream.com/attackpattern/9802">T1005 - Data From Local System</a> | <a href="https://ui.threatstream.com/attackpattern/10014">T1552.001 - Unsecured Credentials: Credentials In Files</a> | <a href="https://ui.threatstream.com/attackpattern/9771">T1552.004 - Unsecured Credentials: Private Keys</a><br> </p> <h2 id="article-1"><a href="https://www.darkreading.com/mobile-security/supply-chain-attack-embeds-malware-android-devices " target="_blank" rel="noopener noreferrer">Supply Chain Attack Embeds Malware in Android Devices </a></h2> <p>(published: February 17, 2026)</p> <p> Researchers identified a previously undocumented Android backdoor, tracked as Keenadu, embedded in the firmware of tablets from multiple manufacturers. The malware was introduced during the firmware build process, before devices reached consumers. Because the compromised firmware images carried valid digital signatures, the affected device vendors are assessed as likely unaware of the infection. Once on a device, Keenadu loads itself into every running application, giving attackers broad, persistent control without any action required from the user. It functions as a loader, quietly downloading additional malicious modules from a remote server weeks after activation. Observed activity includes advertising fraud, browser search hijacking, and silent installation of applications. The malware does not activate on devices configured to Chinese language and time zone settings. In some cases, infected firmware was also pushed to users through routine over-the-air updates. Beyond firmware, Keenadu was found embedded in system applications and in trojanized apps on Google Play, where affected titles had accumulated over 300,000 downloads before removal. As of February 2026, researchers confirmed infections on over 13,000 devices across Russia, Japan, Germany, Brazil, and the Netherlands. Researchers also identified links between Keenadu and three established Android botnets: BADBOX, Triada, and Vo1d. Devices infected at the firmware level cannot be cleaned without a full firmware replacement.<br> <br><b>Analyst Comment:</b> Keenadu is significant not because of what it does, but because of where it sits. Firmware-level malware operates below the reach of standard mobile security controls, including antivirus tools, Google Play Protect, and factory resets. Valid digital signatures on the compromised firmware images mean infected devices likely passed routine integrity checks undetected, and in some cases clean-looking over-the-air updates delivered the infection after purchase. The confirmed infrastructure links between Keenadu, BADBOX, Triada, and Vo1d suggest this is not an isolated campaign. Researchers assess these families as likely connected, possibly representing a cluster of actors with a sustained focus on Android firmware and supply chain compromise at scale, though the full nature of those relationships remains unconfirmed. For most organisations, the immediate risk is proportionate to exposure: a low-cost Android tablet that only browses the internet presents a different risk profile to one that accesses corporate email, internal systems, or sensitive data. The harder question for defenders is whether existing mobile device management policies account for unverified firmware integrity, and whether low-cost Android devices in the environment, including those brought in informally, are accessing systems or data they should not be.<br> <br><b>MITRE ATT&amp;CK: </b> <a href="https://ui.threatstream.com/attackpattern/9641">T1195.003 - Supply Chain Compromise: Compromise Hardware Supply Chain</a> | <a href="https://ui.threatstream.com/attackpattern/9611">T1195.002 - Supply Chain Compromise: Compromise Software Supply Chain</a> | <a href="https://ui.threatstream.com/attackpattern/10113">T1574.006 - Hijack Execution Flow: Dynamic Linker Hijacking</a> | <a href="https://ui.threatstream.com/attackpattern/9591">T1027 - Obfuscated Files Or Information</a> | <a href="https://ui.threatstream.com/attackpattern/9829">T1480 - Execution Guardrails</a> | <a href="https://ui.threatstream.com/attackpattern/10089">T1497.001 - Virtualization/Sandbox Evasion: System Checks</a> | <a href="https://ui.threatstream.com/attackpattern/10000">T1497.003 - Virtualization/Sandbox Evasion: Time Based Evasion</a> | <a href="https://ui.threatstream.com/attackpattern/9956">T1082 - System Information Discovery</a> | <a href="https://ui.threatstream.com/attackpattern/10082">T1614 - System Location Discovery</a> | <a href="https://ui.threatstream.com/attackpattern/12873">T1614.001 - System Location Discovery: System Language Discovery</a> | <a href="https://ui.threatstream.com/attackpattern/9888">T1056.001 - Input Capture: Keylogging</a> | <a href="https://ui.threatstream.com/attackpattern/9945">T1185 - Man In The Browser</a> | <a href="https://ui.threatstream.com/attackpattern/9714">T1071 - Application Layer Protocol</a> | <a href="https://ui.threatstream.com/attackpattern/9621">T1132 - Data Encoding</a> | <a href="https://ui.threatstream.com/attackpattern/9638">T1105 - Ingress Tool Transfer</a> | <a href="https://ui.threatstream.com/attackpattern/10023">T1496 - Resource Hijacking</a><br> <b>Target Region:</b> Europe<br> <b>Target Country:</b> Russian federation<br> </p> <h2 id="article-1"><a href="https://www.theregister.com/2026/02/18/notepadplusplus_security_update/" target="_blank" rel="noopener noreferrer">Notepad++ Version 8.9.2 Hardens Update Process Following Supply Chain Attack</a></h2> <p>(published: February 18, 2026)</p> <p> Notepad++ has released version 8.9.2, which the project's author describes as making the update process "effectively unexploitable" following last year's supply chain attack attributed to the China-linked Lotus Blossom threat actor. The update closes the attack path exploited in that campaign by adding verification of the signed XML the application receives from the update server. Combined with the signed installer verification introduced in version 8.8.9, the process now independently validates both the update instructions and the installer payload before execution, a design the project calls "Double-Lock." Version 8.9.2 also hardens the auto-updater component, WinGUp. The libcurl.dll dependency was removed to prevent DLL side-loading, a technique where attackers substitute a legitimate library file with a malicious one to execute code within a trusted process. Plugin execution through the updater is now restricted to code signed with the same certificate as WinGUp, and two permissive TLS options that weakened encrypted communications, CURLSSLOPT_ALLOW_BEAST and CURLSSLOPT_NO_REVOKE, have been removed. Users who prefer to manage updates manually can exclude the auto-updater during installation or deploy via MSI.<br> <br><b>Analyst Comment:</b> Version 8.9.2 completes the remediation cycle initiated after the Lotus Blossom supply chain attack, closing both gaps that enabled the campaign: unverified update instructions and an unsigned installer payload. The more pressing concern for most organizations is inventory: Notepad++ is commonly deployed informally and may fall outside centralized patch management, meaning pre-8.8.9 instances could still be running in environments without visibility. Defenders should confirm all deployments are on version 8.9.2 and consider whether the auto-updater should remain enabled or be replaced with managed deployment using the MSI NOUPDATER=1 option. Defenders should treat the changes as a strong improvement rather than a verified guarantee, pending independent assessment.<br> </p> <h2 id="article-1"><a href="https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day" target="_blank" rel="noopener noreferrer">China-Nexus Actor UNC6201 Exploits Critical Dell RecoverPoint Zero-Day</a></h2> <p>(published: February 17, 2026)</p> <p> UNC6201, a suspected People's Republic of China-nexus threat cluster, has exploited CVE-2026-22769 (CVSSv3.0: 10.0) since at least mid-2024, according to research from Mandiant and Google Threat Intelligence Group (GTIG). The vulnerability affects Dell RecoverPoint for Virtual Machines, a continuous data protection and replication appliance widely deployed in enterprise VMware environments. The appliance ships with Apache Tomcat bundled internally to manage software deployment. Dell left hard-coded admin credentials in a Tomcat configuration file, allowing an attacker to authenticate to the management interface, upload a malicious deployment package, and execute commands as root without any legitimate authorisation. Because RecoverPoint sits deep within virtual infrastructure with privileged access to workloads across the environment and limited endpoint monitoring, its compromise provides significant lateral movement opportunities. Following access, UNC6201 deployed the SLAYSTYLE webshell and BRICKSTORM backdoor, before replacing BRICKSTORM with a newly identified backdoor, GRIMBOLT, in September 2025. GRIMBOLT is written in C# and compiled directly to machine code prior to execution, removing metadata commonly used to identify C# malware and improving performance on resource-constrained appliances. Both backdoors persist by modifying a legitimate boot script so they launch each time the appliance starts. UNC6201 also pivoted into VMware infrastructure by creating temporary hidden network ports on existing virtual machines. Dell has released remediation guidance; affected customers should follow the guidance in the official security advisory.<br> <br><b>Analyst Comment:</b> CVE-2026-22769 highlights a broader pattern of suspected China-nexus actors targeting edge and backup appliances that typically sit outside standard endpoint detection coverage. The root cause here was not a complex memory corruption flaw or a novel exploit chain - credentials that shipped with the product were never rotated or removed, leaving the management interface accessible to any actor who knew they existed. Organisations should treat this as a prompt to audit all network appliances and software for hardcoded or default credentials, particularly on management interfaces that may never have been reviewed post-deployment. Backup and replication infrastructure is frequently managed outside security team oversight and may lack meaningful logging, making it an attractive and low-risk target for persistent access. Organisations running RecoverPoint for Virtual Machines should apply Dell's remediation guidance immediately and hunt for indicators of compromise using published IOCs and YARA rules. The evolution from BRICKSTORM to GRIMBOLT suggests the actor monitored defensive activity and adapted tooling accordingly, indicating a patient and operationally aware threat cluster likely to remain active against similar infrastructure.<br> <br><b>MITRE ATT&amp;CK: </b> <a href="https://ui.threatstream.com/attackpattern/10012">T1190 - Exploit Public-Facing Application</a> | <a href="https://ui.threatstream.com/attackpattern/10004">T1078.001 - Valid Accounts: Default Accounts</a> | <a href="https://ui.threatstream.com/attackpattern/9869">T1505.003 - Server Software Component: Web Shell</a> | <a href="https://ui.threatstream.com/attackpattern/10115">T1037.004 - Boot or Logon Initialization Scripts: Rc Scripts</a> | <a href="https://ui.threatstream.com/attackpattern/9592">T1027.002 - Obfuscated Files or Information: Software Packing</a> | <a href="https://ui.threatstream.com/attackpattern/9583">T1205 - Traffic Signaling</a><br> <b>Source Country:</b> China<br> <b>Source Region:</b> Asia<br> </p> <h2 id="article-1"><a href="https://thehackernews.com/2026/02/grandstream-gxp1600-voip-phones-exposed.html" target="_blank" rel="noopener noreferrer">Grandstream VoIP Phones Exposed to Unauthenticated Remote Code Execution via Stack Buffer Overflow </a></h2> <p>(published: February 18, 2026)</p> <p> Researchers disclosed a critical unauthenticated stack-based buffer overflow vulnerability, tracked as CVE-2026-2329 (Common Vulnerability Scoring System version 4 score of 9.3), affecting all six models in the Grandstream GXP1600 Voice over Internet Protocol (VoIP) phone series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630, which share a common firmware image. The flaw exists in a web-based API endpoint, "/cgi-bin/api.values.get," exposed on TCP port 80 without authentication in the device's default configuration. The endpoint parses a colon-delimited "request" parameter by appending each character to a fixed 64-byte stack buffer in the gs_web binary without checking input length, allowing an attacker to overflow adjacent stack memory and gain control of execution flow. Exploitation is made more straightforward by the absence of stack canaries and Position Independent Executable (PIE) compilation in the binary, meaning two common mitigations that would otherwise hinder exploitation are not present. No Execute (NX) is enabled, so the attacker cannot run code directly from the stack, but this is bypassed using a Return Oriented Programming (ROP) chain, a technique that repurposes existing code already present in the binary. A Metasploit exploit module demonstrates full unauthenticated remote code execution with root privileges, and a companion post-exploitation module can extract stored local user and Session Initiation Protocol (SIP) account credentials from a compromised device. An attacker can also reconfigure the device to route calls through a malicious SIP proxy, enabling silent interception of VoIP audio. The vulnerability was reported to Grandstream on January 6, 2026, and a patch was made available in firmware version 1.0.7.81 on February 2, 2026.<br> <br><b>Analyst Comment:</b> The availability of a public Metasploit exploit module significantly lowers the skill threshold required to exploit CVE-2026-2329, making this a credible near-term risk for any organisation running unpatched GXP1600 series devices. Patching to firmware version 1.0.7.81 is the only full remediation and should be treated as urgent. Where immediate patching is not possible, restricting access to TCP port 80 on affected devices and ensuring they are not directly reachable from untrusted networks will reduce exposure in the interim. VoIP handsets are frequently absent from standard vulnerability management programmes and often sit on flat or lightly segmented networks, which increases the realistic impact of a vulnerability like this. The post-exploitation capability to extract SIP account credentials warrants particular attention; defenders should consider whether those credentials are reused elsewhere in their environment and rotate them on any device that cannot be confirmed as uncompromised. The ability to silently redirect calls through a malicious SIP proxy also extends the potential impact beyond typical endpoint compromise into the interception of voice communications, which may carry regulatory or confidentiality implications depending on the environment. Organisations should audit the network exposure of all VoIP infrastructure and ensure these devices are subject to the same patch management discipline applied to other networked assets.<br> <br><b>MITRE ATT&amp;CK: </b> <a href="https://ui.threatstream.com/attackpattern/10012">T1190 - Exploit Public-Facing Application</a> | <a href="https://ui.threatstream.com/attackpattern/9809">T1059.004 - Command and Scripting Interpreter: Unix Shell</a> | <a href="https://ui.threatstream.com/attackpattern/9593">T1552 - Unsecured Credentials</a> | <a href="https://ui.threatstream.com/attackpattern/9791">T1557 - Man-In-The-Middle</a> | <a href="https://ui.threatstream.com/attackpattern/9843">T1123 - Audio Capture</a><br> </p> <h2 id="article-1"><a href="https://www.darkreading.com/threat-intelligence/starkiller-phishing-kit-mfa" target="_blank" rel="noopener noreferrer">Starkiller PhaaS Framework Uses Live Reverse Proxying to Neutralize MFA Protections </a></h2> <p>(published: February 19, 2026)</p> <p> Researchers identified Starkiller, a phishing-as-a-service (PhaaS) framework sold openly by a threat group calling itself Jinkusu under a subscription model that includes monthly updates, documentation, and operator support via Telegram. Currently at version 6.2.4, the platform requires minimal technical skill: an operator pastes a brand's real URL into the control panel, and Starkiller spins up a Docker container running a headless Chrome browser instance that acts as a man-in-the-middle reverse proxy, forwarding all user inputs to the legitimate site and returning its responses in real time. Because victims authenticate directly with the real service through the proxy, submitted multi-factor authentication (MFA) codes and session tokens are captured and relayed live, granting attackers authenticated account access. The live-proxying approach also eliminates template drift, removing the need for operators to update phishing pages as impersonated brands update their real pages. Operator capabilities include keystroke logging, real-time session monitoring via an Active Targets dashboard, cookie and session token theft, geo-tracking, and automated Telegram credential alerts. A URL masking tool generates deceptive links using the "@" symbol technique combined with shorteners including TinyURL, is.gd, and v.gd, with keyword modifiers such as "login" or "security" available per campaign. Supported impersonation targets include Google, Microsoft, Facebook, Apple, Amazon, Netflix, PayPal, Instagram, and various banks. Additional advertised modules cover credit card and cryptocurrency wallet credential capture, fake browser update templates, and an EvilEngine Core obfuscation module. An email harvesting feature collects contact data from compromised sessions to support follow-on campaigns. Static page analysis, domain blocklisting, and reputation-based URL filtering are ineffective against the platform's dynamic, per-session page generation.<br> <br><b>Analyst Comment:</b> Starkiller is notable not because adversary-in-the-middle (AiTM) phishing is new, but because it packages the technique into a workflow that requires almost no technical skill to operate, likely expanding the pool of threat actors capable of running session-hijacking campaigns. The critical point for defenders is that MFA completion is no longer a reliable indicator of a legitimate session; Starkiller does not break MFA, the victim completes it against the real site, but the proxy captures the resulting session token in transit and grants the attacker authenticated access regardless. Standard controls including email gateway scanning, domain blocklisting, and page fingerprinting struggle here because Starkiller dynamically proxies the real login page with no static template to detect, and its per-session infrastructure generation means malicious destinations may not yet appear on any blocklist. The URL remains the primary giveaway, though the masking technique is designed to obscure it. Defenders should consider whether their tooling generates meaningful post-authentication signals at all, as detection approaches that cover anomalous logins, impossible travel, and session token reuse from unexpected locations are likely more effective than perimeter controls against this class of attack. The platform's versioned releases and active operator community suggest ongoing development, though the scale of real-world deployment is not quantified in available source material.<br> <br><b>MITRE ATT&amp;CK: </b> <a href="https://ui.threatstream.com/attackpattern/9883">T1566 - Phishing</a> | <a href="https://ui.threatstream.com/attackpattern/9791">T1557 - Man-In-The-Middle</a> | <a href="https://ui.threatstream.com/attackpattern/9888">T1056.001 - Input Capture: Keylogging</a> | <a href="https://ui.threatstream.com/attackpattern/10031">T1539 - Steal Web Session Cookie</a> | <a href="https://ui.threatstream.com/attackpattern/10024">T1550.004 - Use Alternate Authentication Material: Web Session Cookie</a><br> </p> <h2 id="article-1"><a href="https://thehackernews.com/2026/02/critical-flaws-found-in-four-vs-code.html" target="_blank" rel="noopener noreferrer">Critical Vulnerabilities Disclosed in Four Widely Used Visual Studio Code Extensions </a></h2> <p>(published: February 18, 2026)</p> <p> Researchers disclosed security vulnerabilities in four Visual Studio Code (VS Code) extensions, also confirmed to affect Cursor and Windsurf, with a combined download count exceeding 128 million. CVE-2025-65717 (Common Vulnerability Scoring System score: 9.1) affects Live Server (72 million downloads) and enables local file exfiltration by tricking a developer into visiting a malicious website while the extension is running, causing embedded JavaScript to extract files from the local development HTTP server at localhost:5500 and transmit them to an attacker-controlled domain. CVE-2025-65716 (CVSS: 8.8) affects Markdown Preview Enhanced (8.5 million downloads) and allows arbitrary JavaScript execution via a crafted markdown file, enabling local port enumeration and data exfiltration. CVE-2025-65715 (CVSS: 7.8) affects Code Runner (37 million downloads) and permits arbitrary code execution by convincing a user to modify the settings.json file through phishing or social engineering. A fourth vulnerability in Microsoft Live Preview (11 million downloads) allows sensitive file exfiltration via malicious website requests targeting localhost; Microsoft addressed this silently in version 0.4.16, released in September 2025, without issuing a CVE. Responsible disclosure was submitted to all affected maintainers in July and August 2025; none have responded, and CVE-2025-65717, CVE-2025-65716, and CVE-2025-65715 remain unpatched.<br> <br><b>Analyst Comment:</b> Developer machines commonly hold API keys, database credentials, internal configurations, and direct network access to organisational infrastructure, making them a high-value target. Assessment suggests that developer tooling has been increasingly targeted as an entry point into organisations, and this disclosure is consistent with that pattern. Three of the four vulnerabilities documented here remain unpatched with no fix timeline, as the extension maintainers did not respond to disclosure attempts made in July and August 2025 across email, GitHub, and social channels. Until patches are issued, removing the affected extensions is the most direct risk reduction measure available. The exploitation mechanic across the localhost-based vulnerabilities is worth noting from a detection perspective: a browser making JavaScript requests to a local development server and transmitting responses to an external domain can resemble normal developer activity. Endpoint controls may be present on developer machines, but organisations should not assume existing tooling is configured to detect this specific behaviour without validation. Defenders should audit VS Code, Cursor, and Windsurf extension inventories across developer endpoints, and remove or disable Live Server, Code Runner, and Markdown Preview Enhanced where not operationally required. Monitoring settings.json for unexpected modifications is an analyst-assessed detection opportunity specific to the Code Runner flaw, though this is not explicitly recommended in source material. More broadly, this case highlights a documented structural gap: widely adopted extensions with tens of millions of installs carry no mandatory patching obligations and no enforced accountability framework, a condition the researchers assess is not unique to these four extensions.<br> <br><b>MITRE ATT&amp;CK: </b> <a href="https://ui.threatstream.com/attackpattern/9784">T1189 - Drive-By Compromise</a> | <a href="https://ui.threatstream.com/attackpattern/9752">T1203 - Exploitation For Client Execution</a> | <a href="https://ui.threatstream.com/attackpattern/10112">T1059.007 - Command and Scripting Interpreter: Javascript</a> | <a href="https://ui.threatstream.com/attackpattern/9615">T1204.002 - User Execution: Malicious File</a> | <a href="https://ui.threatstream.com/attackpattern/49489">T1204.004 - User Execution: Malicious Copy and Paste</a> | <a href="https://ui.threatstream.com/attackpattern/10007">T1046 - Network Service Scanning</a> | <a href="https://ui.threatstream.com/attackpattern/9863">T1083 - File And Directory Discovery</a> | <a href="https://ui.threatstream.com/attackpattern/9802">T1005 - Data From Local System</a> | <a href="https://ui.threatstream.com/attackpattern/9742">T1048 - Exfiltration Over Alternative Protocol</a><br> </p> <h2 id="article-1"><a href="https://www.darkreading.com/application-security/attackers-new-tool-scan-react2shell-exposure" target="_blank" rel="noopener noreferrer">Attackers Use New Tool to Scan for React2Shell Exposure </a></h2> <p>(published: February 20, 2026)</p> <p> An unknown, possibly state-sponsored threat actor has deployed a toolkit named "ILovePoop" to probe tens of millions of IP addresses worldwide for systems vulnerable to React2Shell (CVE-2025-55182), a remote code execution (RCE) vulnerability in React Server Components first publicly disclosed on December 3, 2025. Research assessed that the actor is likely targeting government, defense, finance, and industrial organizations, with particular focus on the United States. Despite the toolkit's name, researchers characterize it as technically sophisticated, and assess the actor who authored the toolkit may differ from the one deploying it. IP addresses associated with React2Shell attacks were observed in network telemetry a median of 45 days before active exploitation, suggesting an extended reconnaissance phase. Tens of thousands of vulnerable instances remain internet-exposed, and the vulnerability has since been confirmed in ransomware campaigns. Patching is complicated by a dependency visibility problem: Next.js bundles React as a vendored package rather than a traditional dependency, meaning many standard scanning tools do not automatically flag affected installations as vulnerable to CVE-2025-55182.<br> <br><b>Analyst Comment:</b> Activity associated with this campaign suggests React2Shell has moved beyond opportunistic exploitation into more targeted, pre-planned attack activity, and organisations running Next.js or React Server Components should treat this as an active threat rather than a patching backlog item. The dependency visibility problem described above is a meaningful blind spot: standard scanning tools will likely not flag Next.js installations as vulnerable to CVE-2025-55182, meaning many organisations may be exposed without knowing it. Defenders should explicitly verify whether their scanning tooling detects this CVE and, if not, conduct a manual audit of their environment for Next.js and React Server Components deployments. The median of 45 days observed between reconnaissance activity and active exploitation suggests that organisations whose internet-facing assets have already been probed may be within an active targeting window. Any observed scanning activity against React Server Components endpoints should be treated as a potential precursor to exploitation rather than background noise. The confirmation of CVE-2025-55182 in ransomware campaigns indicates the vulnerability is being adopted across different threat actor types, broadening the risk beyond the possibly state-sponsored actor described here. Attribution remains an assessment rather than a confirmed finding.<br> <br><b>MITRE ATT&amp;CK: </b> <a href="https://ui.threatstream.com/attackpattern/10163">T1595.002 - Active Scanning: Vulnerability Scanning</a> | <a href="https://ui.threatstream.com/attackpattern/10012">T1190 - Exploit Public-Facing Application</a> | <a href="https://ui.threatstream.com/attackpattern/9848">T1008 - Fallback Channels</a> | <a href="https://ui.threatstream.com/attackpattern/39616">T1496.001 - Resource Hijacking: Compute Hijacking</a><br> </p> </div> </div>