From cloud infrastructure to developer workstations and end-user inboxes, threat actors are increasingly blending into trusted ecosystems: a China-linked Linux malware called VoidLink is infiltrating major cloud platforms such as AWS, Google Cloud, and Azure using advanced stealth techniques to steal credentials and evade detection. Meanwhile, a DPRK-attributed campaign is posing as LinkedIn recruiters to lure developers into cloning malicious repositories through VS Code task hijacking, application logic hooks, and weaponized npm dependencies. In parallel, hackers are abusing fake PayPal alert phishing emails to harvest credentials and deploy legitimate RMM tools like LogMeIn Rescue and AnyDesk. Catch up on more critical cybersecurity stories from the past 24 hours.
01
A new China-linked Linux malware, VoidLink, is targeting major cloud platforms, including AWS, Google Cloud, and Azure, using advanced stealth techniques to infiltrate cloud environments, steal credentials, and evade detection.
02
A DPRK-linked malware campaign is using fake LinkedIn profiles to lure developers into cloning malicious repositories, leveraging VS Code task hijacking, application logic hooks, and malicious npm dependencies for infection.
03
A new ransomware group, DeadLock, is using a technique known as EtherHiding to embed malicious instructions within Polygon smart contracts, enabling stealthy, blockchain-based communication with victims that is difficult to track.
04
An attack technique called “Reprompt” allows attackers to embed malicious prompts in seemingly legitimate URLs, potentially bypassing Microsoft Copilot safeguards to hijack an LLM session and exfiltrate sensitive data after a single user click.
05
Hackers are using fake PayPal alert phishing campaigns to steal credentials and deploy legitimate RMM tools such as LogMeIn Rescue and AnyDesk to evade detection and maintain persistent access.
06
A malware campaign is exploiting a DLL sideloading flaw in ahost.exe bundled with Git for Windows, using malicious DLLs disguised as legitimate files to deliver payloads such as AgentTesla, FormBook, DCRat, and XWorm while evading detection.
07
Elastic has patched four Kibana vulnerabilities, including a high-severity flaw (CVE-2026-0532, CVSS 8.6) that could enable file theft and SSRF, along with three medium-severity issues that can cause DoS via resource exhaustion and improper input validation.
08
A command-injection flaw (CVE-2026-22718) in the end-of-life Spring CLI VSCode extension allows local attackers to execute arbitrary commands, impacting all versions up to 0.9.0.
09
Palo Alto Networks has addressed a high-severity DoS vulnerability (CVE-2026-0227) in its GlobalProtect Gateway and Portal software, which could allow unauthenticated attackers to crash firewalls.
10
Vulnerabilities in three open-source AI/ML Python libraries (NeMo, Uni2TS, and ml-flextok) developed by NVIDIA, Salesforce, and Apple have been identified that enable RCE through malicious metadata embedded in model files.
