Daily Digest

Russian Hackers Target Polish Grid, Multiple Supply Chain Attacks, and Two Critical Zero-Days Under Active Exploitation

Russian Hackers Target Polish Grid, Multiple Supply Chain Attacks, and Two Critical Zero-Days Under Active Exploitation

February 2, 2026
9 articles (4 new, 5 updated)
27 min read

Summary

This edition covers a series of high-impact cybersecurity events for February 2nd, 2026. Key developments include a destructive but failed wiper attack on Poland's energy sector by the Russian-linked Sandworm group. The software supply chain remains a primary target, with attacks compromising both eScan antivirus update servers and the Open VSX marketplace. Concurrently, Microsoft and Fortinet are racing to patch critical, actively exploited zero-day vulnerabilities in Office and FortiGate firewalls, respectively. Other major stories include the rise of AI-assisted malware and phishing, a new stealthy RAT, and a significant data breach at an AI social network.

Filter by Category

New Articles (4)

Open VSX Marketplace Hit by Supply Chain Attack Spreading "GlassWorm" Malware

HIGH

Compromised Developer Account Used to Inject GlassWorm Malware into Popular Open VSX Extensions

On January 30, 2026, the Open VSX Registry, a popular marketplace for Visual Studio Code extensions, fell victim to a supply chain attack. Threat actors compromised the account of a legitimate developer, 'oorzc', and published malicious updates to four of their popular extensions. These updates embedded the 'GlassWorm' malware loader. The compromised extensions had been downloaded over 22,000 times, exposing a large number of developers to the malware before the malicious versions were removed by the Open VSX security team.

February 2, 2026
4 min read
supply chainVS Codedeveloper toolsmalware loaderOpen VSX +1 more
Open VSX Marketplace Hit by Supply Chain Attack Spreading "GlassWorm" Malware
Supply Chain Attack
Malware
Cloud Security

New "Pulsar RAT" Evades Detection with In-Memory Execution and LoTL Techniques

MEDIUM

Stealthy 'Pulsar RAT' Windows Malware Campaign Uses In-Memory Execution for Evasion

Security researchers have uncovered a new, stealthy Remote Access Trojan (RAT) targeting Windows systems, named 'Pulsar RAT'. This modular, .NET-based malware utilizes a multi-stage infection chain that heavily relies on in-memory execution and living-off-the-land techniques to evade detection. It features advanced anti-analysis capabilities, including anti-VM and anti-debugging checks. Once active, Pulsar RAT provides operators with live, interactive control for credential harvesting and data exfiltration, using legitimate services like Discord and Telegram for command-and-control.

February 2, 2026
4 min read
RATmalware.NETin-memoryliving-off-the-land +2 more
New "Pulsar RAT" Evades Detection with In-Memory Execution and LoTL Techniques
Malware
Threat Intelligence

Warning: Malicious ChatGPT Chrome Extensions Steal Session Tokens to Hijack Accounts

MEDIUM

Malicious ChatGPT Chrome Extensions Discovered Stealing Session Tokens and User Data

Researchers have identified 16 malicious Google Chrome extensions that masquerade as helpful tools for OpenAI's ChatGPT. Once installed, these extensions inject malicious scripts into the ChatGPT web application. The scripts are designed to monitor outbound requests, intercept sensitive data such as authorization details and session tokens, and exfiltrate them to an attacker-controlled server. This allows the attackers to hijack active user sessions, granting them full access to the victim's account and chat history.

February 2, 2026
4 min read
browser extensionsession hijackingChatGPTdata theftChrome +1 more
Warning: Malicious ChatGPT Chrome Extensions Steal Session Tokens to Hijack Accounts
Malware
Phishing
Cloud Security

AI Social Network "Moltbook" Breach Exposes 1.5M API Keys and 29k User Emails

HIGH

Moltbook AI Social Network Breach Exposes 1.5 Million API Keys and User Data

A significant data breach at the AI-focused social network 'Moltbook' has exposed 1.5 million API keys, 29,000 user emails, and other sensitive data tables. The investigation, conducted by security firm Wiz, not only uncovered the data exposure but also revealed systemic security flaws, such as a lack of rate-limiting on agent registration. The breach also provided a skewed insight into the platform's user base, showing that its 1.5 million 'agents' were owned by only 17,000 human users. Moltbook has since deployed fixes to secure the exposed data.

February 2, 2026
4 min read
data breachAPI securityrate limitingAIsocial media +2 more
AI Social Network "Moltbook" Breach Exposes 1.5M API Keys and 29k User Emails
Data Breach
Cloud Security

Updated Articles (5)

Fortinet Scrambles to Fix Actively Exploited SSO Auth Bypass (CVE-2026-24858) Hijacking Devices

CRITICAL

Fortinet Addresses Critical Authentication Bypass Vulnerability (CVE-2026-24858) in FortiCloud SSO

Update:

Fortinet has confirmed that CVE-2026-24858 is a zero-day vulnerability, with active exploitation first observed on January 20, 2026. Attackers successfully compromised FortiGate firewalls, even those running the latest firmware at the time, by exploiting the FortiCloud SSO flaw to create new local administrator accounts. This provides attackers with persistent and privileged access, highlighting the critical need for immediate patching and thorough compromise hunting. The vulnerability's low attack complexity and lack of user interaction make it particularly dangerous.

January 28, 2026
Updated: February 2, 2026
5 min read
FortinetCVE-2026-24858authentication bypassSSOCISA KEV +2 more
Fortinet Scrambles to Fix Actively Exploited SSO Auth Bypass (CVE-2026-24858) Hijacking Devices
Vulnerability
Cyberattack
Patch Management

New Iran-Linked 'RedKitten' Group Targets Human Rights NGOs with AI-Suspected Malware

MEDIUM

Farsi-Speaking Threat Actor 'RedKitten' Uses Sophisticated Malware in Espionage Campaign Against Human Rights Activists

Update:

Further analysis of the RedKitten campaign identifies the C# implant as 'SloppyMIO'. Initial access is now confirmed via password-protected Excel spreadsheets, a technique used to bypass email gateway scanning. The malware employs advanced evasion tactics including steganography to hide its configuration and AppDomain Manager injection for stealthy execution. Persistence is achieved through scheduled tasks. These new technical details highlight increased sophistication and evasiveness, making detection and mitigation more challenging for targeted human rights NGOs and activists.

February 1, 2026
Updated: February 2, 2026
5 min read
RedKittenIranEspionageMalwarePhishing +3 more
New Iran-Linked 'RedKitten' Group Targets Human Rights NGOs with AI-Suspected Malware
Threat Actor
Malware
Phishing

Microsoft Office Zero-Day Under Active Attack Bypasses Security Features

CRITICAL

Microsoft Scrambles to Patch Actively Exploited Office Zero-Day (CVE-2026-21509)

Update:

Microsoft has confirmed that its internal threat intelligence teams were responsible for discovering the active exploitation of CVE-2026-21509, leading to the urgent out-of-band patch. Further details clarify the attack complexity as low with no privileges required, though user interaction is still necessary. New observables include monitoring for 'mshta.exe' spawned by Office applications. Detection methods are refined to include URL and File Analysis (D3-UA, D3-FA) for email gateways, and remediation guidance now specifies deployment via WSUS or Configuration Manager. No specific threat actor has been named.

January 29, 2026
Updated: February 2, 2026
6 min read
zero-dayOLEsecurity feature bypassout-of-band patchKEV
Microsoft Office Zero-Day Under Active Attack Bypasses Security Features
Vulnerability
Patch Management
Cyberattack

AI to Overtake Human Error as Top Cause of Breaches, Experian Predicts

INFORMATIONAL

Experian Forecasts AI-Driven Attacks and Synthetic Identities to Dominate 2026 Threat Landscape

Update:

The Catalan Cybersecurity Agency's 'Cybersecurity Outlook Report for 2026' reveals 82.6% of malicious emails now leverage generative AI, validating earlier predictions about AI weaponization. This significantly increases the sophistication and success rate of phishing, making scams 'almost perfect' and harder for users to identify. The report emphasizes the need for AI-powered defenses, updated user training, MFA, and browser isolation to combat this widespread threat, which has lowered the barrier to entry for criminals and increased attack scale.

January 13, 2026
Updated: February 2, 2026
5 min read
Artificial IntelligenceAIThreat ForecastSynthetic IdentityPolymorphic Malware +1 more
AI to Overtake Human Error as Top Cause of Breaches, Experian Predicts
Threat Intelligence
Policy and Compliance

Attacks on Industrial Environments Doubled in 2025, Report Warns

HIGH

Industrial Control Systems Face Escalating Cyber Threats as Attacks on IT/OT Environments Nearly Doubled in 2025

Update:

A new Forescout Vedere Labs report, analyzing 900 million attacks in 2025, confirms a dramatic 84% increase in attacks leveraging OT-specific protocols like Modbus. Crucially, it highlights that 71% of exploited vulnerabilities are not listed in CISA's KEV catalog, challenging current prioritization strategies. This finding suggests a broader attack surface than previously understood, requiring organizations to adopt more comprehensive, risk-based vulnerability management beyond KEV lists. The report reinforces the escalating threat to industrial and IoT environments, emphasizing the need for enhanced network monitoring and device hardening.

January 16, 2026
Updated: February 2, 2026
7 min read
ICSOT SecuritySCADAHMICritical Infrastructure +2 more
Attacks on Industrial Environments Doubled in 2025, Report Warns
Industrial Control Systems
Cyberattack
Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats