CISA Warns of Actively Exploited SmarterMail RCE; Asian APT Hits 70 Orgs; 'Shai-Hulud' Worm Automates Supply Chain Attacks

Publication Date: February 7, 2026

Summary

This cybersecurity brief for February 7, 2026, covers multiple critical threats. CISA has added a SmarterMail RCE vulnerability (CVE-2026-24423) to its KEV catalog due to active exploitation in ransomware attacks. A massive year-long cyber-espionage campaign by an Asian APT group, TGR-STA-1030, has compromised at least 70 government and critical infrastructure organizations across 37 nations. Additionally, a new self-propagating worm, 'Shai-Hulud,' is automating software supply chain attacks by stealing developer credentials to infect npm packages. Other major developments include CISA's new directive to remove unsupported edge devices from federal networks and the discovery of new malware strains like Odyssey Stealer, Milkyway Ransomware, and the covert Pulsar RAT.

Today New Articles

Transparent Tribe (APT36) Shifts Focus, Targeting Indian Startups with Crimson RAT

The Pakistan-aligned APT group Transparent Tribe (also known as APT36) has strategically shifted its targeting from Indian government and military entities to the country's growing startup sector. A new campaign, identified by researchers, uses the group's sig...

Ransomware Gangs Like LockBit and BlackCat Use Legitimate ISP Software for Anonymous Server Provisioning

Researchers at Sophos have discovered how bulletproof hosting (BPH) providers are abusing legitimate server management software from ISPsystem to anonymously provision virtual machines for cybercriminals. The software, VMmanager, leaves a default hostname fing...

Aggressive Odyssey Stealer Malware Campaign Targets macOS Users Globally

A new and aggressive campaign featuring the Odyssey Stealer malware is actively targeting Apple macOS users across the globe. Initially focused on the US and Europe, the attack's reach expanded within 24 hours to South America, Africa, and Asia. Odyssey Steale...

Attackers Abuse Windows Screensaver (.scr) Files to Drop RMM Tools for Persistent Access

A novel attack technique has been observed where threat actors are abusing Windows screensaver (.scr) files as droppers for legitimate remote monitoring and management (RMM) tools. By tricking users into executing a malicious screensaver file, attackers can by...

Evolving Telegram Phishing Campaign Tricks Users into Approving Account Takeover

A sophisticated phishing campaign targeting Telegram users has re-emerged, using the platform's own features to hijack accounts. As reported by CYFIRMA, the attack tricks users with fake security alerts, directing them to a malicious site or bot that mimics an...

Ransomware Attacks on Education Sector Slowed in 2025, But U.S. Remains Top Target

A 2025 report from Comparitech indicates a slowdown in the growth of ransomware attacks against the global education sector. There were 251 attacks recorded worldwide, a slight 2% increase from the previous year. These incidents resulted in at least 3.96 milli...

Article Updates

CISA: Critical SmarterMail RCE Flaw Actively Exploited in Ransomware Attacks

Update:The vulnerable API endpoint for CVE-2026-24423 is more precisely identified as '/api/v1/settings/sysadmin/connect-to-hub', and the vulnerability is classified as CWE-306. This is the third SmarterMail flaw in KEV, following CVE-2025-52691 and CVE-2026-23760. N...