Daily Digest

CISA Mandates Edge Device Purge Amid Wave of Zero-Day Exploits and Sophisticated Supply Chain Attacks

CISA Mandates Edge Device Purge Amid Wave of Zero-Day Exploits and Sophisticated Supply Chain Attacks

February 9, 2026
8 articles (7 new, 1 updated)
24 min read

Summary

This cybersecurity brief for February 9, 2026, covers a critical period marked by aggressive state-sponsored attacks and widespread vulnerabilities. Key developments include a CISA directive forcing federal agencies to remove unsupported edge devices, the rapid exploitation of a Microsoft Office zero-day by Russia's APT28, and a sophisticated supply chain attack on Notepad++ attributed to a Chinese APT. Further incidents include a crippling ransomware attack on the BridgePay payment gateway and the discovery of critical zero-days in Ivanti and BeyondTrust products, highlighting urgent risks across government, finance, and technology sectors.

Filter by Category

New Articles (7)

New '0APT' Extortion Group Fakes Data Breach in Bluff Attack on Australian Hospital

MEDIUM

Fake Ransomware Group '0APT' Targets Epworth HealthCare with Extortion Bluff

A new extortion group calling itself '0APT' has targeted Australia's Epworth HealthCare, claiming to have stolen 920GB of sensitive patient and financial data. The group listed the hospital on its darknet leak site on February 4, 2026, threatening to publish the data if a ransom was not paid. However, Epworth HealthCare conducted a thorough investigation with external cybersecurity experts and found "no verified evidence of any impact to our systems or data." Cybersecurity researchers have corroborated this, assessing that 0APT is likely a "fake" ransomware operation. The group's modus operandi involves posting a high volume of victims without providing credible proof of a breach, instead using empty files or random data streams. This tactic relies on psychological pressure and the threat of reputational damage to extort payment, representing a shift from technical intrusion to pure intimidation.

February 9, 2026
5 min read
0APTRansomwareExtortionBluff AttackHealthcare +2 more
New '0APT' Extortion Group Fakes Data Breach in Bluff Attack on Australian Hospital

KillSec Ransomware Group Claims Attack on Nigerian Tech Startup Getly

MEDIUM

Nigerian Startup Getly Targeted by KillSec Ransomware Group

The ransomware group known as KillSec has claimed responsibility for a cyberattack on Getly, a Nigerian technology startup. On February 9, 2026, the group posted the claim on its platform, stating it had breached the company and exfiltrated sensitive data. KillSec has threatened to leak the stolen information if its unspecified ransom demands are not met. Getly, which operates the `getly.app` domain, has not yet publicly commented on the alleged breach, and the claims have not been independently verified. The incident highlights the global reach of ransomware gangs and the increasing risk they pose to startups and small businesses in emerging markets, not just large enterprises.

February 9, 2026
4 min read
KillSecRansomwareNigeriaStartupCybercrime
KillSec Ransomware Group Claims Attack on Nigerian Tech Startup Getly

Australia Post Phishing Scam Harvests Credit Card and OTP Data

MEDIUM

Phishing Campaign Impersonating Australia Post Aims to Steal Payment Data and One-Time Passcodes

A widespread phishing campaign is actively targeting Australians by impersonating Australia Post. Cybersecurity firm MailGuard intercepted the scam on February 9, 2026, which uses emails with the subject line "Parcel Awaiting Instructions." The emails claim a delivery has failed due to an incomplete address and trick recipients into clicking a link to pay a small, fraudulent shipping fee of 1.99 AUD. The link leads to a sophisticated, multi-stage credential harvesting site designed to look like an official Australia Post portal. The site first captures the victim's full credit card details and phone number, and then, in a final crucial step, prompts for the one-time passcode (OTP) sent to their mobile. This allows the attackers to authorize fraudulent transactions immediately. The sender's email address is a clear giveaway, and users are advised to be vigilant.

February 9, 2026
5 min read
PhishingAustralia PostScamCredential HarvestingOTP Theft +1 more
Australia Post Phishing Scam Harvests Credit Card and OTP Data

AI Supply Chain Attack: Hundreds of Malicious 'Skills' on ClawHub Marketplace Steal Credentials

HIGH

Supply Chain Attack Hits OpenClaw AI Ecosystem via Malicious 'Skills' on ClawHub

A significant software supply chain attack is targeting users of the OpenClaw AI assistant through its community marketplace, ClawHub. Security researchers have discovered hundreds of malicious 'skills'—add-ons that extend the AI's functionality—that have been published by threat actors. These skills masquerade as useful tools, such as wallet trackers or content summarizers, but their installation instructions trick users into downloading malware. The primary payloads include the Atomic Stealer infostealer for macOS and other backdoors and keyloggers for Windows. The attack leverages the trusted, open-source nature of the marketplace, which lacked a formal review process for submissions. In response to the discovery by KOI Security and SlowMist, the OpenClaw team has partnered with VirusTotal to automatically scan all skills uploaded to ClawHub to prevent further abuse.

February 9, 2026
5 min read
Supply Chain AttackAIArtificial IntelligenceOpenClawClawHub +2 more
AI Supply Chain Attack: Hundreds of Malicious 'Skills' on ClawHub Marketplace Steal Credentials

'Bloody Wolf' APT Deploys NetSupport RAT in Espionage Campaign

HIGH

'Bloody Wolf' APT Targets Russia and Uzbekistan with NetSupport RAT in Financial and Espionage Attacks

Security researchers have uncovered an active spear-phishing campaign attributed to the threat actor 'Bloody Wolf' (also tracked as Stan Ghouls). The campaign targets organizations primarily in Uzbekistan and Russia, with a focus on manufacturing, finance, and IT sectors, though government and other entities have also been targeted. The attackers use phishing emails with password-protected ZIP archives containing a malicious LNK file. When executed, this file downloads and installs the legitimate remote administration tool, NetSupport RAT, which gives the attackers full control over the victim's system. The motives appear to be mixed, pointing towards both financially motivated cybercrime and state-aligned cyber espionage. This campaign marks a shift in tooling for the group, which previously used the STRRAT malware.

February 9, 2026
5 min read
Bloody WolfAPTNetSupport RATSpear-phishingUzbekistan +2 more
'Bloody Wolf' APT Deploys NetSupport RAT in Espionage Campaign

China-Linked UNC3886 Hits All Major Singapore Telcos in Coordinated Zero-Day Attack

CRITICAL

Coordinated Espionage Campaign by UNC3886 Targets All Major Singapore Telecommunication Providers

Singaporean authorities have revealed that all four of the nation's major telecommunication providers were targeted in a sophisticated and coordinated cyber espionage campaign. The attack is attributed to UNC3886, a Chinese-linked advanced persistent threat (APT) group known for targeting critical infrastructure. The attackers exploited a zero-day vulnerability in the telcos' perimeter firewalls to gain initial access. Once inside, the group stole a limited amount of technical data and used advanced techniques to evade detection. While the attackers have not yet penetrated the core networks, officials noted their capability to deploy tools that could disrupt internet and telecommunications services. In response, Singapore has launched one of its largest-ever coordinated cyber defense operations, involving government agencies and the affected telcos working together to hunt for the intruders and harden national infrastructure.

February 9, 2026
5 min read
UNC3886APTZero-DaySingaporeTelecommunications +2 more
China-Linked UNC3886 Hits All Major Singapore Telcos in Coordinated Zero-Day Attack

BeyondTrust Patches Critical 9.9 CVSS RCE Zero-Day in Remote Access Tools

CRITICAL

BeyondTrust Patches Critical 9.9 CVSS Zero-Day (CVE-2026-1731) in Remote Support and Privileged Remote Access Products

BeyondTrust has patched a critical zero-day vulnerability, CVE-2026-1731, affecting its self-hosted Remote Support (RS) and Privileged Remote Access (PRA) products. The flaw is a pre-authentication remote code execution (RCE) vulnerability with a CVSS score of 9.9, indicating extreme severity. It allows an unauthenticated attacker to execute arbitrary OS commands on a vulnerable appliance by sending a specially crafted network request, requiring no user interaction. This could lead to a full server compromise. The vulnerability affects RS versions 25.3.1 and earlier, and PRA versions 24.3.4 and earlier. BeyondTrust has already secured its cloud instances, but is urging all on-premise customers to upgrade to the patched versions immediately. The flaw was discovered and responsibly disclosed by a security researcher.

February 9, 2026
5 min read
BeyondTrustCVE-2026-1731Zero-DayRCEVulnerability +2 more
BeyondTrust Patches Critical 9.9 CVSS RCE Zero-Day in Remote Access Tools

Updated Articles (1)

CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

CRITICAL

Ivanti Issues Emergency Patches for Two Critical, Actively Exploited RCE Vulnerabilities in Endpoint Manager Mobile (EPMM)

Update:

The European Commission is investigating a cyberattack on its MDM system, suspected to be linked to the Ivanti EPMM zero-days (CVE-2026-1281, CVE-2026-1340). The Dutch Authority for the Protection of Personal Data and a Finnish government agency (Valtori) have confirmed breaches affecting employee data and up to 50,000 users, respectively, due to these vulnerabilities. Security watchdog Shadowserver has identified over 50 compromised Ivanti EPMM servers worldwide, indicating widespread active exploitation. Ivanti has also released an integrity checker tool and IOCs to aid detection.

January 30, 2026
Updated: February 9, 2026
5 min read
Zero-DayRCERemote Code ExecutionMobileIronMDM +2 more
CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.