ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories

A new stealer called MicroStealer has been observed targeting education and telecom sectors to steal sensitive data. It was first observed in the wild in December 2025. “It specializes in stealing browser credentials, active session data, screenshots, cryptocurrency wallets, and system information,” ANY.RUN said. “It spreads quickly with low detection rates thanks to a sophisticated multi-stage delivery chain and exfiltrates data via Discord webhooks and attacker-controlled servers.”

The Federal Trade Commission (FTC) and location data broker Kochava said they agreed to a settlement in which the company and its subsidiary Collective Data Solutions would be blocked from selling, sharing, or disclosing sensitive location data without consumers’ explicit consent. The company was found to be illegally obtaining and selling consumers’ yearly incomes, mobile device IDs, app usage, and nearly real-time geolocation data within 10 meters without their consent or awareness. While the proposed order does not impose a fine on Kochava, the company is required to establish a data retention schedule that will mandate consumers’ data be deleted in a predetermined time frame.

Proton has added support for post-quantum encryption as an optional feature in Proton Mail. “Once enabled, Proton Mail can generate and use post-quantum-ready keys for new encrypted emails to protect your personal messages and business communications against today’s threats and a future where current public-key cryptography may no longer be enough,” the Swiss privacy-focused company said. “Enabling PQC helps protect new encrypted emails going forward. It does not retroactively re-encrypt the emails already in your mailbox, for now.”

pnpm 11 has been released with new supply chain protections in place, including defaulting the minimum release age to 24 hours to reduce the risk of installing compromised packages and blocking exotic sub-dependencies that resolve from non-standard sources, such as Git repositories or direct tarball URLs. “Newly published package versions are not resolved until they are at least one day old. Teams can opt out by setting minimumReleaseAge: 0, but pnpm’s default posture now favors a built-in waiting period before fresh package releases enter installs,” Socket said. With most package compromise campaigns relying on automated installs to expand their reach, the new effort aims to reduce the risk of packages getting installed immediately after publication.

South Korea’s highest court has upheld the one-year prison term for a man, identified as Oh Dae-hyun, who hired an unnamed North Korean cybercriminal to conduct attacks against rival game servers in exchange for a payment of more than $16,300 between October 2014 and March 2015. Per details revealed by NK News last November, the defendant operated an illegal online game server for Lineage and sought access to a file that would allow him to bypass the game’s security system and enable users to play the game at a lower cost. To obtain the file, the defendant is said to have communicated with a North Korean cyber actor via the Chinese messaging app QQ. The court also found Oh recruiting the same North Korean national to conduct distributed denial-of-service (DDoS) attacks on rival gaming servers. Per court documents, the North Korean national is a head of the development team at a trading company under the Workers’ Party of Korea. The company is also believed to have been involved in the creation and sale of DDoS attack programs and cyberterrorism tools to generate revenue for Pyongyang.

Two security vulnerabilities have been disclosed in Eclipse BaSyx V2 that pose a severe risk to industrial environments. The vulnerabilities in question are CVE-2026-7411 (CVSS score: 10.0), an unauthenticated path traversal flaw that could be exploited to write arbitrary files, leading to code execution, and CVE-2026-7412 (CVSS score: 8.6), a blind SSRF flaw that forces the BaSyx server to act as a proxy and execute HTTP POST requests to arbitrary internal or external targets. The issues have been patched in version 2.0.0-milestone-10. “By chaining or utilizing these flaws, an external attacker can completely bypass network segmentation,” Mohamed Lemine Ahmed Jidou, security researcher and founder of AegisSec, told The Hacker News. “The compromised Digital Twin server can be weaponized to pivot internally and send unauthorized commands directly to isolated Programmable Logic Controllers (PLCs) and industrial sensors, posing a direct threat to physical manufacturing lines.”

Attack surface management platform Censys said it has observed less than 100 exposed MOVEit Automation web admin interfaces globally, with nearly two-thirds of hosts located in the U.S. The development comes in the aftermath of CVE-2026-4670 (CVSS score: 9.8), a critical authentication bypass flaw in MOVEit Automation that could potentially result in CVE-2026-4670 is a critical authentication bypass vulnerability in MOVEit Automation that could result in unauthorized access, administrative control, and data exposure.

A new analysis of VECT 2.0 ransomware binaries has uncovered multiple critical flaws in both full and intermittent encryption modes, making data recovery impossible even if a ransom payment is made. “VECT’s FULL encryptor contains an insufficient memory allocation flaw that restricts successful encryption to files 32 KB or smaller,” Halcyon said. “VECT’s intermittent mode discards the nonces for all encrypted segments except the final one, retaining only the last 12-byte nonce in the file footer. The decryption algorithm requires the unique nonce for each segment, all segments preceding the final block are cryptographically unrecoverable by the victim and the attacker alike.” What’s more, a race condition vulnerability exists in the multi-threaded encryption implementation that causes files to be renamed with the .vect extension without their contents being encrypted. In some cases, the contents of one file is saved and renamed as a different file name, or two different files are encrypted and saved with the same name, potentially resulting in the loss of one file. “These issues collectively undermine the reliability and repeatability of the Vect2.0 encryption and renaming logic,” Halcyon said.

Oracle said it will supplement the quarterly Critical Patch Update (CPU) fixes with monthly security releases focused on high-priority vulnerabilities, citing the increased pace of AI-assisted vulnerability disclosures stemming from the adoption of AI models like Anthriopic Mythos to aid with code analysis, security testing, and vulnerability detection. Several vendors like Microsoft, SAP, Adobe, andGoogle (for Android) already release patches on a monthly cadence, most of which occur on the second Tuesday of each month. Oracle’s release cycle, however, will be on the third Tuesday of each month. The first monthly Critical Security Patch Updates (CSPUs) will arrive on May 28, 2026. “CSPUs provide targeted fixes for critical vulnerabilities in a smaller, more focused format, allowing customers to address high-priority issues without waiting for the next quarterly release,” Oracle said. “Security depends on identifying vulnerabilities quickly and applying fixes just as quickly.”

Scammers are sending tens of thousands of fraudulent text messages to mobile users across 12 countries, impersonating transport authorities, toll operators, and parking services, as part of a new mass smishing campaign, per Bitdefender Labs. The active campaign, called Operation Road Trap, has been active since December 2025. More than 79,000 fraudulent messages have already been detected in 40 distinct SMS scam campaigns. Countries targeted include the U.S., Canada, Australia, New Zealand, France, Spain, Colombia, Brazil, India, the U.K., Ireland, and Luxembourg. “All messages share a common goal: to persuade recipients to pay a fake fine, hand over sensitive information, or install spyware,” the company said. “At this stage, there’s no confirmed link tying these campaigns together, beyond a shared theme of messages about unpaid tolls, parking violations, or traffic fines.” The activity has not been attributed to a specific threat actor or group.

Meta has updated its infrastructure used for protecting end-to-end encrypted backups for WhatsApp and Messenger using a hardware security module (HSM)-based Backup Key Vault with two updates: over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. “The vault is deployed as a geographically distributed fleet across multiple datacenters, providing resilience through majority-consensus replication,” Meta said. “To verify the authenticity of the HSM fleet, clients validate the fleet’s public keys before establishing a session. In WhatsApp, these keys are hardcoded into the application. To support Messenger – where new HSM fleets need to be deployed without requiring an app update – we built a mechanism to distribute fleet public keys over the air as part of the HSM response.”

Guardio has detailed a phishing campaign that’s delivered through Google sponsored search results and aims to steal credentials for ManageWP, GoDaddy’s WordPress admin platform, using an adversary-in-the-middle (AitM) phishing page. “The ad click first hits a cloaker, then flips real users to a fake ManageWP login while too easily dodging Google’s inspection of who authorized this sponsored search result,” Guardio said. “Attacker gets real-time login attempts to Telegram and controls it all from their C2. They log in to the victims’ accounts on their end while orchestrating a fake login flow on the victim’s screen.”

Five malicious NuGet packages published under the account bmrxntfj have been found to typosquat widely used Chinese .NET UI and infrastructure libraries. “Each package grafts a .NET Reactor protected infostealer payload onto a decompiled copy of a legitimate open source library,” Socket said. “The stealer targets saved credentials across 12 browsers, 8 desktop cryptocurrency wallets, 5 browser wallet extensions and exfiltrates to a newly-registered C2 domain.” The packages, IR.DantUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core, IR.iplus32, and IR.OscarUI,have been collectively downloaded approximately 65,000 times.

Details have emerged about five now-patched, critical vulnerabilities in Salesforce Marketing Cloud that could be exploited to leak the entire contacts DB via a template injection and even access all emails ever sent using the service. The vulnerabilities have been assigned the identifiers: CVE-2026-22585, CVE-2026-22586, CVE-2026-22582, CVE-2026-22583, and CVE-2026-2298. The issues were fixed by Salesforce on January 24, 2026, following responsible disclosure by Searchlight Cyber. There is no evidence that the flaws were exploited to obtain unauthorized access to or misuse of customer data.

Unmanned Aerial Systems (UAS) and aviation sectors in Russia, Tajikistan, Central Asia, Europe, and the Middle East are the target of a new campaign that uses spear-phishing lures to deliver ZIP archives containing a Rust-based executable (along with multiple decoy documents), which displays one of the lure documents, fingerprint the system, and contacts an attacker-controlled domain to fetch and execute a next-stage payload. The activity, codenamed Operation Silent Rotor, has not been attributed to any known threat actor. “The campaign uses realistic aviation-related documents to gain the victim’s trust, with content linked to the ‘Unmanned Aviation 2026’ forum in Moscow,” Seqrite Labs said. “The delivered malware is a Rust-based executable that collects system information, communicates with a remote server over encrypted HTTPS, and downloads a second-stage payload for execution.”

A new multi-stage malware campaign has employed layered obfuscation and trusted Windows components to achieve stealthy execution and persistence, ultimately leading to the deployment of Vidar Stealer. The initial infection vectors for Vidar have leveraged various methods to deceive unsuspecting users: fake CAPTCHA or ClickFix pages, free game cheats, legitimate-but-compromised sites, and fake or trojanized GitHub repositories disguised as legitimate utilities, cracked software, or leaked development tools. In one case detailed by Point Wild, the entry point is a Go-compiled dropper binary that extracts and deploys a VBScript file, which contains embedded PowerShell code to continue the infection chain. “The PowerShell script connects to a remote IP-based server and downloads the next-stage payload, which is delivered in JPEG and TXT file formats used as disguised carriers for malicious content or staged payload data rather than conventional executables,” the company said. “These files are further processed to retrieve or reconstruct the final payload, ultimately leading to Vidar execution.”

A new analysis from web privacy expert Alexander Hanff has found that Google Chrome installs a 4GB on-device AI model file to disk without users’ consent. It is a weights file associated with Gemini Nano. If a user deletes the file, it’s automatically re-downloaded unless the “on-device AI” setting is turned off. Google noted in October 2025 that the “Gemini Nano model is automatically deleted if the device’s free disk space drops below a certain threshold” and is “purged if an enterprise policy disables the feature, or if a user hasn’t met other eligibility criteria for 30 days.” The company also said the on-device AI model is used for scam detection, tab organization, and summarization. Last month, the researcher detailed the various browser fingerprinting techniques (e.g., WebGL, WebGPU, CNAME cloaking, link decoration, and canvas fingerprinting, among others) used by online trackers and how Chrome doesn’t do anything to block them. In all, Chrome ships with over 30 active fingerprinting vectors, 23 distinct storage and tracking mechanisms, no native CNAME cloaking protection, and no fingerprinting defenses of any kind. It’s worth mentioning that Google abandoned its plans to deprecate third-party tracking cookies in Chrome after a six-year effort called Privacy Sandbox.

An attacker with administrative privileges can gain access to Microsoft Edge user passwords even when they’re not in use by taking advantage of the fact that the browser stores them in cleartext in process memory. An attacker could exploit this behavior to create a memory dump of Edge’s “browser” sub-task via the Windows Task Manager. Security researcher Tom Jøran Sønstebyseter Rønning, who revealed the issue, said: “When you save passwords in Edge, the browser decrypts every credential at startup and keeps them, resident in process memory. This happens even if you never visit a site that uses those credentials. At the same time, Edge requires you to re-authenticate before showing those same passwords in the Password Manager UI – yet the browser process already has them all in plaintext.” Further testing has revealed that Edge is the only Chromium-based browser that exhibits this behavior, which Microsoft has described as by design to speed up the sign-in process. Unlike Edge, other browsers built on Chromium encrypt credentials only when needed, instead of keeping all passwords in memory at all times. It’s worth noting that to pull off a successful attack, a threat actor must have already compromised the device by some other means. A similar method to extract cleartext credentials directly from Chromium’s memory was demonstrated by CyberArk in 2022. As VX-Underground noted in a post on X: “This method is interesting, I like the research performed, however, it isn’t something super critical. If you’re using this method in an enterprise environment, then that company has been completely compromised down to the bone, and they’ve got much larger issues.”

U.S. cybersecurity officials are considering sharply shorter deadlines for fixing critical flaws in government IT systems, amid concerns bad actors could exploit them using artificial intelligence tools, Reuters reported. Under the new proposal, the deadline for patching vulnerabilities added to the Known Exploited Vulnerabilities (KEV) catalog would be slashed from three weeks to three days. According to a Flashpoint study, the time between vulnerability disclosure and exploitation has plunged 94% over the past five years. The time to exploit (TTE) dropped from 745 days in 2020 to just 44 days last year, dramatically reducing the time security and IT teams have to patch. This phenomenon has exacerbated in recent months, with threat actors attempting to exploit newly disclosed flaws within 24 hours of public disclosure. “At face value, three days is aggressive. Traditional patching workflows involve change control, testing, and stakeholder sign-off, and compressing them into 72 hours runs counter to how most enterprises actually operate,” Ryan Dewhurst, watchTowr’s head of threat intelligence, told The Hacker News. ” But the trend over recent months has been unambiguous. Exploitation of emerging threats is accelerating, and industry data consistently shows high-impact vulnerabilities being weaponized far faster than a 3-day window would allow. CISA’s shift to a 3-day deadline is a candid acknowledgment of how little time defenders actually have, balanced against the operational realities that still make patching complex. The uncomfortable truth: if you need three days, you’re already operating behind the threat.”

The Securities and Exchange Board of India (SEBI) has released an advisory, stating the emergence of tools like Mythos “may give rise to heightened risk exposure by enabling identification and potential exploitation of existing vulnerabilities using speed and scale,” adding “it may also introduce concerns relating to data confidentiality, application integrity, and reliability of outputs.” SEBI said it’s also establishing a cyber task force to examine the cybersecurity risks posed by AI models and devise a mitigation strategy, facilitate threat intelligence sharing, flag vulnerabilities that could impact the securities markets, and review third-party vendors for their cybersecurity posture.

Anthropic CEO Dario Amodei has warned that AI has created a narrow window of about six to 12 months for organizations across the world to fix tens of thousands of software vulnerabilities found by its AI model before Chinese AI catches up. The development comes as AI models like Anthropic Mythos are being used to find vulnerabilities in widely used software, including over 270 flaws in Mozilla Firefox. An evaluation of Mythos and OpenAI GPT-5.5 has revealed that both models are capable of solving multi-step cyber attack simulations end-to-end. According to Axios, the U.S. National Security Agency has been testing the model despite the Pentagon’s insistence that the company poses a supply chain risk. The release of Mythos and OpenAI’s GPT-5.4-Cyber has also raised concerns that it could outpace current cybersecurity defenses, turbocharge exploit development, and expose weaknesses faster than they can be fixed. OpenAI also released its own advanced cyber model with similar capabilities. The worries stem from the dual-use nature of these systems, as the same capability that helps defenders identify hundreds of flaws can be turned against them if they end up in the wrong hands. Late last month, Bloomberg reported that a “small group of unauthorized users” had had access to Mythos through a third-party contractor that works for Anthropic since the day the model was officially announced. “These capabilities, however guardrailed, will not stay contained. Similar advances will appear across other major AI labs, Chinese models, and open source models,” Palo Alto Networks said. “Attackers will find the seams in those guardrails. They will use advanced AI to discover zero-day vulnerabilities at scale, generate exploits in near real time, and develop autonomous attack agents unlike anything the industry has faced.”

A new analysis from Zimperium has uncovered that Android malware-driven financial transactions have increased 67% year-on-year. The mobile security company said it tracked 34 active malware families targeting 1,243 financial brands across 90 countries in 2025. TsarBot, Copybara, and HOOK are the top three malware families that collectively target more than 60% of the global banking and fintech apps analyzed. “The U.S. has the highest concentration of targeted apps globally, with 162 banking applications under active targeting, up from 109 in 2023,” the company said. “Nearly half of the malware families analyzed have financial extortion capabilities, including ransomware capabilities, allowing attackers to encrypt files on the device.”

Bryan Fleming, the founder of the surveillance tool pcTattletale, was sentenced to time served and a $5,000 fine for operating stalkerware that allowed users to secretly keep tabs on victims. This case marks the first federal conviction of a spyware developer in more than a decade and signals a potential shift in how the government prosecutes creators of intrusive tracking technology. Fleming pleaded guilty earlier this January. pcTattletale shut down in 2024 after suffering a data breach. Other actions announced by the U.S. Department of Justice include the indictment of Jonathan Spalletta, a Maryland resident, in connection with theft of more than $50 million from decentralized cryptocurrency exchange Uranium Finance in 2021, leading to its shutdown; the extradition of Gavril Sandu, a Romanian national, to the U.S. for his alleged role in a voice phishing scheme; and the sentencing of Latvian national Deniss Zolotarjovs, a member of the Karakurt group, to 102 months in prison for his involvement in a series of ransomware attacks and extort payments from more than 54 companies. Zolotarjovs was extradited to the U.S. in August 2024.

Bad actors have been observed taking over subdomains for the Massachusetts Institute of Technology, Harvard, Stanford, Johns Hopkins, and dozens of other universities to post explicit porn spam that Google indexed under the trusted “.edu” domains. The attack was carried out by hijacking DNS records that the universities had abandoned.

Malvertising campaigns on Google Search are using lures for Antigravity to direct users to a fake website that serves a trojanized installer designed to deliver a stealer malware capable of harvesting sensitive data from the compromised system. Similar campaigns have leveraged Google Ads to serve fake landing pages for Claude to deliver MacSync infostealer on macOS. The activity has been codenamed Claude Fraud. In another campaign spotted by Malwarebytes, fake websites impersonating legitimate services like Proton VPN, code hosting platforms, and free web hosting providers such as onworks[.]net are being used to stage malicious payloads that deliver a new Rust-based infostealer dubbed NWHStealer. “Once installed, it can collect browser data, saved passwords, and cryptocurrency wallet information, which attackers may use to access accounts, steal funds, or carry out further attacks,” the company said. A new evolution of the Browser runtime to distribute the stealer. The use of fake websites as lures has been observed in two other campaigns: a fake website promoting a tool called TradingClaw that acts as a delivery vehicle for a stealer codenamed Needle Stealer and a typosquatting website impersonating Slack that’s used to drop a modified installer. The executable, besides launching a working copy of Slack, sets up a HVNC session for remote attackers to browse, access accounts, and interact with the system.