Threat Alerts

Google Chrome patched 18 vulnerabilities, including four rated Critical. Two WebGL use-after-free flaws could enable memory corruption through specially crafted web content, potentially allowing attackers to escape the browser sandbox when chained with additional vulnerabilities. The remaining Critical issues affect Blink’s InterestGroups component and Autofill, introducing out-of-bounds read and use-after-free conditions that may lead to information disclosure, renderer compromise, or arbitrary code execution within the browser process.

The two WebGL issues are tracked as CVE-2026-13028(CVSS Score 9.8) and CVE-2026-13032(CVSS Score 9.8) and arise from use-after-free memory corruption triggered by crafted HTML and graphics content. The additional Critical vulnerabilities, CVE-2026-13033(CVSS Score 9.1), an out-of-bounds read in Blink’s InterestGroups component, and CVE-2026-13038(CVSS Score 9.8), a use-after-free flaw in Autofill, could be exploited to leak process memory or achieve code execution within the browser renderer. Although no active exploitation has been confirmed, browser vulnerabilities of this class are frequently chained together to bypass security boundaries and achieve full host compromise.

A multi-stage steganographic malware campaign has been observed delivering Remcos RAT alongside additional malware families, providing attackers with persistent remote access, credential theft, and a platform for follow-on activity. The use of steganography, staged payload delivery, and DLL sideloading complicates detection by concealing malicious components within seemingly benign files and delaying payload execution.

The infection chain begins with phishing emails distributing archive attachments containing decoy documents and image or media files embedded with encrypted payloads. Subsequent stages extract and execute hidden content, abuse DLL sideloading techniques to evade detection, and deploy Remcos RAT or additional malware modules capable of command execution, system reconnaissance, credential theft, persistence, and data exfiltration. The modular delivery chain enables operators to adapt the final payload according to operational objectives.

The campaign demonstrates continued use of layered execution chains and steganographic payload concealment to bypass traditional security controls.

A newly identified backdoor, active since April 2026, has been deployed across multiple cybercrime intrusions and shows potential ties to ransomware deployment operations. The tool has been observed in attacks that ultimately delivered ransomware, with the associated threat actor publicly linked to several major ransomware groups including Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta.
The actor behind this activity operates primarily as an initial access broker, meaning its goal is not to deliver the final payload itself, but to establish durable remote access within enterprise environments and sell that access to ransomware affiliates. Its traffic distribution system runs largely through compromised websites, which are used to deliver social-engineering lures that have evolved over time — from fake error and CAPTCHA prompts, to commands pasted into the Windows File Explorer address bar, to browser crash simulations — all designed to trick users into executing malicious code. Once a command runs, a multi-stage scripting chain downloads and unpacks a portable Python environment to launch the remote access tooling, followed by extensive reconnaissance using built-in Windows utilities, Active Directory enumeration, and credential harvesting, with persistence established through multiple redundant mechanisms masquerading as legitimate remote-access software.
The backdoor itself is side-loaded through a legitimate executable and loaded via a DLL name associated with endpoint-security tooling, helping it blend in with trusted software. It runs payloads entirely in memory with nothing written to disk, and includes a built-in kill switch allowing it to delete itself — features consistent with an operator seeking long-term, low-visibility access. The use of custom tools in ransomware-related attacks is becoming more common, and this backdoor fits that trend — likely developed by access brokers working alongside ransomware affiliates rather than a ransomware group itself, pointing to a technically capable actor that may continue refining its toolset and expanding the range of ransomware operations it supports.

A newly discovered macOS backdoor, attributed with high confidence to North Korean threat actors, combines credential theft, remote access and advanced evasion techniques while introducing prompt injection capabilities designed to manipulate AI-assisted security analysis tools. The malware establishes persistence by masquerading as a legitimate system service, deploys a hidden scripting component and downloads a standalone interpreter from a public repository to ensure execution regardless of the host configuration. Once active, it collects browser data, login keychains, terminal histories, running process information and system hardware details before communicating with attackers through a messaging platform’s bot API, enabling remote command execution, file transfers and process management over encrypted channels.

Beyond traditional espionage capabilities, the malware embeds large volumes of fabricated system messages formatted as trusted markdown instructions to perform prompt injection attacks against AI-powered malware analysis and triage pipelines. These deceptive prompts attempt to manipulate AI tools into terminating or refusing analysis by simulating conditions such as expired authentication tokens, memory exhaustion or other operational failures, while the malware simultaneously removes authentication tokens from error logs to hinder forensic investigations. The combination of credential theft, stealthy remote access, encrypted command-and-control communications and prompt injection-based AI evasion reflects an emerging shift in attacker tradecraft, demonstrating that AI-driven security tools are increasingly becoming targets alongside traditional defensive technologies.

A large-scale malware campaign is leveraging compromised WhatsApp accounts to distribute malicious VBScript attachments, targeting users across Asia, Europe, Oceania and South America. The highest concentration of observed victims has been reported in Southeast Asia although the campaign remains active globally. Once executed, the malicious VBScript initiates a multi-stage infection chain that ultimately installs legitimate Remote Monitoring and Management (RMM) software, providing attackers with persistent remote access to compromised systems. The campaign primarily targets individual users through opportunistic attacks rather than focusing on specific organizations or industry sectors.
The attackers use compromised WhatsApp accounts to send malicious attachments directly to contacts, relying on existing trust relationships to increase the likelihood of execution. The VBScript files are disguised as legitimate business and financial documents, including invoices, bank statements, account summaries and debt notices, with filenames localized into multiple languages to support regional targeting. Upon execution, the script creates a working directory, retrieves additional payloads from attacker-controlled infrastructure, attempts to modify Windows User Account Control (UAC) settings to obtain elevated privileges and silently installs the RMM software using supplied configuration and certificate files, preventing users from noticing the installation. By combining trusted messaging platforms, convincing social engineering and legitimate remote administration tools, the campaign enables attackers to establish persistent remote access while minimizing detection by conventional security solutions.

Edgecution is a newly observed attack framework that abuses Microsoft Edge extensions and Chrome Native Messaging to bypass browser sandboxing, establish persistent host-level access, and deploy a Python-based backdoor. The framework has been assessed as a potential precursor to ransomware operations due to its remote code execution capabilities and persistent access.

The attack chain begins with Microsoft Teams–based social engineering, directing victims to a fake update portal where they are instructed to execute PowerShell, AutoHotKey, or script-based payloads. Execution installs a malicious Edge extension alongside a native messaging manifest, unpacks an embedded Python runtime, and launches Edge in headless mode to bridge browser activity with the local backdoor. Communications are established over WebSockets to CloudFront-hosted infrastructure, while persistence is achieved through scheduled tasks, registry modifications, native messaging manifests, and locally staged Python components.

Once established, the framework enables arbitrary command execution, PowerShell invocation, file system access, process enumeration, and system reconnaissance. Because the malicious extension operates within a headless browser and leverages legitimate Chrome Native Messaging functionality, the activity may evade traditional browser-focused security controls.