Latest Interesting Cybersecurity News of the Week Summarised – 09-02-2026

I go through about 25 cybersecurity news portals and blogs every week and pull out the most interesting stories. Then I turn them into this short, digestible summary, so you can stay up to date without trying to follow 25 different sources yourself. 😱

My aim is to create a summary that gives you the gist without needing to open up the source article. But if you do want to dig deeper, all the sources covering the event are linked below each story.

If you enjoy these, come back next Monday

scroll to the bottom to subscribe to the e-mail newsletter.

1. Malicious ClawdBot AI Skills Distribute Crypto-Stealing Malware

Security researchers have uncovered 386 malicious AI “skills” published to ClawHub and GitHub between January 27 and February 2 that masquerade as crypto-trading tools but deliver a NovaStealer payload targeting macOS and Windows. 
By exploiting social engineering—urging users to download ZIPs or execute base64-encoded commands from C2 IP 91.92.242.30—attackers harvest exchange API keys, wallet seeds, SSH credentials, browser passwords and other high-value artifacts.

Key Details

• There is no evidence that the skills listed in the ClawdBot ClawHub are scanned by any security tooling. Many of the payloads we found were visible in plain text in the first paragraph of the SKILL.md file.
• First wave: 28 skills (Jan 27–29); second wave: 386 variants (Jan 31–Feb 2) all pointing at 91.92.242.30 C2 server.
• Major contributor “hightower6eu” posted 354 variants with 7,000+ downloads of malicious updaters, CLI tools and trading assistants.
• Payload: NovaStealer-like Mach-O/PE binary stealing crypto wallets, API keys, SSH keys, browser credentials and cloud secrets.
• Skills remain online at official ClawHub/GitHub; platform maintainers confirm no intention of removal of these malicious skills after the security review.

Next Steps

• For now don’t use OpenClawd with any real data or credentials. 
• Audit and remove all ClawdBot/ClawHub skills not explicitly vetted.

Read more at OpenSourceMalware

2. Notepad++ update infrastructure hijacked by Chinese state-sponsored APT for 6 months

The popular open-source editor Notepad++ had its update infrastructure compromised for six months starting June 2025, when 
a China-linked APT group broke into its hosting provider, selectively redirecting update traffic to deliver a sophisticated 
backdoor (“Chrysalis”). The attack evaded detection by blending into normal developer activity and exploiting missing 
enterprise tracking of unlicensed utilities. 

Key Details

• Attack ran June–Dec 2025 after hosting provider’s shared server was breached and credentials stolen.
• Targeted update traffic was redirected to attacker-controlled servers hosting an NSIS installer with Chrysalis backdoor.
• Rapid7 identified 16 command capabilities and use of Cobalt Strike, Metasploit and Microsoft Warbird loaders.
• Notepad++ migrated to a new provider and upgraded WinGup to verify certificates and enforce signatures by v8.9.2.

Next Steps

• Enforce cryptographic checks on update manifests and installers.
• Enforce strict vendor reviews for free software like Notepad++ as well

Read more at CSO Online, The Hacker News

3. AI-Driven Attack Achieves AWS Admin Control in Under 8 Minutes

Threat actors leveraged exposed AWS credentials and large language models to automate reconnaissance, privilege escalation, lateral movement and resource abuse, achieving full administrative control of an AWS environment in under eight minutes.

Key Details

• Initial access: valid IAM keys exposed in public S3 buckets containing AI model data.
• Privilege escalation: attackers injected malicious code into a Lambda function with overly permissive execution role to generate new admin credentials.
• Lateral movement: compromised 19 distinct AWS principals by assuming roles and creating backdoor users.

Next Steps

• Deploy runtime detection for large-scale IAM enumeration and automated reconnaissance.

Read more at CSO Online

4. GlassWorm Targeting MacOS Compromises Four VSCode Extensions with 22000 downloads

A recent supply chain compromise saw attackers hijack a trusted publisher on the Open VSX registry to push malicious updates to four VS Code extensions with over 22,000 downloads. 


The GlassWorm loader—targeting macOS—decrypts a staged payload at runtime to steal browser cookies, crypto wallets, SSH keys, AWS credentials and more, using Solana transaction memos as a dynamic command-and-control channel.

Key Details

• Oorzc publisher account compromised; malicious updates pushed Jan 30 to FTP/SFTP/SSH Sync Tool, I18n Tools, vscode mindmap and scss-to-css-compile extensions
• Loader filters for macOS and non-Russian locales, decrypts payload and retrieves C2 instructions via Solana transaction memos
• Harvests Firefox/Chrome cookies, Safari data, desktop crypto wallets, macOS keychain, Apple Notes and developer secrets (SSH/AWS/GitHub tokens)
• Achieves persistence via a LaunchAgent entry to ensure execution at login and continuous exfiltration

Next Steps

• Rotate all publishing tokens, SSH keys, AWS, npm and other developer credentials
• Scan macOS hosts for unfamiliar LaunchAgents (e.g., com.user.nodestart.plist) and remove GlassWorm artifacts
• Audit CI/CD pipelines and Git repositories for unauthorized commits or modified build jobs

Read more at Cyber Security News, BleepingComputer.com, SecurityWeek, Dark Reading

5. Multiple Critical Vulnerabilities Expose n8n Automation Platform to Server Compromise

Six new flaws in n8n, including four rated critical (CVSS 9.4), enable remote code execution,
command injection, file access and sandbox escape in shared deployments. Exploits can
compromise host credentials, secrets and business logic, putting multi-user and cloud
instances at high risk.

Key Details

• Upwind researchers disclosed six vulnerabilities spanning RCE, command injection, arbitrary file read and XSS in n8n’s sandbox and Git node.
• Four issues (CVE-2026-21893, CVE-2026-25049, CVE-2026-25052, CVE-2026-25053) carry CVSS 9.4; an XSS flaw scores 8.5, and an info-leak in task runners scores 7.7.
• Pillar Security separately demonstrated a sandbox-escape bypass (CVE-2026-25049) that yields full server takeover, exposing environment variables, API keys and OAuth tokens.
• Both n8n version 2.4.0 (self-hosted) and 1.121.3 (authenticated RCE patch) address these flaws; cloud customers should verify managed instances are updated.

Next Steps

• Apply n8n updates (v2.4.0 or later, and v1.121.3) immediately.
• Restrict workflow-editing permissions to trusted users.
• Segment n8n servers from critical networks and monitor access logs.
• Use least privilege principle when granting n8n access to other systems

Read more at CSO Online, SecurityWeek, CybersecurityNews.com

6. Asia-Based APT TGR-STA-1030 Breaches Governments and Infrastructure in 37 Countries

State-aligned group TGR-STA-1030 has compromised 70 government and critical infrastructure
networks across 37 countries and conducted reconnaissance against 155 more between November and December 2025.
The threat actor uses tailored phishing, N-day vulnerability exploits, a dual-stage Diaoyu loader with
sandbox guardrails and a unique Linux eBPF rootkit “ShadowGuard” to maintain stealth and persistence.

Key Details

• Successful breaches include national police, border control, finance ministries, parliaments and telcos.
• Diaoyu loader checks for ≥1440px resolution, pic1.png file and five specific AV processes before payload execution.
• ShadowGuard eBPF rootkit hides up to 32 PIDs, conceals “swsecret” files and intercepts syscalls at kernel level.
• Supporting tools: Cobalt Strike, VShell, Havoc, SparkRat, Behinder and Godzilla web shells, GOST and FRPS tunnels.

Next Steps

• Harden email defenses against phishing lures 
• Continuous phishing training.

Read more at Palo Alto Networks Unit 42, The Hacker News, SecurityWeek

Subscribe

Subscribe to receive this weekly cybersecurity news summary to your inbox every Monday.