AI-powered attacks are evading EDR via steganography, AV abuse, and automation, forcing a shift toward combined NDR and EDR defenses.
Get the latest international news and world events from around the world.
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware.
The Microsoft App-V script acts as a living-off-the-land binary that proxies the execution of PowerShell through a trusted Microsoft component to disguise the malicious activity.
Microsoft Application Virtualization is an enterprise Windows feature that allows applications to be packaged and run in isolated virtual environments without being actually installed on the system.
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft has released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability exploited in attacks.
The security feature bypass vulnerability, tracked as CVE-2026–21509, affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft 365 Apps for Enterprise (the company’s cloud-based subscription service).
However, as noted in today’s advisory, security updates for Microsoft Office 2016 and 2019 are not yet available and will be released as soon as possible.
Cloudflare misconfiguration behind recent BGP route leak
Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic.
The BGP system helps route data across different networks called autonomous systems (AS) that send it to destination through smaller networks on the internet.
The incident was caused by an accidental policy misconfiguration on a router and affected external networks beyond Cloudflare customers.
EU launches investigation into X over Grok-generated sexual images
The European Commission announced today that it has launched formal proceedings under the Digital Services Act to investigate whether X properly assessed risks before deploying its Grok artificial intelligence tool, following its use to generate sexually explicit images.
The commission noted that these potential risks “seem to have materialised,” seeing that the AI-powered tool was used to create “manipulated sexually explicit images, including content that may amount to child sexual abuse material.”
“Sexual deepfakes of women and children are a violent, unacceptable form of degradation,” said EU tech commissioner Henna Virkkunen. “With this investigation, we will determine whether X has met its legal obligations under the DSA, or whether it treated rights of European citizens — including those of women and children — as collateral damage of its service.”
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server.
The security flaw (CVE-2026–24061) impacts GNU InetUtils versions 1.9.3 (released 11 years ago in 2015) through 2.7 and was patched in version 2.8 (released on January 20).
“The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter,” explained open-source contributor Simon Josefsson, who reported it.
6 Okta security settings you might have overlooked
What worked six months ago may no longer be sufficient to protect against today’s threats.
This article outlines six fundamental Okta security best practices that form the backbone of a resilient identity security program.
Beyond implementing these settings, continuous security posture monitoring for Okta (and the rest of your SaaS ecosystem) with a tool like Nudge Security can help you stay ahead of emerging threats and maintain a robust security posture as your environment grows and changes.
Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
The defense mechanisms that NPM introduced after the ‘Shai-Hulud’ supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies.
Collectively called PackageGate, the vulnerabilities were discovered in multiple utilities in the JavaScript ecosystem that allow managing dependencies, like pnpm, vlt, Bun, and NPM.
Researchers at endpoint and supply-chain security company Koi discovered the issues and reported them to the vendors. They say that the problems were addressed in all tools except for NPM, who closed the report stating that the behavior “works as expected.”