Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.
For more articles, check out our #onpatrol4malware blog.
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
Source: The Hacker News
Cybersecurity researchers have identified a campaign exploiting a critical security flaw in Langflow to distribute the Flodrix botnet malware. This involves CVE-2025-3248, a missing authentication flaw in Langflow, allowing attackers to execute downloader scripts on compromised servers to install Flodrix. Read more.
Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub
Source: TREND MICRO
Water Curse is a newly discovered threat actor using weaponized GitHub repositories to spread multistage malware. The malware enables data exfiltration, including credentials and browser data, and poses a significant supply chain risk, particularly affecting cybersecurity professionals, game developers, and DevOps teams reliant on open-source tools. Read more.
Tycoon 2FA: An Evolving Phishing Kit Powering PhaaS Threats
Source: SOCRadar
Cybercriminals are using Tycoon 2FA in recent phishing campaigns to create deceptive login pages that mimic trusted services like Microsoft 365. This Phishing-as-a-Service kit allows attackers to bypass Multi-Factor Authentication by stealing session cookies, granting unauthorized access to accounts despite existing security measures. Read more.
PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
Source: The Hacker News
Cybersecurity researchers have identified several npm packages laced with malware, capable of executing remote code and downloading additional malicious payloads. Although these packages, including eslint-config-airbnb-compat, ts-runtime-compat-check, solders, and @mediawave/lib, have been removed from the registry, they were downloaded hundreds of times before their removal. Read more.
Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper
Source: TREND MICRO
Anubis is a rising Ransomware-as-a-Service (RaaS) operation that uniquely combines file encryption with an optional “wipe mode” feature, allowing for permanent file deletion if the ransom is not paid. It operates a versatile affiliate program with negotiable revenue shares, enabling further monetization through data extortion and access sales. Read more.
Microsoft confirms auth issues affecting Microsoft 365 users
Source: BLEEPING COMPUTER
Microsoft is currently investigating an issue with M365 authentication features. It’s affecting users’ experiences, specifically causing errors during self-service password resets and when managing authentication methods. Administrators are also facing difficulties adding MFA sign-in methods. Read more.
Understanding Katz Stealer Malware and Its Credential Theft Capabilities
Source: PICUS
Katz Stealer is a newly discovered information-stealing MaaS, featuring aggressive credential theft, system fingerprinting, and stealthy persistence methods. This analysis explores its infection chain, obfuscation techniques, credential theft mechanisms, C2 behavior, and persistence strategies, providing key IOCs and insights for effective detection and defense. Read more.
Password-spraying attacks target 80,000 Microsoft Entra ID accounts
Source: BLEEPING COMPUTER
Hackers have used the TeamFiltration pentesting framework to target over 80,000 Microsoft Entra ID accounts globally, with the campaign reaching its peak on January 8 by attacking 16,500 accounts in just one day. Researchers from Proofpoint have attributed this activity, which began last December and has compromised numerous accounts, to a threat actor known as UNK_SneakyStrike. Read more.
Google suffers cloud outage, causing disruptions for OpenAI, Shopify and other services
Source: CNBC
Google’s cloud faced widespread outages on Thursday, affecting many major internet services, with disruptions starting at 10:51 a.m. PT. By Thursday evening, Kurian confirmed on X that all services were fully operational again. Read more.
GhostVendors Exposed: Silent Push Uncovers Massive Network of 4000+ Fraudulent Domains Masquerading as Major Brands
Source: SILENT PUSH
Threat analysts at Silent Push have uncovered the “GhostVendors” scam, involving online ads that impersonate major brands and spoof real products across thousands of fraudulent websites. This operation, spanning over 4,000 domains, poses a significant threat to social networks, well-known brands, advertising firms, and consumers globally. Read more.