CTO at NCSC Summary: week ending February 8th
Nation-state threat actors exploit end-of-support (EOS) edge devices -ncluding, but not limited to, load balancers, firewalls, routers, and virtual private network (VPN) gateways
Welcome to the weekly highlights and analysis of the blueteamsec (and my wider reading). Not everything makes it in, but the best bits do.
Operationally this week nothing overly of note…
In the high-level this week:
Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle? - UK National Cyber Security Centre guides - “Ultimately, CSPM represents a foundational piece of a broader cloud strategy, designed to operate alongside other security controls and to integrate with existing business processes. It’s not a silver bullet that can solve all cloud security problems, but when a good CSPM tool is used effectively, it can provide organisations with the information they need to make informed and data-driven decisions about the security posture of their cloud estate.”
Reducing the Attack Surface for End-of-Support Edge Devices - US CISA and FBI along with the UK National Cyber Security Centre emplore - “The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.K.’s National Cyber Security Centre (NCSC) are releasing this fact sheet to urge defensive action against malicious cyber activity by nation-state threat actors. Nation-state threat actors exploit end-of-support (EOS) edge devices—including, but not limited to, load balancers, firewalls, routers, and virtual private network (VPN) gateways—to gain network access, maintain presence, and compromise sensitive data”
Rebooting the UK's Cyber Strategy - RUSI think tanks - “Key recommendations
Reframe the UK’s cyber strategy narrative to prioritise economic security and convey urgency in addressing cyber threats.
Develop a new threat-response model to balance resources between state-led cyber threats and cybercrime, including the creation of a cross-government joint assessments unit.
Increase government accountability and transparency by improving public sector cyber security and establishing clear implementation reviews for the strategy.
Make cyber security risk foundational to corporate governance by mandating board-level accountability and transparent reporting of cyber risks.
Enforce existing regulations effectively by resourcing regulatory bodies and introducing annual fees for regulated entities to support enforcement activities.”
The UN Cybercrime Convention – A Way to Bring Russia to (the International Court of) Justice?- Just Security ponders - “However, the path to bring Russia to justice under this provision is not simple. The two main challenges are Russia potentially declaring itself not to be bound by the judicial settlement clause of the Convention, and (relatively unlikely) Russia deciding not to ratify the UNCC after all. Yet there may also be paths to overcoming these hurdles. Ultimately, Russia – ironically – has contributed to broadening the possibilities of achieving state responsibility in cyberspace by initiating the negotiations of the Hanoi Convention.”
PSHSB Highlights Ransomware Risks and Best Practices - US Federal Communication Commission Public Safety and Homeland Security Bureau publishes - “The Public Safety and Homeland Security Bureau urges communications providers to implement cybersecurity best practices to protect their networks from the introduction of malware, including ransomware.”
Ransomware Threat Outlook 2025-2027 - Canadian Centre for Cyber Security publish - “We assess that threat actors carrying out ransomware attacks impacting Canadian organizations are almost certainly opportunistic and financially motivated. All Canadian organizations, regardless of size or sector, are at risk of being targeted by ransomware.”
How European and allied cybersecurity strategies are shifting from defence to offence - Binding Hook assert - “In an ever more uncertain world, countries from Finland to Japan are creating cyber commands, adapting previously defensive capabilities, and facing new legal and diplomatic challenges.”
Russian spy spacecraft have intercepted Europe’s key satellites, officials believe - The Financial Times reports - “European security officials believe two Russian space vehicles have intercepted the communications of at least a dozen key satellites over the continent. Officials believe that the likely interceptions, which have not previously been reported, risk not only compromising sensitive information transmitted by the satellites but could also allow Moscow to manipulate their trajectories or even crash them.”
Sean Cairncross’ cybersecurity agenda: less regulation, more cooperation - CyberScoop reports - “You know your regulatory scheme better than I do: Where there’s friction, where there’s frustration with information sharing, what sort of information is shared, the process through which it’s shared,” he said. “It is helpful for us to hear that and have that feedback so that we can address it, engage it and try to make it better.” .. The Trump administration is interested in being a partner with industry rather than a “scold,” Cairncross said at an Information Technology Industry Council event.
Post Quantum Cryptography for Non-Terrestrial Networks - The GSM Association publishes - “This document explores the implications of PQC implementation in NTN, providing insight into system context, technical challenges, standards implications and migration considerations.”
Harassment, Scare Tactics, & Why Victims Should Never Pay ShinyHunters - Allison Nixon outlines - “As the business owner, your decision to pay or not pay a ransom demand from any threat actor group needs to be weighed objectively and deliberately. ShinyHunters rely on the intensity of their emotional manipulation to force you to make a snap decision, within 72 hours, to pay the ransom to stop the harassment. Therefore, we suggest removing their emotionally triggering tactics from the decision and focusing on the objective facts, how the demand is structured, and likely outcomes based on history and their training.”
India’s Roadmap for Quantum Resiliency - with dates earlier than most of 2029..
A Decade-long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends - Sungkyunkwan University, University of Tennessee and Stony Brook University update with version two - “Over the past decade, 154 countries have been affected, primarily using malicious documents and spear phishing as the dominant initial infiltration vectors, and a noticeable decline in zero-day exploitation since 2016”
How the KGB Discovered Computer Viruses - Oleg Shakirov gives a history lesson - “On July 28, 1989, the KGB issued a secret directive “On the procedure of acquisition, operation, and copying of foreign software.” Its key focus was security. The directive warned about the possibility of “various alien programming implants”—better known as computer viruses—being embedded into software, including with “subversive purposes.”
Reporting on/from China
National Threat Assessment - The Norwegian Police Security Service publish - “The Chinese cyber threat actor known as Salt Typhoon is an example of an actor who has compromised vulnerable network devices in Norwegian organisations.”
Cybersecurity Assessment Netherlands 2025 - National Coordinator for Counterterrorism and Security published in December (which I missed) - “there is a broad Chinese cyber threat that extends beyond the traditional perception of China being focused solely on economic espionage. Some activities appear to involve non-economic espionage and may also be forward-looking: by embedding themselves within critical infrastructure, Chinese actors could later exploit those positions for sabotage, for example in times of conflict. China likely sees the United States as its primary adversary in cyberspace, but it could use its significant cyber-sabotage capabilities against European targets in the future as wel”
PRC Targets NATO Frontline States - James Town publishes - “NATO frontline states are responding to PRC‑linked cyber intrusions, surveillance‑capable consumer technologies, and intelligence‑driven infrastructure projects by tightening controls on data flows, restricting PRC technology in critical systems, and issuing broader security warnings to protect transatlantic defense networks.”
Senator Maria Cantwell calls for Senate Committee on Commerce, Science, and Transportation oversight hearing on Salt Typhoon - Senator Maria Cantwell writes - “In the past several months, we learned that the scope of the Salt Typhoon attack was greater than previously believed. According to the Federal Bureau of Investigations (FBI), the Salt Typhoon hackers targeted more than 200 U.S. organizations and 80 countries”
AI
NPL to establish new Centre for AI Measurement - UK National Physical Laboratory announces - “As the UK’s National Metrology Institute, NPL already plays a vital role in developing tools and approaches to increase confidence in AI. For example, through NPL’s Life Cycle for Trustworthy and Safe Artificial Intelligence. Alongside the new centre, NPL is a founding partner of the AI Standards Hub, an initiative dedicated to shaping global standards for AI. The AI Standards Hub Global Summit is taking place 16-17 March in Glasgow, with a focus on the interplay between AI standards, measurement and assurance.”
International AI Safety Report 2026 - International AI Safety Report publish - “The second International AI Safety Report, published in February 2026, is the next iteration of the comprehensive review of latest scientific research on the capabilities and risks of general-purpose AI systems. Led by Turing Award winner Yoshua Bengio and authored by over 100 AI experts, the report is backed by over 30 countries and international organisations. It represents the largest global collaboration on AI safety to date.”
Summary of the threat to generative AI in the face of cyberattacks - ANSSI France’s National Cyber Security Agency publish - ”It is clear that generative AI models are being used and repurposed at various stages of a cyberattack to perform victim profiling, design content for social engineering, or develop malware. However, their use depends on the level of expertise and the objectives pursued: for the most advanced actors, generative AI represents a tool for improving performance and scaling up, while for less experienced actors, it is more of a learning tool. For the time being, ANSSI states that no official or unrestricted generative AI system has been able to autonomously carry out all the stages of a cyberattack.”
Extracting Recurring Vulnerabilities from Black-Box LLM-Generated Software - Israel Institute of Technology research - “We study vulnerability persistence in LLM-generated software and introduce Feature–Security Table (FSTab) with two components. First, FSTab enables a black-box attack that predicts likely backend vulnerabilities from observable frontend features and knowledge of the source LLM, without access to backend code or source code. Second, FSTab provides a model-centric evaluation that quantifies how consistently a given model reproduces the same vulnerabilities across programs, semantics-preserving rephrasings, and application domains.” - or how AI can introduce vulnerability at scale which are repeatedly detectable
Evaluating and mitigating the growing risk of LLM-discovered 0-days - Anthropic publish - “So far, we've found and validated more than 500 high-severity vulnerabilities. We've begun reporting them and are seeing our initial patches land, and we’re continuing to work with maintainers to patch the others.” - whilst interesting token cost and false rates would be interesting, also of the 500 vulnerabilities cited 3 are shown - finally memory corruption != exploitable != exploits - so it will be interesting to see if for example this can find things like memory revelation at scale which would be an uplift.
How LLMs Feed Your RE Habit: Following the Use-After-Free Trail in CLFS - John McIntosh highlights - the practical skilled worker acceleration in vulnerability discovery - “demonstrates how LLMs and pyghidra-mcp accelerate reverse engineering by tracing a use-after-free vulnerability in Windows’ Common Log File System (CLFS) through a patch diff, showing how AI maintains momentum in complex analysis. LLMs don’t replace the work—they feed the habit by making the work feel lighter, faster, and well… fun.”
Cyber proliferation
Spyware maker is hijacking diplomatic efforts to limit commercial hacking, civil society warns - The Record reports - “French and U.K. officials told Recorded Future News that they did not invite NSO Group to participate, and that companies making submissions are not necessarily respecting human rights. Despite this, NSO Group held up its engagement with the Pall Mall Process as an example of its commitment to responsible governance of its zero-click Pegasus spyware.”
Court rules Kaczyński’s defamation of political opponent during Pegasus inquiry “not socially harmful” - Notes from Poland reports - “A court has confirmed that opposition leader Jarosław Kaczyński defamed a political rival when he justified the use of Pegasus spyware against him by saying he had committed “abhorrent crimes”. However, it deemed that the offence was “not socially harmful” and therefore discontinued the case.”
SMS Blaster Vendor Lists 68 Countries They Sell To - CommsRisk report - “Some naive souls still believe SMS blasters are a new phenomenon, despite their long history of use within China. They confuse an absence of evidence in their country with evidence of absence from their country. It is almost certainly the case that many countries have not gathered evidence of SMS blasters being used in their territory because nobody in authority has bothered to look for them.”
Bounty Hunting
Nothing overly of note this week
Market Incentives
No Pain, No Gain - How Impunity Perpetuates Failure - Bytes and Borscht opines - “It’s time to treat cybersecurity incidents and data breaches like preventable disasters, not the inevitable cost of doing business.”
Data breach compensation offer ‘is major progress’ - Police Federation Northern Ireland announce - “Under the terms that have been confirmed, payments of £7,500 are to be made to thousands of officers who had their personal details accidentally published in 2023.”
$117.5M Comcast Settlement Ends Class Action Lawsuit Over Oct. 2023 Cyberattack - Class Action detail - “Comcast has agreed to a massive $117.5 million settlement to resolve a consolidated class action lawsuit alleging the internet and mobile services provider failed to implement proper cybersecurity measures to safeguard sensitive consumer information, leading to an October 2023 data breach.”
Reflections this week are the boom and bust (in a security sense) of Openclaw/Clawdbot/Moltbot and what it tells us about the incentives to produce and consume secure systems in a technology bubble.
This bubble along with how certain narratives get driven by viral meme technology in the modern world highlights the future challenges we need to face into.
The cyber security industry reporting on the Openclaw/Clawdbot/Moltbot situation included:
From magic to malware: How OpenClaw’s agent skills become an attack surface
Hunting OpenClaw Exposures: CVE-2026-25253 in Internet-Facing AI Agent Gateways
OpenClaw in the Wild: Mapping the Public Exposure of a Viral AI Assistant
Then we get to the press reporting:
OpenClaw reveals meaty personal information after simple cracks
From Clawdbot to Moltbot to OpenClaw: Meet the AI agent generating buzz and fear globally
Viral AI personal assistant seen as step change – but experts warn of risks
OpenClaw patches one-click RCE as security Whac-A-Mole continues
Compound we then had the Moltbook situation which muddied the waters with hyperbolic headlines such as:
I Infiltrated Moltbook, the AI-Only Social Network Where Humans Aren’t Allowed
Live: AI social awakening – Moltbook, tech leap or security red flag?
.. and there were many more ..
Then we had some reasonable analysis as the week went on:
We can all accept that the agentic world is real (as demonstrated below with actual value adding skills). However the above over the course of the last nine days of so highlight that the reality of insecure technology developed and deployed at pace and scale coupled with meme / viral interest creates an information environment which is challenging to navigate for all but the most experienced.
It also reminds us that where there is fear of missing out that security is an after thought for most…
Not getting this via email? Subscribe:
Think someone else would benefit? Share:
All attribution is by others and not the UK Government unless specifically stated as such, please see the legal text at the end.
Have a lovely Saturday…
Ollie
Cyber threat intelligence
Who is doing what to whom and how allegedly.
Reporting on Russia
Attributive Questions in High Profile Incidents
Joe outlines the reality of cyber defence for most on the previously Polish alleged attribution to Russia in this operation.
In this case, “Sandworm or Berserk Bear?” transforms into what appears on its face to be a similar question but in fact is something else entirely: “GRU or FSB?”
This question has significant implications for traditional intelligence and political-military decision making as it may reveal important changes in Russian cyber operations, a diversification in entities involved in disruptive actions, and potential implications for moving existing conflict outside of Ukraine (with possible NATO Article V implications). Yet from a cyber defense perspective, this question and its implications become less relevant compared to determining “how did this take place, and how do I defend against it.”
https://pylos.co/2026/01/31/attributive-questions-in-high-profile-incidents/
UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit
CERT Ukraine give a sense of how quickly a Russian actor was able to take a patch and weaponize into a functional exploit and deploy operationally.
On Monday, January 26, 2026, Microsoft published information about a vulnerability with the identifier CVE-2026-21509 in Microsoft Office products, with a note about the active exploitation of the latter.
Already on 01/29/2026, a DOC file “Consultation_Topics_Ukraine(Final).doc” was discovered in the public domain, containing an exploit for the aforementioned vulnerability and was dedicated to the consultations of the Committee of Permanent Representatives to the EU (COREPER) on the situation in Ukraine. At the same time, metadata indicates that the document was created on 01/27/2026 at 07:43:00 (UTC), that is, the day after the publication of the aforementioned vulnerability notification from Microsoft.
https://cert.gov.ua/article/6287250
Related industry reporting
APT28 abuses CVE-2026-21509 by embedding a forgotten OLE browser object (
Shell.Explorer.1) into RTF documents.Office happily instantiates it, the object navigates to a remote
.lnk, and thats your execution path.An allowlist gap that somehow survived for years.
The documents themselves contain no payload.
They only exist to get Office into a state where external shortcut files can be fetched. From there, the real infection chain starts.
https://blog.synapticsystems.de/apt28-geofencing-as-a-targeting-signal-cve-2026-21509/
In January 2026, ThreatLabz identified APT28 weaponizing CVE-2026-21509 to target users in Central and Eastern Europe, including Ukraine, Slovakia, and Romania.
Social engineering lures were crafted in both English and localized languages, (Romanian, Slovak and Ukrainian) to target the users in the respective countries.
The threat actor employed server-side evasion techniques, responding with the malicious DLL only when requests originated from the targeted geographic region and included the correct User-Agent HTTP header.
https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit
The adversary orchestrated a concentrated 72-hour spear-phishing campaign (January 28-30, 2026), delivering at least 29 distinct emails across nine Eastern European nations, primarily targeting defense ministries (40%), transportation/logistics operators (35%), and diplomatic entities (25%). These emails originated from compromised government accounts of multiple countries, including Romania, Bolivia, and Ukraine.
https://www.trellix.com/blogs/research/apt28-stealthy-campaign-leveraging-cve-2026-21509-cloud-c2/
Reporting on China
Notepad++ Hijacked by State-Sponsored Hackers
Notepad++ detail how their incident by an alleged Chinese threat actor. Such supply chain attacks remind us that their integrity are of increasing importance.
According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled malicious update manifests.
The incident began in June 2025. Multiple independent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group, which would explain the highly selective targeting observed during the campaign.
https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Wider industry related reporting
https://securelist.com/notepad-supply-chain-attack/118708/
Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia
CheckPoint detail the exploitation of this vulnerability by an alleged Chinese threat actor coupled with new tooling. This is the WinRAR path traversal vulnerability coupled with a degree of operational security.
We observed overlaps between Amaranth-Dragon and APT-41’s arsenal, suggesting a possible connection or shared resources between them. Further analysis of file compilation and campaign timelines suggests the group operates in UTC+8 (China Standard Time).
Attack themes and lure documents often coincide with significant local geopolitical events, increasing the likelihood of successful compromise.
Less than ten days after the WinRAR vulnerability (CVE-2025-8088) was disclosed, Amaranth-Dragon introduced malicious RAR archives into their campaigns, exploiting this vulnerability and ultimately achieving code execution and persistence on victim systems.
The group utilizes legitimate hosting services (e.g., Dropbox) and Amaranth Loader, a custom tool to deliver encrypted payloads, primarily deploying the Havoc C2 Framework. Command and Control servers are protected by Cloudflare and configured to respond only to IP addresses from targeted countries, minimizing collateral infections and increasing campaign stealth.
A new tool was added to their arsenal, which we track as TGAmaranth RAT. The Telegram-based remote access trojan features anti-EDR and anti-AV capabilities and uses a Telegram bot as its command and control server.
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
Ashley Shen detail an alleged Chinese operation and capability which is noteworthy for various reasons. The sophistication of the capability on show coupled with their ability to deploy it operationally should be noted.
[We] uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants that perform deep-packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Based on the artifact metadata, DKnife has been used since at least 2019 and the command and control (C2) are still active as of January 2026.
DKnife’s attacks target a wide range of devices, including PCs, mobile devices, and Internet of Things (IoT) devices. It delivers and interacts with the ShadowPad and DarkNimbus backdoors by hijacking binary downloads and Android application updates.
DKnife primarily targets Chinese-speaking users, indicated by credential harvesting for Chinese-language services, exfiltration modules for popular Chinese mobile applications and code references to Chinese media domains. Based on the language used in the code, configuration files and the ShadowPad malware delivered in the campaign, we assess with high confidence that China-nexus threat actors operate this tool.
We discovered a link between DKnife and a campaign delivering WizardNet, a modular backdoor known to be delivered by a different AiTM framework Spellbinder, suggesting a shared development or operational lineage.
https://blog.talosintelligence.com/knife-cutting-the-edge/
Infrastructure-less Adversary: C2 Laundering via Dead-Drop Resolvers and the Microsoft Graph API
Wei-Chieh Chao and Shih-Min Chan detail this historic compromise by an alleged Chinese threat actor against the Taiwanese semiconductor industry.
Initial Access
Successful phishing campaign compromised internal endpoints.
Lateral Movement
Leveraged compromised high-privilege accounts to move laterally via SMB.
Command & Control Soft
Ether VPN deployed to maintain persistent remote access.
Utilized malware which leveraged Microsoft Cloud Services as a C2 channel, effectively blending malicious traffic with legitimate cloud activity
https://jsac.jpcert.or.jp/archive/2026/pdf/JSAC2026_1_8_wei-chieh_chao_shih-min_chan_en.pdf
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
Ted Lee and Joseph C Chen highlight this capability which is allegedly used by Chinese threat actors. The use of stolen code signing certificates is also of note. The vulnerability exploited is a Chrome V8 one..
PeckBirdy is a JScript-based command-and-control (C&C) framework used by China-aligned APT actors since 2023, designed to execute across multiple environments, enabling flexible deployment.
Two modular backdoors, HOLODONUT and MKDOOR, extend PeckBirdy’s attack capabilities beyond its core functionality.
Meanwhile, the SHADOW-VOID-044 and SHADOW-EARTH-045 campaigns demonstrate coordinated China-aligned threat group activity that use PeckBirdy across multiple attack vectors.
One of campaigns leverage stolen code-signing certificates Cobalt Strike payloads, and exploits (CVE-2020-16040) hosted across multiple C&C domains and IP addresses to maintain persistent access.
…
The primary goal of this routine is to display fake software update webpages for Google Chrome to entice victims into downloading and executing malicious update files, which are backdoors prepared by the attackers.
…
The exploitation script for the CVE-2020-16040 vulnerability affecting Google Chrome
Scripts for social engineering pop-ups designed to deceive victims into downloading and executing malicious files.
Scripts for delivering additional backdoors that are executed via Electron JS
Scripts to establish reverse shells via TCP sockets
https://www.trendmicro.com/en_us/research/26/a/peckbirdy-script-framework.html
Unmasking the CoGUI Phishing Kit, the Major Chinese Phishing-as-a-Service Targeting Japan
Shadow Liu, Lime Chen, Albert Song and Strawberry Donut detail the scale of this alleged criminal Chinese phishing-as-a-service.
https://jsac.jpcert.or.jp/archive/2026/pdf/JSAC2026_2_2_%20shadow_liu-lime_chen-albert_song_en.pdf
Reporting on North Korea
Hunting Lazarus Part III: The Infrastructure That Was Too Perfect
Red Asgard Threat Research Team detail the scale of the alleged North Korean infrastructure they discovered. The infrastructure scale coupled with the variety of attack techniques on show are noteworthy.
We discovered a second malware family, mapped approximately 20 ghost servers with consistent configurations, attempted to exploit the C2 infrastructure—and ended up questioning whether we were hunting them, or they were hunting us.
Discovered OtterCookie, a second malware family operating alongside BeaverTail/InvisibleFerret—more advanced, with keylogging, screenshot capture, VM evasion, and 27 wallet extension targets
Mapped approximately 20 previously undocumented C2 servers with consistent port configurations—evidence of Infrastructure-as-Code deployment
Confirmed both malware families share the same servers, with BeaverTail on port 1244 and OtterCookie on port 5918
Attempted to exploit the C2 infrastructure using 11 attack classes (SSTI, prototype pollution, HTTP smuggling, XXE, command injection, deserialization, SSRF, file upload RCE, CRLF, FTP brute force, Express.js CVEs)—every single one failed
Identified six indicators that this infrastructure may be a honeypot or counter-intelligence operation, not a live APT platform
https://redasgard.com/blog/hunting-lazarus-part3-infrastructure-too-perfect
North Korea’s “Prospect Call” Trap: Lazarus Turns Teams Meetings into macOS Credential Theft
Kyle Henson and Oren Biderman detail the alleged initial access tradecraft used by this alleged North Korean threat actor. Note the originating platform which may prove challenging for defensive teams.
Correlation of endpoint timestamps with user activity revealed that the commands were executed during an active interaction with an external party. Further review led investigators to a recent Telegram conversation in which the attacker impersonated a plausible business prospect and rapidly escalated the interaction to a Microsoft Teams call using a lookalike domain (teams.microscall[.]com).
During the call, the attacker used a familiar “audio troubleshooting” pretext to guide the victim through executing terminal commands locally. Those commands mapped directly to the execution chain observed during triage, confirming the intrusion was driven by live social engineering rather than automated delivery.
https://daylight.ai/blog/prospect-call-microsoft-teams-meetings
Reporting on Iran
Nothing overly of note this week
Reporting on Other Actors
Phishing via messaging services
Federal Office for the Protection of the Constitution and Federal Office for Information Security detail this unattributed attack against high ranking individuals in Germany via messaging apps.
The current focus of the attacks is on the messaging service "Signal," although comparable approaches are conceivable for "WhatsApp" due to similar functional principles.
..
The attackers impersonate the official support team or support chatbot of the messaging service ("Signal Support" or "Signal Security ChatBot").
..
Espionage the alleged goal
The current attack campaign is particularly relevant to security, especially with regard to highranking targets. Successful access to messenger accounts not only allows insight into confidential individual communications, but also potentially the compromise of entire networks via group chats. Furthermore, sensitive contact structures can be reconstructed, which could be used for further intelligence and/or criminal activities.
Web Traffic Hijacking: When Your Nginx Configuration Turns Malicious
Ryan Simon detail an interesting campaign due to web server configuration changes being used for persistence and traffic redirection through legitimate infrastructure.
Datadog Security Research identified threat actors associated with the recent React2Shell exploitation running a campaign to hijack web traffic using malicious NGINX configurations
The malicious configuration intercepts legitimate web traffic between users and websites and routes it through attacker-controlled backend servers
The campaign targets Asian TLDs (.in, .id, .pe, .bd, .th), Chinese hosting infrastructure (Baota Panel), and government and educational TLDs (.edu, .gov)
https://securitylabs.datadoghq.com/articles/web-traffic-hijacking-nginx-configuration-malicious/
The Shadow Campaigns: Uncovering Global Espionage
Unit42 detail a new unattributed threat actor which is noteworthy for the scale of its operations and alleged state links. Initial access is via phishing and n-days..
This investigation unveils a new cyberespionage group that Unit 42 tracks as TGR-STA-1030. We refer to the group’s activity as the Shadow Campaigns. We assess with high confidence that TGR-STA-1030 is a state-aligned group that operates out of Asia. Over the past year, this group has compromised government and critical infrastructure organizations across 37 countries. This means that approximately one out of every five countries has experienced a critical breach from this group in the past year. Further, between November and December 2025, we observed the group conducting active reconnaissance against government infrastructure associated with 155 countries.
This group primarily targets government ministries and departments. For example, the group has successfully compromised:
Five national-level law enforcement/border control entities
Three ministries of finance and various other government ministries
Departments globally that align with economic, trade, natural resources and diplomatic functions
…
In addition to phishing campaigns, the group often couples exploitation attempts with their reconnaissance activities to gain initial access to target networks. To date, we have not observed the group developing, testing or deploying any zero-day exploits. However, we assess that the group is comfortable testing and deploying a wide range of common tools, exploitation kits and proof-of-concept code for N-day exploits.
https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/
New year, new sector: Transparent Tribe targets India’s startup ecosystem
Jozsef Gegeny, Vadim Bunimovich and Subhajeet Singha detail an interesting scale due to the regional victimology..
Acronis Threat Research Unit (TRU) has been tracking Transparent Tribe, also known as APT36, and has uncovered a campaign that stands out for its use of startup-oriented, themed lure material delivered via an ISO container-based file.
The group has moved beyond government targets, such as defense organizations and educational institutions, to India’s startup ecosystem, delivering Crimson RAT via ISO files and malicious LNK shortcuts using sensitive, startup-themed lures.
Active since 2013 and widely assessed by multiple vendors as a Pakistan-based threat group, Transparent Tribe has historically targeted military personnel, government entities and the education sector.
Recent findings from TRU indicate that Transparent Tribe has expanded its targeting to include individuals within India’s startup ecosystem using decoy material built around a real startup founder and legitimate OSINT- and cybersecurity-focused content, while delivering the Crimson RAT malware.
Despite this expansion, the campaign remains closely aligned with Transparent Tribe’s historical focus on Indian government and defense-adjacent intelligence collection, with overlap suggesting that startup-linked individuals may be targeted for their proximity to government, law enforcement or security operations.
APT36 has used other known malware families across multiple campaigns, including remote access trojans such as AresRAT, AllaKore, GetaRAT, Poseidon and DeskRAT, which make up its malware arsenal.
Compromised Routers, DNS, and a TDS Hidden in Aeza Networks
Infoblox Threat Intel detail an operation which reminds everyone the value of being able to detect if your devices are communicating with sanctioned bullet proof hosters. Also the fact they changed the DNS resolver..
We discovered compromised routers whose DNS settings had been changed to use shadow resolvers hosted in Aeza International (AS210644), a bulletproof hosting company (BPH) sanctioned by the U.S. Government in July 2025. The DNS change meant that every device behind that router was serviced not by the local ISP’s DNS resolvers, but by the threat actor. The Aeza resolvers selectively altered the responses, allowing them to direct users to a range of malicious content, all through a DNS resolution. This shadow network also incorporates an HTTP-based traffic distribution system (TDS), further allowing the actor to fingerprint users and funnel them to content of the actor’s choosing. The combination of an alternate DNS and TDS, along with a clever DNS trick to prevent probing by security groups, has allowed the actor to remain undetected for years.
Small Open-Source Maintainers Targeted by VS Code Tasks Malware
Open Source Malware details this unattributed campaign which is note due to the victimology
Threat Actor: Unknown, but using DPRK TTPs
Attack Vector: Malicious
.vscode/tasks.jsonfiles planted in repositoriesScale: 21 maintainers/contributors compromised in 72 hours
Key Insight: Small project maintainers are being actively targeted
https://opensourcemalware.com/blog/oss-maintainters-vscode-tasks-compromised
Discovery
How we find and understand the latent compromises within our environments.
Practical Threat Detections for Telecommunications
Global Cyber Forum publishes this guide which will be useful to telecommunications operators to consider.
Existing literature and industry research largely emphasizes theoretical threat models in the telecommunications space, often referencing frameworks like MITRE ATT&CK and GSMA Mobile Threat Intelligence Framework (MoTIF), as well as European Telecommunications Standards Institute (ETSI) and vendor specific guidance. However, these frameworks fall short when it comes to evaluating how those threats manifest in real-world telecommunications environments and how detection can be operationalized at scale. To build practical threat detection strategies, this whitepaper sets out to analyze and validate the theoretical landscape– reviewing cited data sources, tactics, techniques, and procedures (TTPs)– and mapping them against the specific needs, telemetry capabilities, and architectures of mobile and other telecommunications service providers.
https://gcforum.org/en/research-publications/practical-threat-detections-for-telecommunications/
Velociraptor artifact to assist scoping IOCs related to the recent publicly disclosed Notepad++ supply chain attack
Matt Green does what he does best with this ..
Assists scoping IOCs related to the recent publicly disclosed Notepad++ supply chain attack.
Find impacted notepad++ versions
Find suspicious files in public reports
Find public reported network urls in running processes
Find Warbird clipc.dll shellcode loader strings
Find Shellcode and loader on disk with YARA
https://docs.velociraptor.app/exchange/artifacts/pages/chrysalis/
Notepad++ Release Hashes
Florian Roth also runs on the pitch with known good hashes..
A comprehensive collection of cryptographic hashes for all Notepad++ releases available on GitHub.
https://github.com/Neo23x0/notepad-plus-plus-hashes
ConsentFix (a.k.a. AuthCodeFix): Detecting OAuth2 Authorization Code Phishing
Stamatis Chatzimangou provides practical steps to detect this attack technique which will be a boost to some defensive teams.
It is clear now from our tests above that the two sign-in events share the same session ID, user principal name, and application ID. In addition, the interactive login (
SignInLogs) precedes the non-interactive login (AADNonInteractiveUserSignInLogs).To detect this activity, we create a query that correlates successful interactive and non-interactive sign-ins sharing the same
SessionId,AppId, andUserPrincipalNamefor the specified lookback period across the “affected_application_ids“. It then flags country, city, or IP mismatches occurring within a 10-minute window.The query can be tuned to allowlist locations (countries), cities, or IP addresses and can also limit the comparison of the sign-ins to location (country) or city.
Hunting SOAPHound - The (!FALSE) Pattern
Andrew Schwartz gives a lesson in what top of the pile detection engineering looks like..
If you’ve been building detection rules based on known tool signatures, you’re about to learn why certain enumeration patterns are invisible to your SIEM. It involves a tool called SOAPHound, a non-existent LDAP attribute, and a transformation that happens before your logs are written.
The problem: The query (!soaphound=*) never appears in your logs—it becomes (! (FALSE)) through LDAP optimization, and most defenders have never seen this pattern before
…
The reliable detection pattern for SOAPHound:
FALSE filter negation (!(FALSE))
Client [::1] (localhost/IPv6)
Specific attribute list matching SOAPHound’s patterns
SDFlags:0x7 when nTSecurityDescriptor is in the attribute list (mode-dependent)
https://www.huntress.com/blog/ldap-active-directory-detection-part-four
Following the Trace: Reconstructing Attacks from Ext4 and XFS Journals
Minoru Kobayashi shows there continue to be opportunities for innovation in forensics to detect threat actor activity.
This research investigates both ext4 and XFS journals.
It explores methods for inferring file activity and building forensic timelines.
A new analysis tool was developed:
Supports both filesystem journals in a single tool. Builds a complete timeline of all file activities recorded in the journal.
Detects suspicious file activity such as timestomping.
And yes—it’s open-source.
https://jsac.jpcert.or.jp/archive/2026/pdf/JSAC2026_2_1_minoru_kobayashi_en.pdf
https://github.com/mnrkbys/fjta
Detects payload bytes in first 0x490 bytes in clipc.dll Warbird technique
Matt Green provides this YARA rule as part of #100DaysofYARA for the Warbird technique mentioned later..
37 Sysmon Events. One Complete DLL Hijacking Attack
Manish Rawat highlights the detection gap for DLL side loading.
I analyzed real malware logs and discovered why non-admin users can execute code without triggering a single alert
Related it looks like Flux has made some progress for which we are awaiting details
Some progress with trying to detect DLL side loading & search order hijacking. I have a few more things to implement in this POC, then I need to abstract and refine the code. System wide on my normal host (not a bare bones VM) the only place this triggered was from an acutal DLL Search Order Hijacking scenario with a ‘malicious’ Wyrm loader. A bigger dataset is required of course to be actually confident in this small section I have built out, I still have more to do.
…Currently this is looking for PATH hijacks, next up will be straight up imports of DLLs not on PATH.
Threat Hunting Query’s
Awais Munir releases a set of threat Hunting queries of multiple platforms i.e. KQL (Microsoft) and CrowdStrike.
https://github.com/a2awais/Threat-Hunting/
Defence
How we proactively defend our environments.
BOD 26-02: Mitigating Risk From End-of-Support Edge Devices
CISA outline two years of activity for federal departments.
Immediately after issuance, and until rescinded or superseded, all FCEB agencies shall:
Update each vendor supported edge device running EOS software, including firmware, to a vendor-supported software version, where such an update does not adversely impact mission critical functionality.
Within three (3) months of issuance, all FCEB agencies shall:
Inventory all devices listed in the CISA EOS Edge Device List and provide this inventory to CISA using the CISA-provided template.
The CISA EOS Edge Device List is a preliminary repository of EOS devices. This list is to facilitate each agency’s identification of specific devices within the first three months after issuance of this Directive. After the first three months, agencies are responsible for continuing to identify, track, and refresh all edge devices within the agency’s infrastructure (see requirements #5-9).
https://www.cisa.gov/news-events/directives/bod-26-02-mitigating-risk-end-support-edge-devices
Guidance from the Frontlines: Proactive Defense Against ShinyHunters-Branded Data Theft Targeting SaaS
Mandiant raise the alarm and also highlight why we are all now collectively pushing for phishing-resistant MFA such as FIDO2 security keys or passkeys..
Mandiant is tracking a significant expansion and escalation in the operations of threat clusters associated with ShinyHunters-branded extortion. As detailed in our companion report, 'Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft', these campaigns leverage evolved voice phishing (vishing) and victim-branded credential harvesting to successfully compromise single sign-on (SSO) credentials and enroll unauthorized devices into victim multi-factor authentication (MFA) solutions.
…
This post provides actionable hardening, logging, and detection recommendations to help organizations protect against these threats. Organizations responding to an active incident should focus on rapid containment steps, such as severing access to infrastructure environments, SaaS platforms, and the specific identity stores typically used for lateral movement and persistence. Long-term defense requires a transition toward phishing-resistant MFA, such as FIDO2 security keys or passkeys, which are more resistant to social engineering than push-based or SMS authentication.
Ricochet Chollima APT Adversary Simulation
S3N4T0R provides a simulation for defensive teams to run through for this alleged North Korean threat actor.
https://medium.com/@S3N4T0R/ricochet-chollima-apt-adversary-simulation-b0258be69c37
gVisor
Google released this a long while ago and whilst it doesn’t address everything the drop in nature is super easy for the security uplift it brings.
gVisor is an open-source Linux-compatible sandbox that runs anywhere existing container tooling does. It enables cloud-native container security and portability. gVisor leverages years of experience isolating production workloads at Google.
gVisor implements the Linux API: by intercepting all sandboxed application system calls to the kernel, it protects the host from the application. In addition, gVisor also sandboxes itself from the host using Linux's isolation capabilities. Through these layers of defense, gVisor achieves true defense-in-depth while still providing VM-like performance and container-like resource efficiency.
https://github.com/google/gvisor
Security Scanner for Agent Skills
Vineeth Sai Narajala releases this security scanner for agent skills show the type of approaches that may be employed.
A security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines pattern-based detection (YAML + YARA), LLM-as-a-judge, and behavioral dataflow analysis for comprehensive threat detection.
https://github.com/cisco-ai-defense/skill-scanner
Threat Framework Dedicated to SDLC Infrastructure
Shay Berkovich detail this framework - will be interesting to see if it gain any traction in practice beyond the vendors own narrative.
SITF is an open framework designed to protect the "producers" - the organizations creating software. It maps attacks across the five pillars of your SDLC infrastructure: Endpoint/IDE, VCS, CI/CD, Registry, and Production:
https://www.wiz.io/blog/sitf-sdlc-threat-framework
https://threats.wiz.io/posters-newspapers
Incident Writeups & Disclosures
How they got in and what they did.
They Got In Through SonicWall. Then They Tried to Kill Every Security Tool
Anna Pham and Dray Agha detail a criminal operation which attempted to do endpoint detection disablement. Again shows the value of having true positive signals flowing through your defensive infrastructure.
In early February 2026, Huntress responded to an intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to gain initial access to a victim network. Once inside, the attacker deployed an EDR killer that abuses a legitimate Guidance Software (EnCase) forensic driver with a revoked certificate to terminate security processes from kernel mode, a technique known as Bring Your Own Vulnerable Driver (BYOVD).
The attack was disrupted before ransomware deployment, but the case highlights a growing trend: threat actors weaponizing signed, legitimate drivers to blind endpoint security. The EnCase driver’s certificate expired in 2010 and was subsequently revoked, yet Windows still loads it, a gap in Driver Signature Enforcement that attackers continue to exploit.
https://www.huntress.com/blog/encase-byovd-edr-killer
Security incident on plone GitHub org with force pushes
Maurits van Rees details an event which lacked the transparency and comprehensive response required.
On January 7, there was a security incident in the plone organization on gitHub, where someone force pushed malicious code to several repositories. Most of this was discovered before it could do damage, but some was left undiscovered until later. We reported this to the Plone community forum, with an important update after further discoveries.
https://www.openwall.com/lists/oss-security/2026/01/31/2
Vulnerability
Our attack surface.
Extensions can leak full tab URLs using declarativeNetRequest via side-channel attack
Google Chrome fixes an interesting vulnerability..
It was discovered that Chrome extensions with only the
declarativeNetRequestpermission can leak the full URL of any tab without requiring thetabspermission or any host permissions.
https://issues.chromium.org/issues/479258463
1-Click RCE via Authentication Token Exfiltration From gatewayUrl
OpenClaw vulnerability…
The Control UI trusts
gatewayUrlfrom the query string without validation and auto-connects on load, sending the stored gateway token in the WebSocket connect payload.Clicking a crafted link or visiting a malicious site can send the token to an attacker-controlled server. The attacker can then connect to the victim’s local gateway, modify config (sandbox, tool policies), and invoke privileged actions, achieving 1-click RCE. This vulnerability is exploitable even on instances configured to listen on loopback only, since the victim’s browser initiates the outbound connection.
https://github.com/openclaw/openclaw/security/advisories/GHSA-g8p2-7wf7-98mq
GatewayToHeaven: Finding a Cross-Tenant Vulnerability in GCP's Apigee
Omer Amiad details a cross-tenant vulnerability .. or the stuff of cloud nightmares. Also shows what happens with cloud complexity when your adversary knows the end-to-end better than the teams who built it and has an adversarial mindset.
To recap, we discovered earlier that the Apigee service account has permissions to write to the bucket that holds the JAR files executed by the Dataflow pipeline. We also found out that the Dataflow pipeline is likely to have access to cross-tenant resources.
In order to escalate privileges to the Dataflow service account, we can download the Dataflow JAR files from the bucket, and patch them using a Java patcher such as
Recaf. Our malicious implementation will simply access the metadata endpoint of the Dataflow compute instance, retrieve the token of the Dataflow service account, and upload it to a remote server in our control.
https://omeramiad.com/posts/gatewaytoheaven-gcp-cross-tenant-vulnerability/
Cisco Snort _bnfa_search_csparse_nfa Use-After-Free Remote Code Execution Vulnerability
Patch them security appliances..
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Snort. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the _bnfa_search_csparse_nfa method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the service account.
https://www.zerodayinitiative.com/advisories/ZDI-26-046/
Offense
Attack capability, techniques and trade-craft.
Living Off The Land APIs
Magic Claw releases this..
LOLAPI catalogs real-world abused APIs across Windows, Cloud, and Browser platforms—with detection strategies, mitigation guidance, and red team POCs.
https://themagicclaw.github.io/LOLAPI/
https://github.com/TheMagicClaw/LOLAPI
Authentication Downgrade Attacks: Deep Dive into MFA Bypass
Carlos Gomez details a downgrade attack which highlights why you don’t want to allow downgraded means..
This research introduces two key contributions: first, the weaponization of Cloudflare Workers as a serverless transparent proxy platform that operates on trusted Content Delivery Network (CDN) infrastructure with zero forensic footprint; second, an Authentication Downgrade Attack technique that forces victims to fall back to phishable authentication methods (such as push notifications or OTPs) even when FIDO2 hardware keys are registered.
https://www.ioactive.com/authentication-downgrade-attacks-deep-dive-into-mfa-bypass/
Weaponizing Whitelists: An Azure Blob Storage Mythic C2 Profile
Andrew Gomez and Allen DeMoura detail a technique which hopefully Microsoft will find a way to squish at scale.
Mature enterprises lock down egress but often carve out broad exceptions for trusted cloud services. This post shows how reviewing deployment guides can help identify those exceptions and weaponize them with a new Mythic C2 profile called azureBlob.
The Phantom File System: Inside the Windows ProjFS
Jonathan Johnson detail a technique which has various offensive applicable properties and use cases. The plus side is they also outline a defensive use case of canaries.
There are no user privilege restrictions on starting a provider
Ability to prevent deletes
Ability to prevent reads or change what is read from a certain process
https://www.huntress.com/blog/windows-projected-file-system-mechanics
GhostKatz
Julian Peña releases a capability that EDR vendors and detection engineers alike will want to ensure they have coverage of.
Extract LSASS credentials directly from physical memory by abusing signed vulnerable drivers with physical memory read primitives via
MmMapIoSpace, bypassing traditional user-mode detection capabilities.
https://github.com/RainbowDynamix/GhostKatz
Cobaltstrike BOF Loader
CodeX releases a capability which may undermine certain detection techniques..
This is an open source port/reimplementation of the Cobalt Strike BOF Loader as is. For the most part, everything is done as in the original Beacon + Teamserver in Cobalt Strike.
This includes shortcomings that are resolved in other open source COFF loaders such as the TrustedSec COFFLoader. This is intentional. The goal of this project is not to make a good COFF loader, it was to make an open source analog of the specific implementation in Cobalt Strike, to help with debugging in edge cases where BOFs work in other COFF Loaders but not in Cobalt Strike.
https://github.com/CodeXTF2/Cobaltstrike_BOFLoader
MacOS malware persistence: shell environment hijacking a simple C example
Zhassulan Zhussupov releases a capability which macOS environments will want to ensure they have detection coverage of.
If we want to stay silent, we need to look where the system doesn’t trigger loud alerts. Today, I’ll talk about shell environment hijacking trick.
https://cocomelonc.github.io/macos/2026/01/31/malware-mac-persistence-2.html
Demonstration of Warbird Heap Execute
This technique gained coverage as it was used in the Notepad++ supply chain compromise.
gist.github.com/WitherOrNot/c6fa56b943b09bdd8a23fe43cec6f4cc
Related documentation this built upon
https://github.com/WitherOrNot/warbird-docs/blob/main/WarbirdModern.md
Then we had from 2024 Abusing Microsoft Warbird for Shellcode Execution
https://cirosec.de/en/news/abusing-microsoft-warbird-for-shellcode-execution/
Exploitation
What is being exploited..
Nothing overly of note beyond what has already been covered this week..
Tooling and Techniques
Low level tooling and techniques for attack and defence researchers
Reko
John Källén has been plugging away on this decompiler which is useful to be aware of.
Reko (Swedish: “decent, obliging”) is a decompiler for machine code binaries. This project is freely available under the GNU General Public License.
The project consists of front ends, core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windows GUI, and a ASP.NET front end exist at the time of writing. The decompiler engine receives inputs from the front ends in the form of either individual executable files or decompiler project files. Reko project files contain additional information about a binary file, helpful to the decompilation process or for formatting the output. The decompiler engine then proceeds to analyze the input binary.
Introducing the YARA language server
Victor M. Alvarez provides this work aid for YARA rule writers..
The YARA-X Language Server is now available for Visual Studio Code. It’s currently in beta, but you can install it from the Visual Studio Marketplace and start using it already.
https://virustotal.github.io/yara-x/blog/introducing-the-yara-language-server/
JSDeob workbench
Malware Owl provides this power tool for this working with obfuscated JavaScript.
A visual workbench for deobfuscating JavaScript. Build transform chains, step through them, write your own plugins.
https://github.com/owl4444/jsdeob-workbench
IDA Reach
Daax releases these work aids for those working on many version of the same target.
bulk download modules across all versions, search for call chains from references, immediates, instructions, etc
https://github.com/daaximus/ida-reach/
EventHorizon
Jonathan Beierle provides this work aid for detection engineers and researchers alike working with ETW.
EventHorizon is a tool meant to arm security analysts and/or researchers with Event Tracing for Windows (ETW) telemetry that, coupled with sigma-like rules, allow for robust endpoint detection and response capabilities. That being said, EventHorizon is in no way a replacement for proper solutions. This project primarily is meant to allow for ease of use when collecting ETW telemetry as well as generating detection rules without having to write code. In order to increase this ease of use, the setup process for EventHorizon is intended to be as simple as possible, with a provided
.msiinstaller (see releases tab) and basic installation instructions (see wiki).
https://github.com/HullaBrian/EventHorizon
An LLM Agent Skill that embeds expert YARA knowledge into your AI assistant
Florian Roth gives you agentic YARA writer an uplift..
The yara-rule-skill transforms your LLM agent into a YARA rule expert, capable of:
Writing high-quality, performant YARA rules from scratch
Reviewing existing rules for quality issues and performance problems
Optimizing slow rules by identifying performance bottlenecks
Validating rules against 20+ automated quality checks from yaraQA
https://yarahq.github.io/yara-rule-skill-site/
https://github.com/YARAHQ/yara-rule-skill
Footnotes
Some other small (and not so small) bits and bobs which might be of interest.
Annual, quarterly and monthly reports
Nothing overly of note this week, but keep an eye on the Awesome Annual Security Reports 2026 collection
Science fiction prepares military for complex and unpredictable future of technology
Artificial intelligence
Policy
Fundamental
Applied non-cyber
Nothing overly of note this week
Applied cyber specific
From Similarity to Vulnerability: Key Collision Attack on LLM Semantic Caching
Secure Tool Manifest and Digital Signing Solution for Verifiable MCP and LLM Pipelines
Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering
Protecting Private Code in IDE Autocomplete using Differential Privacy
Evaluating Large Language Models for Security Bug Report Prediction
The Semantic Trap: Do Fine-tuned LLMs Learn Vulnerability Root Cause or Just Functional Pattern?
Analysis of LLM Vulnerability to GPU Soft Errors: An Instruction-Level Fault Injection Study
AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection
An LLM Agent Skill that embeds expert YARA knowledge into your AI assistant.
Extracting Recurring Vulnerabilities from Black-Box LLM-Generated Software
Books
Events
What’s next for Chinese cyber strategy? - In conversation with Adam Segal - 15:15 - 16:30, 23 February 2026
BlueHat Asia 2025 - videos now online
JSAC 2026 - slides now online
The irregular video of the week this week is Max Smeets and his keynote Inside the Ransomware Machine
Finally finally the NCSC’s podcast series.
Unless stated otherwise, linked or referenced content does not necessarily represent the views of the NCSC and reference to third parties or content on their websites should not be taken as endorsement of any kind by the NCSC. The NCSC has no control over the content of third party websites and consequently accepts no responsibility for your use of them.
This newsletter is subject to the NCSC website terms and conditions which can be found at https://www.ncsc.gov.uk/section/about-this-website/terms-and-conditions and you can find out more about how will treat your personal information in our privacy notice at https://www.ncsc.gov.uk/section/about-this-website/privacy-statement.