02/11/2026-02/18/2026 Malicious npm and PyPI Packages Linked to Lazarus APT, Ivanti EPMM Exploit And More.

1. CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

CISA has added four actively exploited flaws to its KEV catalog. The vulnerabilities include CVE-2026-2441, a use-after-free bug in Google Chrome that can enable heap corruption via a crafted webpage; CVE-2024-7694, an arbitrary file upload flaw in TeamT5 ThreatSonar Anti-Ransomware; CVE-2020-7796, an SSRF issue in Zimbra Collaboration Suite; and CVE-2008-0015, a buffer overflow in Microsoft Windows Video ActiveX Control that allows remote code execution.

Google recently confirmed in-the-wild exploitation of CVE-2026-2441. Meanwhile, threat researchers previously observed large-scale abuse of the Zimbra flaw, and Microsoft warned the 2008 bug has been used to spread malware such as the Dogkild worm.

Federal agencies must apply patches by March 10, 2026, to mitigate risks.

2. Patch Immediately: BeyondTrust Remote Code Execution Flaw Exploited in the Wild

BeyondTrust has released urgent updates to fix a critical remote code execution vulnerability (CVE-2026-1731, CVSS 9.9) affecting its Remote Support (RS) and Privileged Remote Access (PRA) products, with evidence of active exploitation. The flaw allows unauthenticated attackers to execute arbitrary system commands through specially crafted requests, potentially leading to full compromise, data theft, or service disruption.

The issue was discovered by Hacktron AI using AI-driven variant analysis and disclosed in January 2026. Internet scans from Shodan indicate about 11,000 exposed instances, many of them on-premise deployments that remain vulnerable until patched.

BeyondTrust automatically updated SaaS environments, but on-premise customers must apply patches or upgrade manually. Administrators are urged to verify systems quickly, as the vulnerability is easy to exploit and attractive to attackers seeking ransomware or lateral movement within enterprise networks.

3. Malicious npm and PyPI Packages Linked to Lazarus APT Fake Recruiter Campaign

Researchers from ReversingLabs have uncovered malicious npm and PyPI packages tied to a fake recruitment campaign attributed to the North Korea-linked Lazarus Group. The operation, dubbed “graphalgo,” has been active since May 2025 and targets JavaScript and Python developers with fraudulent cryptocurrency-related job offers. Attackers pose as recruiters on LinkedIn, Facebook, and Reddit, directing victims to GitHub “interview tasks” that secretly depend on malicious packages. Some packages, such as bigmathutils, built trust and gained thousands of downloads before being updated to deliver malware.

The campaign uses a multi-stage approach: creating fake companies and websites, distributing poisoned open-source dependencies, and installing remote-access trojans capable of executing commands, accessing files, and searching for cryptocurrency wallets.

Researchers say the activity shows the hallmarks of Lazarus operations, including staged payloads, delayed malicious updates, encrypted communications, and a modular design that allows attackers to rotate front-end infrastructure while maintaining the same backend systems.

4. 83 % of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

Most exploitation attempts against a critical flaw in Ivanti Endpoint Manager Mobile (EPMM) have been traced to a single IP address hosted on infrastructure run by PROSPERO. According to GreyNoise, 417 exploitation sessions were recorded between February 1 and 9, 2026, with 83% originating from one source. The activity targets CVE-2026-1281 (CVSS 9.8) and CVE-2026-1340, vulnerabilities that enable unauthenticated remote code execution. Ivanti confirmed limited real-world compromises, and several European organizations—including the Dutch Data Protection Authority and the European Commission—reported targeting attempts. Researchers also observed the same host exploiting unrelated flaws in Oracle WebLogic, GNU InetUtils, and GLPI, suggesting automated scanning. About 85% of probes used DNS callbacks to verify vulnerable systems without deploying malware, consistent with initial-access operations. Security experts advise patching immediately, auditing internet-facing MDM systems, reviewing DNS logs, and blocking PROSPERO’s network ranges to reduce risk.

5. Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024

A critical zero-day vulnerability (CVE-2026-22769, CVSS 10.0) in Dell RecoverPoint for Virtual Machines has been exploited since mid-2024 by a suspected China-linked threat cluster, UNC6201, according to researchers from Google Mandiant and Google Threat Intelligence Group. The flaw involves hard-coded credentials that allow unauthenticated attackers to gain root-level access, deploy web shells, and install backdoors such as BRICKSTORM and its newer variant GRIMBOLT. Attacks have primarily targeted North American organizations and appliances that often lack endpoint detection tools, enabling long-term persistence. Investigators observed techniques such as temporary “Ghost NICs” to move laterally and erase evidence. UNC6201 shares tactics with another China-linked cluster, UNC5221, though they are considered distinct. Separately, Dragos reported activity by Volt Typhoon compromising cellular gateways in energy sectors, then pivoting into operational technology networks, highlighting growing risks to industrial systems.

02/04/2026-02/11/2026 Critical SQLi Flaw, Microsoft Patches 59 Vulnerabilities, Critical n8n Flaws Disclosed Along With Public Exploits And More.

1. Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet has released security updates to fix a critical vulnerability in FortiClientEMS (CVE-2026-21643), rated 9.1 in severity, that could allow unauthenticated attackers to execute arbitrary code. The flaw is an SQL injection issue that can be exploited through specially crafted HTTP requests. The vulnerability affects FortiClientEMS 7.4.4, and users are advised to upgrade to version 7.4.5 or later. Versions 7.2 and 8.0 are not affected. Although there are no reports of active exploitation, Fortinet recommends applying patches as soon as possible. The flaw was discovered and reported by a member of Fortinet’s Product Security team. Separately, Fortinet recently addressed another critical vulnerability (CVE-2026-24858) affecting several products, including FortiOS and FortiManager. That issue, rated 9.4, has been actively exploited by attackers to create persistent admin accounts, modify configurations to enable VPN access, and exfiltrate firewall configuration data.

2. Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Microsoft released security updates addressing 59 vulnerabilities, including six actively exploited flaws. Five issues are rated Critical, 52 Important, and two Moderate. The vulnerabilities include privilege escalation, remote code execution, spoofing, information disclosure, security feature bypass, denial-of-service, and cross-site scripting. The six exploited flaws affect components such as Windows Shell, MSHTML, Microsoft Word, Desktop Window Manager, Remote Access Connection Manager, and Remote Desktop. Some allow attackers to bypass security prompts or elevate privileges after gaining access to a system, potentially enabling malware deployment or credential theft. Researchers from Microsoft, Google Threat Intelligence Group, and others reported several of the issues, though details of exploitation remain limited. CISA has added all six vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring U.S. federal agencies to patch them by March 3, 2026. Microsoft also issued Edge browser fixes, updated Secure Boot certificates, and introduced new security features aimed at strengthening default protections and improving user transparency and consent.

3. Threat Actors Publish Malicious dYdX Packages to npm and PyPI Repositories

Cybersecurity firm Socket has uncovered a supply-chain attack in which threat actors published malicious versions of dYdX client libraries to both npm and PyPI, targeting developers building cryptocurrency trading tools. The incident, detected on January 27, 2026, likely involved a compromised maintainer account. Affected packages included several versions of @dydxprotocol/v4-client-js and the PyPI package dydx-v4-client.

The malware was hidden in core files and executed during normal use. In npm packages, tampered functions stole seed phrases and device fingerprints, sending them to a typosquatted domain. The PyPI version was more severe, installing a remote access trojan that periodically contacted a command-and-control server and could run arbitrary code, enabling theft of credentials, source code, and other sensitive data.

dYdX warned users to isolate systems and rotate credentials. Developers are advised to audit dependencies, upgrade to safe versions, block known indicators, and monitor environments, as compromised packages could lead to wallet theft or full system compromise.

4. Open Source Security Gets AI Boost As Claude Detects 500+ Critical Issues

Anthropic says its latest model, Claude Opus 4.6, has demonstrated the ability to autonomously audit open-source software, discovering more than 500 previously unknown high-severity vulnerabilities in widely used libraries such as Ghostscript, OpenSC, and CGIF. All reported flaws were confirmed as real and have since been patched by maintainers.

In testing, the model operated in a virtualised environment with access to tools like debuggers and fuzzers but no detailed instructions. Researchers found it used reasoning similar to human security analysts, identifying patterns in code and past fixes to uncover subtle weaknesses that traditional fuzzing sometimes missed. Examples included memory-handling errors and overflows that could cause crashes or allow exploitation.

Anthropic is deploying the system to help maintainers find and fix vulnerabilities, highlighting AI’s growing role as a defensive security tool that can complement manual review. However, the company also warned that similar capabilities could be misused and said it is adding safeguards to reduce risks.

5. Critical n8n Flaws Disclosed Along With Public Exploits

Multiple critical vulnerabilities in the open-source workflow automation platform n8n, tracked as CVE-2026-25049, allowed authenticated users with permission to create or edit workflows to escape the sandbox and execute arbitrary code on the host server. Researchers found the flaws stemmed from weak sanitization and incomplete sandboxing of user-written JavaScript, enabling attackers to run system commands, access files, and steal credentials, API keys, and configuration data. In multi-tenant environments, the issue could also allow lateral movement to other tenants or connected cloud services.

Several security firms independently identified bypasses, showing that earlier patches were incomplete. The vulnerabilities were fixed in n8n versions 2.5.2 and 1.123.17, and users are urged to update, rotate encryption keys, and review workflows.

Although no active exploitation has been confirmed, researchers have observed large-scale scanning of exposed n8n systems, suggesting growing attacker interest and highlighting the importance of prompt patching and access controls.

01/28/2026-02/04/2026 Docker Fixes Critical Ask Gordon AI Flaw, Critical React Native Metro Bug, Two High-Severity n8n Flaws And More

1. Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata

 Cybersecurity researchers have revealed details of a now-patched critical flaw in Ask Gordon, Docker’s AI assistant built into Docker Desktop and the Docker CLI, that could enable code execution and data exfiltration. The vulnerability was fixed in Docker version 4.50.0 released in November 2025. The issue arises because Ask Gordon treats unverified Docker image metadata as executable instructions. A single malicious LABEL field embedded in a Docker image can trigger a three-stage attack: Ask Gordon reads the instruction, forwards it to the Model Context Protocol (MCP) Gateway, and the gateway executes it using MCP tools—without validation. This could result in remote code execution on cloud and CLI systems or sensitive data exposure on desktop environments. The flaw represents a failure of contextual trust, described as Meta-Context Injection, where MCP cannot distinguish harmless metadata from pre-authorized commands. By weaponizing Docker image labels, attackers can hijack the AI’s reasoning process and bypass security boundaries.

2. Hackers Exploit Critical React Native Metro Bug to Breach Dev Systems

Hackers are actively exploiting a critical vulnerability, CVE-2025-11953, in the React Native Metro development server to target developers with malicious payloads for Windows and Linux. The flaw allows unauthenticated attackers to execute arbitrary OS commands on Windows via crafted POST requests, while on Linux and macOS it enables execution of arbitrary binaries with limited control. Metro, the default JavaScript bundler for React Native, exposes development-only HTTP endpoints by default and can bind to external network interfaces, increasing attack surface.

Researchers at JFrog disclosed the issue in November, identifying the vulnerable /open-url endpoint, which passes user-supplied input to the open() function without sanitization. The flaw affects @react-native-community/cli-server-api versions 4.8.0 through 20.0.0-alpha.2 and was fixed in version 20.0.0. VulnCheck observed in-the-wild exploitation starting December 21, 2025, with repeated attacks delivering base64-encoded PowerShell payloads that disable defenses, fetch second-stage binaries, and execute them. Despite active abuse, about 3,500 Metro servers remain exposed online.

3. Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Cybersecurity researchers have uncovered a supply chain attack targeting the Open VSX Registry, in which threat actors compromised a legitimate developer account to distribute malicious updates. On January 30, 2026, four popular extensions published by the developer oorzc were updated with malicious code embedding the GlassWorm malware loader, according to Socket researcher Kirill Boychenko. The extensions, some over two years old, had accumulated more than 22,000 downloads prior to the attack.

The incident is believed to stem from stolen publishing credentials, possibly via a leaked token. The malicious versions were later removed, but not before delivering a loader capable of decrypting and executing payloads at runtime. The malware targets macOS systems, harvesting browser data, cryptocurrency wallets, iCloud Keychain contents, developer credentials, and VPN configurations, posing serious risks to enterprise environments.

Unlike earlier GlassWorm campaigns that relied on typosquatting, this attack abused a trusted developer account, allowing the malware to blend into normal workflows. Researchers warn that removed extensions remain installed locally until developers release clean updates.

4. Ivanti Patches Exploited EPMM Zero-Days

Ivanti has released emergency patches for two critical zero-day vulnerabilities in Endpoint Manager Mobile (EPMM) that are being actively exploited in the wild. Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS 9.8), the flaws are unauthenticated code injection bugs that allow remote code execution. The issues affect EPMM’s in-house application distribution and Android file transfer configuration features. Successful exploitation could enable attackers to execute arbitrary code, move laterally, and access sensitive data, including administrator and user details as well as mobile device information. Ivanti says a limited number of customers were impacted at disclosure. All EPMM versions up to 12.7.0.0 and select 12.5.x and 12.6.x releases are affected. Ivanti has issued version-specific RPM patches and recommends upgrading to version 12.8.0.0 once available. CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog, urging organizations to prioritize remediation due to the flaw’s severity.

5. SolarWinds Web Help Desk Vulnerability Actively Exploited

A US security agency has warned that a critical remote code execution (RCE) flaw in SolarWinds Web Help Desk is being actively exploited. CISA has added CVE-2025-40551 to its KEV Catalog, giving federal civilian agencies until Friday to apply patches released last week. Rated CVSS 9.8, the vulnerability is a deserialization of untrusted data issue that allows unauthenticated attackers to gain admin-level access and execute arbitrary commands on affected systems. While the KEV mandate applies only to federal agencies, CISA urges all organizations to patch promptly due to widespread use of the software in government, education, and healthcare.

CVE-2025-40551 is one of four critical flaws fixed in a January 28 update. The others include an additional RCE vulnerability and two authentication bypass bugs, all rated 9.8. Although only one flaw is currently exploited, attackers could chain them to fully compromise systems. SolarWinds advises upgrading to Web Help Desk 2026.1 immediately.

6. Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Cybersecurity researchers have disclosed two new vulnerabilities in the n8n workflow automation platform, including a critical flaw that could lead to full remote code execution. Identified by JFrog Security Research, CVE-2026-1470 (CVSS 9.9) allows any authenticated user to bypass n8n’s JavaScript Expression sandbox and execute arbitrary code on the main node. A second issue, CVE-2026-0863 (CVSS 8.5), enables authenticated users to escape the Python task sandbox and run arbitrary code on the host system.

Despite requiring authentication, CVE-2026-1470 is considered highly dangerous because any n8n user could completely take over an instance, including those running in “internal” execution mode. Given n8n’s access to sensitive enterprise workflows, credentials, and APIs, successful exploitation could provide attackers broad control across an organization.

Users are urged to upgrade to patched versions immediately. The disclosure follows recent reports of a separate unauthenticated n8n flaw, underscoring ongoing risks in sandboxing dynamic languages like JavaScript and Python.