02/18/2026-02/25/2026 SolarWinds Patches 4 Critical Serv-U 15.5 Flaws, Cline CLI 2.3.0 Supply Chain Attack And More.

1. SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution

SolarWinds has released updates for Serv-U file transfer software to fix four critical vulnerabilities that could allow remote code execution. All are rated 9.1 on the CVSS scale:

• CVE-2025-40538: Broken access control letting attackers create admin users and run code as root;
  -CVE-2025-40539 & CVE-2025-40540: Type confusion flaws enabling execution of native code as root;
  -CVE-2025-40541: Insecure direct object reference (IDOR) allowing native code execution as root.

Exploitation requires administrative privileges, though risk is medium on Windows, as services often run under less-privileged accounts. These issues affect Serv-U version 15.5 and are fixed in 15.5.4. SolarWinds hasn’t reported active exploitation, but past Serv-U flaws (e. g., CVE-2021-35211, CVE-2021-35247, CVE-2024-28995) were targeted by hackers, including China-based group Storm-0322 (formerly DEV-0322).

2. Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed an active supply chain worm campaign, dubbed SANDWORM_MODE, leveraging at least 19 malicious npm packages to steal credentials and cryptocurrency keys. The malware exfiltrates system information, tokens, environment secrets, and API keys, propagating via stolen npm and GitHub identities. Core features include a polymorphic engine, hook-based persistence, USB and SSH propagation fallbacks, and an “McpInject” module that targets AI coding assistants (Claude, Cursor, VS Code) to harvest SSH keys, environment files, and LLM API keys from providers like OpenAI, Anthropic, and Cohere. The attack unfolds in two stages, with a delayed secondary stage performing deeper harvesting, worm-like spread, and full exfiltration. Some packages include sleeper components or kill switches, which remain off by default. Users are urged to remove affected packages, rotate tokens and CI secrets, and review workflows. The campaign mirrors recent malicious npm activity, including buildrunner-dev and eslint-verify-plugin, which deliver RATs and agents targeting Windows, macOS, and Linux.

3. Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

On February 17, 2026, a supply chain attack targeted the Cline CLI open-source package, installing OpenClaw—an AI agent—on developer and CI/CD systems via the malicious [email protected] release. The attacker exploited a prompt injection vulnerability in the Cline GitHub Actions workflow, stealing a long-lived npm publish token to publish the compromised version. The post-install script silently installed OpenClaw globally, giving it system-level permissions, persistent presence, and potential access to credentials. The package was downloaded roughly 4,000 times over an eight-hour window. No evidence of data exfiltration or additional payloads was found, but OpenClaw’s unauthorized installation posed serious security risks, particularly in CI/CD environments. The attack was mitigated by deprecating [email protected], revoking the token, and releasing [email protected]. The incident highlights critical supply chain security weaknesses and the dangers of AI-driven automation in software workflows. Users are advised to remove OpenClaw and rotate any exposed credentials.

4. Wormable XMRig Campaign Leverages BYOVD and Timed Kill Switch For Stealth

Researchers uncovered a wormable cryptojacking campaign spreading via pirated software to deploy a custom XMRig miner. The malware uses a BYOVD exploit (Bring Your Own Vulnerable Driver) and a time-based logic bomb to evade detection and boost Monero mining efficiency by 15–50%. At the core is Explorer.exe, a persistent state machine that switches roles—installer, watchdog, payload manager, cleaner—based on command-line arguments. Payloads, including the miner, watchdogs, and a vulnerable driver (WinRing0x64.sys), are embedded in the binary, decompressed to hidden files, and disguised as legitimate software. A circular watchdog ensures the miner restarts if terminated, even killing Windows Explorer to maintain activity. The malware also spreads via USB drives, copying itself and creating malicious shortcuts. A kill switch set for December 23, 2025, triggers cleanup, suggesting a limited operational window. The campaign highlights evolving malware tactics, combining social engineering, worm-like propagation, kernel-level exploitation, and AI-like persistence to create a resilient, high-performance cryptojacking botnet.