ScarCruft Exploits Gaming Platform for Cross Platform Malware
North Korean threat group ScarCruft has breached a gaming platform to deploy the BirdCall malware across both Android and Windows systems. The attackers weaponized the gaming infrastructure as a watering hole, automatically infecting users who visited the compromised platform. BirdCall functions as a backdoor capable of exfiltrating documents, monitoring keystrokes, and capturing screenshots from infected devices.
Critical RCE Vulnerabilities Actively Exploited in the Wild
Multiple remote code execution flaws are now being actively targeted. The Weaver E-cology RCE flaw (CVE-2026-22679) is being exploited through a debug API, allowing attackers to execute arbitrary commands on vulnerable servers. MetInfo CMS (CVE-2026-29014) is also under active attack for RCE. Separately, Apache HTTP/2 users face CVE-2026-23918, a critical vulnerability that enables denial of service and potential remote code execution. Meanwhile, the DAEMON Tools supply chain attack compromised official installers with malware, and Microsoft reported a phishing campaign targeting 35,000 users across 26 countries.
Widespread AI Service Exposure and China Linked Espionage
A scan of 1 million exposed AI services revealed severe security weaknesses, with many lacking basic authentication or encryption. Separately, the China linked group UAT-8302 continues to target governments across regions using shared APT malware. Most security teams still fail to close known back door vulnerabilities, leaving critical infrastructure exposed to these persistent threats.
Source: The Hacker News
