Daily Security Briefing #139

January 19, 2026 | Read Online

Pulsar RAT’s memory-only stealth, Google Ads spear-phishing with EndRAT, and critical Windows SMB vulnerability threaten enterprise security…

Executive Summary

Today’s cybersecurity updates underscore growing threats from sophisticated malware campaigns and critical vulnerabilities impacting enterprise environments. Notably, the Pulsar RAT leverages memory-only execution and covert HVNC techniques to evade detection on Windows systems. Meanwhile, a spear-phishing campaign exploits Google Ads infrastructure to distribute EndRAT malware, targeting users with high evasion tactics. Additionally, a severe flaw in Windows SMB client authentication poses a direct risk of full Active Directory compromise, raising urgent concerns for IT defenders. Other notable developments include malicious Chrome extensions targeting HR and ERP platforms and emergent surveillance technologies raising privacy questions. Together, these stories reflect heightened complexity and persistence in cyber threats.

Top Articles

Pulsar RAT Abuses Memory-Only Execution and HVNC for Stealthy Remote Takeover
The Pulsar RAT, an advanced evolution of the open-source Quasar RAT, actively targets Windows systems using sophisticated evasion techniques. This modular remote access trojan employs memory-only loading alongside hidden virtual network computing (HVNC) and cryptocurrency wallet clipping to maintain stealthy, persistent backdoor access. These capabilities allow Pulsar RAT to bypass traditional defenses and remain undetected while performing malicious activities.
GBHackers

New Spear-Phishing Campaign Abuses Google Ads to Deliver EndRAT Malware
Operation Poseidon, attributed to the Konni APT group, weaponizes legitimate Google Ads infrastructure to deliver EndRAT malware through sophisticated spear-phishing. By exploiting ad-click redirection mechanisms within Google’s ecosystem, attackers circumvent traditional email security controls and URL reputation systems, achieving high success in malware distribution. This campaign highlights the creative exploitation of legitimate services for malicious purposes.
CyberPress

Windows SMB Client Vulnerability Exposes Organizations to Full Active Directory Compromise
A critical vulnerability identified as CVE-2025-33073 affects the Windows SMB client authentication process. This flaw, rooted in faulty NTLM reflection handling, allows authenticated attackers to escalate privileges to SYSTEM level and compromise domain controllers. The result can be full takeover of Active Directory forests, representing a significant threat to enterprise networks relying on Windows infrastructure. Immediate patching and mitigation are advised.
GBHackers

Five Malicious Chrome Extensions Target Enterprise HR and ERP Platforms for Full Account Takeover
A coordinated malware campaign involves five Chrome extensions designed to infiltrate enterprise HR and ERP systems such as Workday, NetSuite, and SAP SuccessFactors. These extensions, reaching over 2,300 users, steal authentication tokens and hijack sessions, enabling complete account takeover. They also inhibit incident response efforts, amplifying the risk to organizational operations and data integrity.
CyberPress

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Researchers disclosed a security weakness enabling indirect prompt injection attacks on Google Gemini, bypassing authorization controls. Exploiting this flaw, attackers use Google Calendar invites to extract private data, effectively circumventing privacy protections and exposing sensitive information without direct access. This highlights emerging threats targeting AI-based services and their data privacy measures.
TheHackerNews

Fake Ad Blocker Extension Crashes the Browser for ClickFix Attacks
A malvertising campaign has deployed a fake ad-blocker extension named NexShield on Chrome and Edge browsers. The extension intentionally crashes browsers to facilitate ClickFix attacks, leveraging frequent crashes as part of the attack strategy. Users are warned to remove suspicious extensions promptly to prevent potential exploitation.
BleepingComputer

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
This week’s roundup underscores the thin line between routine updates and serious security incidents. New exploits targeting Fortinet devices, RedLine Clipjack malware activity, and a variety of novel attack methods highlight rapidly evolving threat landscapes driven by AI tools and connected systems. The recap emphasizes the ongoing need for vigilance and adaptive defenses.
TheHackerNews

UK Govt. Warns About Ongoing Russian Hacktivist Group Attacks
The U.K. government issues warnings about persistent denial-of-service attacks by Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations. These disruptive attacks emphasize the continuing geopolitical risks facing public sector technology assets. Increased monitoring and defensive measures are recommended.
BleepingComputer

19th January – Threat Intelligence Report
The latest threat intelligence bulletin reports a significant data breach at Spanish energy company Endesa. Unauthorized access to a commercial platform exposed over one terabyte of sensitive data including IBANs. The report compiles recent high-impact breaches and attack methods, providing valuable insights for cybersecurity teams.
Check Point Research

ChatGPT Health Raises Big Security, Safety Concerns
The rollout of ChatGPT Health promises enhanced data protection but has raised questions regarding security and user safety elements. Concerns focus on the robustness of privacy safeguards amid the sensitive nature of health-related AI applications. Stakeholders are urged to consider security implications closely.
DarkReading

AI-Powered Surveillance in Schools
A report highlights the deployment of AI-powered surveillance in Southern California schools, using facial recognition, behavioral analysis, drones, and audio monitoring to detect threats. This intensifies debates about privacy, ethics, and the potential misuse of surveillance technologies in educational settings.
Schneier on Security

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.