Daily Security Briefing #153
- DjediTech
- Security , Newsletter
- February 2, 2026
Table of Contents
February 2, 2026 | Read Online
Microsoft Office zero-day exploits and malware delivery, PeckBirdy hackers abuse LOLBins, OpenClaw AI instances expose personal data, and more…
Executive Summary
The past day has seen a surge in cybersecurity threats. Microsoft’s recently patched Office vulnerability has been exploited by multiple groups, including APT28 and Russian hackers, to deliver advanced malware payloads. Meanwhile, PeckBirdy hackers have been using living-off-the-land binaries (LOLBins) to deploy modular backdoors across various execution environments. Additionally, over 21,000 OpenClaw AI instances have been found exposing personal configuration data due to insecure deployment practices. Furthermore, a new GlassWorm attack has been discovered targeting macOS systems via compromised OpenVSX extensions.
Top Articles
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Rapid7 Labs has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America. Our investigation identified a security incident stemming from a sophisticated compromise of the infrastructure hosting Notepad++.
rapid7.com | BleepingComputer |
Zero-Day in Microsoft Office Enables Stealthy Malware Infections
Microsoft disclosed a critical zero-day vulnerability in Office products on January 26, 2026, tracked as CVE-2026-21509. The vulnerability enables attackers to deploy sophisticated malware through malicious document files, targeting government organizations and critical infrastructure.
gbhackers.com | BleepingComputer |
Hackers Actively Exploit Microsoft Office Zero-Day to Deliver Malware
UAC-0001, widely tracked as APT28 and attributed to Russian military intelligence, deployed advanced malware payloads through weaponized documents exploiting CVE-2026-21509 within hours of Microsoft’s public disclosure.
Over 21,000 OpenClaw AI Instances Found Exposing Personal Configuration Data
A security incident has been discovered in the rapidly expanding AI assistant ecosystem, with over 21,000 publicly accessible OpenClaw instances found running on the Internet without adequate security protections.
Please Don’t Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang, Scattered Lapsus ShinyHunters (SLSH), has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families.
krebsonsecurity.com | Krebs on Security |
2nd February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 2nd February, please download our Threat Intelligence Bulletin.
checkpoint.com | Check Point Research |
New GlassWorm attack targets macOS via compromised OpenVSX extensions
A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.
bleepingcomputer.com | BleepingComputer |
Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.
bleepingcomputer.com | BleepingComputer |
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments.
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, exposing users to new supply chain risks.
thehackernews.com | The Hacker News
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link.
thehackernews.com | The Hacker News
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.