Daily Security Briefing #156
- DjediTech
- Security , Newsletter
- February 5, 2026
Table of Contents
September 1, 2025 | Read Online
Search ad phishing, Evolving Android malware, Critical unencrypted data & more…
Executive Summary
This day saw a mix of threats and vulnerabilities affecting various platforms. A backdoor in Notepad++ allowed attackers to deliver malware to select users, while a SaaS abuse campaign leveraged trusted platforms for phishing. Ransomware operators used ISPsystem VMs for stealthy payload delivery. Additionally, a critical vulnerability was discovered in the n8n workflow automation platform.
Top Articles
Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next
When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they compromised the hosting infrastructure used to deliver updates, allowing a highly targeted group to selectively distribute a previously undocumented backdoor associated with the Lotus Blossom APT. https://www.rapid7.com/blog/post/tr-chrysalis-notepad-supply-chain-risk-next-steps | BleepingComputer
Backdoor in Notepad++
Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users. Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until September 2. Even then, the attackers maintained credentials to the internal services until December 2, a capability that allowed them to continue redirecting selected update traffic to malicious servers. https://www.schneier.com/blog/archives/2026/02/backdoor-in-notepad.html | Schneier on Security
SaaS Abuse at Scale: Phone-Based Scam Campaign Leveraging Trusted Platforms
This report documents a large-scale phishing campaign in which attackers abused legitimate software-as-a-service (SaaS) platforms to deliver phone-based scam lures that appeared authentic and trustworthy. Rather than spoofing domains or compromising services, the attackers deliberately misused native platform functionality to generate and distribute emails that closely resembled routine service notifications, inheriting the trust, reputation, and authentication posture of well-known SaaS providers. https://blog.checkpoint.com/research/saas-abuse-at-scale-phone-based-scam-campaign-leveraging-trusted-platforms/ | Checkpoint
ShadowSyndicate Leverages Server Transition Technique in Latest Ransomware Attacks
ShadowSyndicate, a sophisticated cybercrime cluster first identified in 2023, has evolved its infrastructure management tactics by implementing a previously unreported server transition technique. This method involves rotating SSH fingerprints across multiple servers to obscure operational continuity. https://gbhackers.com/shadowsyndicate/ | Ghacks
Cyberattackers Use Fake RTO Challan Alerts to Spread Android Malware
Indian users’ trust in government services through a sophisticated Android malware campaign that impersonates Regional Transport Office (RTO) challan notifications. This campaign represents an evolution from previous RTO-themed malware, featuring advanced anti-analysis techniques, a modular three-stage architecture, and a structured backend infrastructure for data collection and remote operations. https://gbhackers.com/fake-rto-challan/ | Ghacks
Critical n8n Vulnerability Enables System Command Execution via Weaponized Workflows
A newly disclosed critical vulnerability in the n8n workflow automation platform could allow attackers to execute arbitrary system commands on servers hosting vulnerable deployments. The flaw, published under advisory GHSA-6cqr-8cfr-67f8 by security researcher csuermann, affects users running n8n versions before 1.123.17 and 2.5.2. https://cyberpress.org/critical-n8n-vulnerability-enables-system-command-execution-via-weaponized-workflows/ | CyberPress
AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
The distributed denial-of-service (DDoS) botnet known as AISURU/Kimwolf has been attributed to a record-setting attack that peaked at 31.4 Terabits per second (Tbps) and lasted only 35 seconds. https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html | The Hacker News
Moxa Switches Vulnerability Allows Attackers to Bypass Authentication
A critical security advisory (MPSA-241409, Version 1.0) addressing a severe vulnerability in multiple industrial Ethernet switches that could allow attackers to bypass authentication controls. https://cyberpress.org/moxa-switches-vulnerability/ | CyberPress
Zendesk spam wave returns, floods users with ‘Activate account’ emails
A fresh wave of spam is hitting inboxes worldwide, with users reporting that they are once again being bombarded by automated emails generated through companies’ unsecured Zendesk support systems. https://www.bleepingcomputer.com/news/security/zendesk-spam-wave-returns-floods-users-with-activate-account-emails/ | BleepingComputer
Ransomware gang uses ISPsystem VMs for stealthy payload delivery
Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider. https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-ispsystem-vms-for-stealthy-payload-delivery/ | BleepingComputer
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. https://thehackernews.com/2026/02/threatsday-bulletin-codespaces-rce.html | The Hacker News
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.