Ethical Hacking News
Malicious campaigns involving malware loaders, software vulnerabilities, and social engineering tactics are targeting global systems, highlighting the ongoing need for robust cybersecurity measures.
Malicious campaigns have been spotted compromising global systems, including those used by governments, businesses, and individuals.The "New Loaders Fuel Stealer Campaigns" uses RenEngine and Foxveil malware loaders to deliver next-stage payloads and deploy information stealers called ACR Stealers.A critical vulnerability has been disclosed in Google Looker, which could be exploited by an attacker to fully compromise a Looker instance.Malicious actors are exploiting vulnerabilities in networking infrastructure, such as the "Trojanized 7-Zip Spreads Proxyware" campaign.AI-generated tools are being used by threat actors to expand their reach and capabilities, including the "0APT Victim Claims Questioned" campaign.Weaknesses in telnet traffic have been exploited, with a critical flaw in the GNU InetUtils telnet daemon allowing for authentication bypass.New malware campaigns, such as the "Node.js Stealer" and "LTX Stealer," are emerging to target Windows systems and conduct large-scale credential harvesting.Threat actors are using social engineering tactics to compromise Telegram accounts through native authentication workflows.
The digital landscape continues to evolve at an unprecedented rate, with threat actors continually seeking ways to exploit vulnerabilities in systems, networks, and software. In recent months, a variety of malicious campaigns have been spotted, compromising the security of global systems, including those used by governments, businesses, and individuals.
One such campaign that has garnered significant attention is the "New Loaders Fuel Stealer Campaigns," which involves the use of RenEngine and Foxveil malware loaders. These loaders have been used to deliver next-stage payloads, with the ultimate goal of deploying information stealers called ACR Stealers. According to Cyderes, the attackers behind these malicious loaders are attempting to mimic normal application behavior by embedding a modular, stealth-focused second-stage loader inside legitimate Ren'Py launchers. This makes it more challenging for security professionals to detect and remove the malware.
Another critical vulnerability has been disclosed in Google Looker, which could be exploited by an attacker to fully compromise a Looker instance. The vulnerabilities, tracked as CVE-2025-12743, are related to remote code execution (RCE) chains via Git hook overrides and authorization bypass flaws via internal database connection abuse. Successful exploitation of these flaws could allow an attacker to run arbitrary code on the Looker server, potentially leading to cross-tenant access and exfiltration of sensitive data.
In addition to vulnerabilities in software, malicious actors are also exploiting vulnerabilities in networking infrastructure. The "Trojanized 7-Zip Spreads Proxyware" campaign involves the use of fake installers for the 7-Zip file archiver tool to drop a proxy component that enrolls infected hosts into a residential proxy node. This allows third parties to route traffic through the victim's IP address while concealing their own origins.
AI-generated tools are also being used by threat actors to expand their reach and capabilities. The "0APT Victim Claims Questioned" campaign involves the use of an AI-powered data leak site, which appears to be falsely claiming that it has breached over 200 victims within a span of a week. However, further analysis has determined that the victims are largely fabricated generic company names and recognizable organizations that have not been breached.
Furthermore, threat actors are also taking advantage of weaknesses in telnet traffic. According to GreyNoise, global Telnet traffic was abruptly collapsed on January 14, 2026, six days before a security advisory for CVE-2026-24061 went public. The vulnerability is related to a critical flaw in the GNU InetUtils telnet daemon that could result in an authentication bypass.
New malware campaigns are also emerging, including the "Node.js Stealer" and "LTX Stealer," which target Windows systems and conduct large-scale credential harvesting from Chromium-based browsers. Another malicious campaign, "Marco Stealer," has been spotted targeting browser data, cryptocurrency wallet information, files from popular cloud services, and other sensitive files stored on the victim's system.
Lastly, threat actors are also using social engineering tactics to compromise Telegram accounts. A new account takeover campaign involves abusing Telegram's native authentication workflows to obtain fully authorized user sessions.
In conclusion, the global digital landscape continues to face numerous security threats, with malicious actors continually seeking ways to exploit vulnerabilities in systems, networks, and software. It is essential for organizations and individuals to remain vigilant and take proactive measures to protect themselves against these emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Malware-Campaigns-and-Vulnerabilities-Target-Global-Systems-ehn.shtml
Published: Wed Feb 18 17:10:31 2026 by llama3.2 3B Q4_K_M
