We open this weekly recap with a critical alert regarding the active exploitation of a Microsoft Office Zero-Day, CVE-2026-21509. According to CERT-UA, the Russian-linked group APT28 has integrated this flaw into phishing campaigns targeting Ukrainian administrations and several EU nations, utilizing a complex infection chain involving WebDAV and the Covenant post-exploitation framework. In a simultaneous blow to software supply chains, the official update mechanism for Notepad++ was hijacked by the state-sponsored actor Violet Typhoon to distribute malware. While threats against productivity tools rise, Mozilla is pivoting toward privacy by announcing that Firefox 148 will allow users to centrally disable all generative AI features.

The infrastructure landscape faced significant pressure this week as the CISA issued a binding operational directive requiring federal agencies to retire all End-of-Life (EoL) equipment within 12 months, citing their role as persistent entry points for Edge-based attacks. Meanwhile, the AISURU botnet shattered global records by launching a hyper-volumetric DDoS attack peaking at 31.4 Tbps, fueled by 2 million compromised Android devices. On the regulatory front, the European Commission warned TikTok of potential fines reaching 6% of its global turnover for violating the Digital Services Act (DSA) through “addictive by design” features, while U.S. authorities successfully seized major piracy domains operated from Bulgaria.

Regarding cyber-extortion, the group Scattered Lapsus ShinyHunters continues to defy traditional ransomware models by combining data theft with physical harassment and social engineering. In Germany, authorities warned of Signal account takeovers targeting high-profile individuals via fraudulent QR code pairing. To counter evolving threats, Microsoft unveiled a new scanner designed to detect backdoors within Large Language Models (LLMs), and the UK’s NCSC provided a strategic reality check on Cloud Security Posture Management (CSPM), emphasizing that while vital, these tools are only one piece of the broader cloud security puzzle.

Sources

Saturday, January 31, 2026

• Clubic – https://www.clubic.com/actualite-598390-data-centers-ce-que-revele-la-premiere-reunion-a-bercy-sur-les-projets-en-cours-et-a-venir-en-france.html
• The Record – https://therecord.media/bulgaria-piracy-sites-streaming-gaming-seized-us
• Unit 42 – https://unit42.paloaltonetworks.com/russian-cyberthreat-2026-winter-olympics/
• CERT Santé – https://cyberveille.esante.gouv.fr/alertes/grafana-cve-2026-21720-2026-01-29
• SANS ISC – https://isc.sans.edu/diary/rss/32668

Sunday, February 1, 2026

• Google TAG – https://blog.google/threat-analysis-group/tag-bulletin-q4-2025/
• CERT-FR – https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0102/
• BleepingComputer – https://www.bleepingcomputer.com/news/security/mandiant-details-how-shinyhunters-abuse-sso-to-steal-cloud-data/
• The Hacker News – https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html

Monday, February 2, 2026

• The Register – https://www.theregister.com/2026/02/02/russialinked_apt28_microsoft_office_bug/
• The Hacker News – https://thehackernews.com/2026/02/notepad-official-update-mechanism.html
• BleepingComputer – https://www.bleepingcomputer.com/news/software/mozilla-will-let-you-turn-off-all-firefox-ai-features/
• SANS ISC – https://isc.sans.edu/diary/rss/32674

Tuesday, February 3, 2026

• Zscaler ThreatLabz – https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
• EFF – https://www.encryptitalready.org/
• Centre canadien pour la cybersécurité – https://www.cyber.gc.ca/fr/alertes-avis/bulletin-securite-kubernetes-av26-078

Wednesday, February 4, 2026

• CERT-FR – https://www.cert.ssi.gouv.fr/cti/CERTFR-2026-CTI-001/
• NCSC – https://www.ncsc.gov.uk/blog-post/cspm-silver-bullet-or-another-piece-in-the-cloud-puzzle
• The Hacker News – https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.html
• CISA – https://www.cisa.gov/news-events/alerts/2026/02/03/cisa-adds-four-known-exploited-vulnerabilities-catalog

Thursday, February 5, 2026

• The Record – https://therecord.media/cisa-gives-federal-agencies-one-year-end-of-life-devices
• The Hacker News – https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.html
• The Register – https://www.theregister.com/2026/02/05/asia_government_spies_hacked_37_critical_networks/
• BleepingComputer – https://www.bleepingcomputer.com/news/security/hackers-compromise-nginx-servers-to-redirect-user-traffic/

Friday, February 6, 2026

• KrebsOnSecurity – https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/
• BleepingComputer – https://www.bleepingcomputer.com/news/security/european-commission-says-tiktok-facing-fine-over-addictive-design/
• BleepingComputer – https://www.bleepingcomputer.com/news/security/germany-warns-of-signal-account-hijacking-targeting-senior-figures/
• CISA – https://www.cisa.gov/news-events/alerts/2026/02/05/cisa-adds-two-known-exploited-vulnerabilities-catalog

Don’t think, patch!

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtenglishedition.substack.com/