ThreatsDay Bulletin Overview
Cybersecurity activity this week highlights a trend where attackers are increasingly relying on existing tools and workflows rather than developing new exploits. This shift is characterized by simpler initial entry points but more structured post-compromise activities aimed at long-term persistence.
Notepad RCE via Markdown Links
Microsoft has patched a critical vulnerability (CVE-2026-20841, CVSS score: 8.8) in its Notepad application that could lead to remote code execution. The flaw allows an attacker to exploit the app by tricking users into clicking on malicious links within Markdown files opened in Notepad.
Taiwan Becomes Target of APT Attacks
TeamT5 reported over 173 advanced persistent threat (APT) operations targeting Taiwan in 2025, out of a total of more than 510 attacks globally. The heightened pressure on Taiwan is attributed to its strategic role in geopolitical tensions and the global technology supply chain.
New Node.js Stealer Targets Windows Systems
A new information stealer named LTX Stealer has been identified, targeting Windows systems through a heavily obfuscated Inno Setup installer. The malware conducts large-scale credential harvesting and targets cryptocurrency-related artifacts for exfiltration.
New Information Stealer Emerges: Marco Stealer
A new information stealer called Marco Stealer has been observed, primarily targeting browser data, cryptocurrency wallet information, and files from popular cloud services like Dropbox and Google Drive. The malware uses encrypted strings and Windows APIs to detect anti-analysis tools.
Social Engineering Campaign Targets Telegram Accounts
A new account takeover campaign has been observed abusing Telegram’s native authentication workflows to obtain fully authorized user sessions. Victims are tricked into scanning QR codes or entering their phone numbers on fake web pages, leading to session compromise.
Discord Expands Global Age Checks
Discord has announced plans to require all users globally to verify their ages by sharing video selfies or providing government IDs to access certain content. The company aims to implement an age inference model that runs in the background without always requiring user verification.
GuLoader Evolves with Advanced Evasion Techniques
A new analysis of GuLoader malware reveals it employs polymorphic code and exception-based control flow obfuscation to evade detection. The malware attempts to bypass reputation-based rules by hosting payloads on trusted cloud services like Google Drive and OneDrive.
元記事: https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html