Chrome zero-day exploitation 🌐, LockBit 5.0 multi-platform ransomware πŸ’£, ZeroDayRAT commercial spyware πŸ“±, Apache NiFi authorization bypass πŸ”, LLM side-channel attacks πŸ€–

Daily Threat Intel Digest - 2026-02-17

πŸ”΄ Critical Threats & Active Exploitation

[UPDATE] Chrome zero-day exploited for code execution via malicious webpages
Attackers are actively exploiting CVE-2026-2441, a use-after-free vulnerability in Chrome’s CSS font handling, to achieve arbitrary code execution inside the browser sandbox. Google confirmed in-the-wild exploitation and issued an emergency patch to version 145.0.7632.75/76 for Windows/macOS and 145.0.7632.75 for Linux. The flaw allows attackers to create crafted HTML pages that execute code within the sandbox, enabling credential theft, session hijacking, or chaining with sandbox escapes for full system compromise. Users must update immediately and avoid unsolicited links, especially those leading to suspicious font-heavy content. [Update Chrome now: Zero-day bug allows code execution via malicious webpages]

[NEW] LockBit 5.0 ransomware targets Windows, Linux, and ESXi systems
LockBit has released version 5.0, adding multi-platform support for Linux and ESXi virtualized environments alongside Windows. The variant employs defense evasion techniques like process hollowing and DLL unhooking on Windows, with tailored functions to halt VMware virtual machines during encryption. Encryption uses XChaCha20 symmetric and Curve25519 asymmetric algorithms for speed, appending random extensions to files. Over 60 victims were listed on LockBit’s leak site by late 2025, primarily U.S. businesses across government, healthcare, and education sectors. Organizations should patch systems, segment ESXi environments, and monitor for indicators like SmokeLoader droppers (SHA-256: 1da6525ae1ef83b6f1dc02396ef093372f9ffdfca0fda9b2478d32a54e3069b). [LockBit Ransomware Unleashes Devastating 5.0 Version Targeting Windows, Linux, and ESXi]

[NEW] Washington Hotel ransomware attack disrupts Japanese hospitality chain
Washington Hotel, a major Japanese chain, suffered a ransomware attack on February 13, 2026, starting around 10:00 PM with unauthorized server access. The IT team isolated systems by cutting external links, but business data on multiple servers was encrypted, potentially affecting guest information. Loyalty program data on third-party servers remained secure. No ransomware type or demand details were released, but the attack highlights hospitality vulnerabilities due to operational dependencies on booking/payment systems and lagging basics like MFA and backups. Japanese police and cybersecurity firms are investigating, emphasizing the need for incident response testing and network segmentation. [Washington Hotel Suffers Ransomware Attack, Systems Disrupted]

[NEW] ZeroDayRAT spyware sold openly for real-time Android/iOS surveillance
ZeroDayRAT, a commercial spyware platform available on Telegram since February 2, 2026, enables full device control over Android 5-16 and iOS up to 26, including iPhone 17 Pro. Infection occurs via social engineering (e.g., smishing or fake apps), granting operators web dashboard access to live GPS, camera/microphone feeds, keylogs, SMS interception, and crypto wallet theft. Features include location tracking with Google Maps integration, notification capture, and UPI/banking app overlays. The tool costs as low as $200, putting advanced surveillance within reach of low-skilled attackers and threatening global users. Organizations should enforce mobile security policies and monitor for indicators like unusual app permissions or network traffic to C2 domains (e.g., barbermoo.xyz). [ZeroDayRAT Malware Strikes Android and iOS Devices for Real-Time Spying]

🎯 Threat Actor Activity & Campaigns

[UPDATE] Phobos ransomware associate arrested in Poland
Polish authorities have arrested a 47-year-old suspect linked to the Phobos ransomware operation in the MaΕ‚opolska region, seizing devices containing stolen credentials, credit card numbers, and server access data. The arrest disrupts Phobos’s infrastructure but does not dismantle the entire group, which remains active in deploying ransomware across enterprises. This action highlights ongoing law enforcement pressure against ransomware-as-a-service operations, though affiliates continue to adapt. [Poland arrests suspect linked to Phobos ransomware operation; [Man Linked to Phobos Ransomware Arrested in Poland]

[NEW] LATAM businesses targeted with XWorm via fake financial receipts
A sophisticated campaign is targeting Latin American businesses, particularly in Brazil, using fake financial receipts (e.g., “Comprovante-Bradesco…”) to deliver XWorm RAT. The infection chain starts with a JavaScript dropper using Unicode obfuscation and WMI-based PowerShell execution to avoid detection. Payloads are hidden in Cloudinary-hosted images via steganography, loading filelessly into memory. A .NET persistence module abuses Task Scheduler APIs to register tasks without command-line artifacts, while XWorm injects into CasPol.exe for LOLBIN-based C2 communication. This chain enables credential theft and downstream fraud, requiring detection of PowerShell Cloudinary interactions and CasPol.exe network anomalies. [LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis]

[NEW] Noodlophile malware evolves to job posting phishing scams
Noodlophile infostealer operators have shifted from fake AI video platforms to phishing scams disguised as job postings, skills tests, and applications. Targeting job seekers, students, and marketers, the malware installs Remote Access Trojans and steals credentials/crypto wallets. Technical enhancements include anti-analysis measures like Vietnamese taunts in code to disrupt AI tools, RC4 encryption for command files, and XOR string encoding. Linked to UNC6229, this evolution expands the attack surface beyond tech-savvy users. Defenders should monitor for suspicious job-related lures and implement application controls. [Hackers Evolve Noodlophile Malware Tactics With Job Posting Phishing Scams]

⚠️ Vulnerabilities & Patches

[NEW] Apache NiFi authorization bypass allows privileged component modification
CVE-2026-25903 in Apache NiFi 1.1.0-2.7.2 enables less-privileged authenticated users to modify properties on restricted extension components (e.g., those executing system calls), bypassing authorization checks during updates. This privilege escalation path threatens dataflow platforms in enterprise/cloud environments by allowing data exfiltration or malicious logic injection. NiFi 2.8.0 patches the flaw by reinstating proper checks; interim measures include auditing component changes and restricting role-based access. [Critical Apache NiFi Vulnerabilities Enable Authorization Bypass]

[NEW] LangChain SSRF flaw enables internal infrastructure access
CVE-2026-26019 in @langchain/community ≀1.1.13 affects RecursiveUrlLoader, where weak URL validation using string.startsWith() allows SSRF bypass. Attackers can craft URLs (e.g., https://example.com.attacker.com) to access internal networks or cloud metadata (e.g., AWS 169.254.169.254), risking credential theft. Patched in 1.1.14 with robust URL origin checks and private IP blocking; developers must upgrade immediately or isolate untrusted crawling. [LangChain Community Flaw Allows SSRF Bypass to Access Internal Infrastructure]

[NEW] Mozilla Firefox fixes heap buffer overflow in libvpx
CVE-2026-2447, a high-severity heap buffer overflow in Firefox’s libvpx library affecting VP8/VP9 video processing, allows arbitrary code execution via malicious webpages or rigged videos. Firefox 147.0.4, ESR 140.7.1, and ESR 115.32.1 patch the flaw. Though no widespread exploits are confirmed, remote exploitation risks make urgent updates essential, especially for media-heavy browsing. [Mozilla Firefox v147.0.3 Released With Fix for Critical Heap Buffer Overflow Vulnerability]

πŸ›‘οΈ Defense & Detection

[NEW] Infostealers now target OpenClaw AI configurations for identity theft
Malware campaigns are exfiltrating OpenClaw AI agent configurations (e.g., openclaw.json, device.json), which contain emails, tokens, and private keys enabling total system takeover. Attackers use broad grab-bag routines to steal files with .openclaw extensions, then abuse gateway tokens or keys to access cloud services or logs as the victim. Hudson Rock predicts custom parsers will emerge, requiring monitoring for unauthorized access to AI workspace files and revocation of exposed tokens. [Hackers Target OpenClaw Configurations To Steal Login Credentials]

[NEW] ClickFix variant “Matryoshka” evades detection with nested obfuscation
Matryoshka, a new ClickFix variant for macOS, uses typosquatted domains (e.g., comparisions.org) to redirect users to malicious shell commands. The payload employs two-stage obfuscation: Base64/gzip decoding in-memory and an API-gated loader that suppresses output. It steals passwords via fake System Preferences prompts and targets crypto wallets like Trezor/Ledger by modifying apps. Defenders should detect typosquatting domains, unusual osascript execution, and staging files in /tmp/. [Clickfix Variant β€˜Matryoshka’ Deployed To Steal Data From macOS Systems]

[NEW] Side-channel attacks expose LLM conversations and sensitive data
Research reveals three side-channel techniques against LLMs: timing attacks on inference efficiency (e.g., distinguishing medical vs. coding topics with 90% precision), speculative decoding exploitation, and “Whisper Leak” inferring topics from packet sizes/timings. These methods bypass TLS encryption to leak PII or conversation themes across 28 models. Mitigations like packet padding reduce but do not eliminate risks; providers should implement metadata hardening. [Side-Channel Attacks Against LLMs]

πŸ“‹ Policy & Industry News

[NEW] European Parliament blocks AI features over security concerns
The European Parliament has disabled built-in AI features (e.g., writing assistants, summarizers) on corporate devices due to cloud-based processing risks that could expose classified data to external servers. The move targets iOS/Android tools, restricting data transmission while allowing standard apps. Officials cite threats like prompt injection and supply chain attacks, urging staff to disable AI scanning on personal devices. This aligns with prior bans (e.g., TikTok in 2023) and may influence global AI governance. [European Parliament Blocks AI Features on Corporate Devices Over Cybersecurity Concerns]

[NEW] Cellebrite linked to Kenyan activist’s phone hacking
Citizen Lab found forensic evidence suggesting Kenyan authorities used Cellebrite technology to extract data from activist Boniface Mwangi’s phone after his July 2025 arrest. The incident, involving unauthorized access without password requirements, highlights Cellebrite’s global abuse risk despite ethics claims. Cellebrite defended its vetting processes but did not directly address the case. [Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone]

⚑ Quick Hits