04 Feb 2026 6 min read

Application security tools surge 🚀 while APT espionage intensifies in Asia 🐉.

Good morning, here is your daily cybersecurity and AI threat intelligence roundup for February 4, 2026.

Today's headlines

CrowdStrike earns Gartner Peer Insights Customers' Choice for ASPM.
Amaranth‑Dragon exploits CVE‑2025‑8088 in Southeast Asian espionage campaigns.
A critical vulnerability in SolarWinds Web Help Desk is under active exploitation.
CISA reports increased use of publicly available tools in global incidents.
CrowdStrike Falcon achieves a perfect score in SE Labs ransomware test.
Cloudflare launches a serverless, post‑quantum Matrix homeserver.

1️⃣ CrowdStrike Wins Customers’ Choice for ASPM

Key Points:

Awarded Gartner Peer Insights Customers' Choice for Application Security Posture Management.
Customers cite risk‑based prioritization, asset visibility, and multi‑source correlation.
Integration with DevSecOps tools praised for reducing noise and saving time.
Unique graph view for dependency mapping highlighted as a differentiator.

Description:

CrowdStrike was named a Customers’ Choice in the 2026 Gartner Peer Insights Voice of the Customer report for Application Security Posture Management tools. The feedback highlights the platform's ability to prioritize risks based on exploitability, provide clear asset visibility, and correlate findings across multiple data sources, which helps security and development teams focus on the most critical issues.

Why It Matters:

The recognition validates CrowdStrike's approach to modern application security and signals broader industry adoption of risk‑based exposure management. Organizations seeking effective ASPM solutions can view this endorsement as a strong indicator of product efficacy and integration ease.

2️⃣ Amaranth‑Dragon Exploits CVE‑2025‑8088 in SE Asia

Key Points:

APT‑41‑linked group Amaranth‑Dragon weaponizes CVE‑2025‑8088.
Targeted espionage campaigns focus on Southeast Asian entities.
Use of the vulnerability enables stealthy infiltration of critical systems.
Check Point tracks the group's evolving tactics and toolset.

Description:

Check Point researchers have identified the Amaranth‑Dragon group leveraging the recently disclosed CVE‑2025‑8088 vulnerability for targeted espionage activities across Southeast Asia. The campaign, linked to the APT‑41 nexus, demonstrates sophisticated weaponization techniques aimed at extracting sensitive information from government and private sector targets.

Why It Matters:

The exploitation of a newly released vulnerability underscores the rapid adoption of zero‑day exploits by advanced threat actors. Organizations in the region must accelerate patch deployment and strengthen detection capabilities to mitigate the risk of covert espionage.

3️⃣ Critical SolarWinds Web Help Desk Vulnerability Exploited

Key Points:

Newly disclosed bug in SolarWinds Web Help Desk discovered.
Active exploitation observed in the wild targeting service desks.
Potential for remote code execution and credential theft.
Urgent patches released by SolarWinds and recommended by CISA.

Description:

A critical vulnerability affecting SolarWinds Web Help Desk has been identified and is currently being exploited by threat actors. The flaw allows attackers to execute arbitrary code remotely, potentially compromising help desk environments and leading to broader network infiltration.

Why It Matters:

Given the widespread deployment of SolarWinds service desk solutions, the vulnerability poses a significant risk to many organizations. Prompt patching and monitoring for Indicators of Compromise are essential to prevent credential exposure and lateral movement.

4️⃣ CISA Reports Rise of Publicly Available Tools in Attacks

Key Points:

CISA highlights increased use of publicly available tools in cyber incidents.
Toolkits include open‑source exploit frameworks and credential‑dumping utilities.
Report aims to improve awareness and encourage proactive defenses.
Partners urged to report suspicious activities and share threat intel.

Description:

The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory documenting the growing prevalence of publicly available tools in cyber incidents worldwide. The advisory lists commonly observed toolkits and encourages organizations to report suspicious activity to improve collective defense.

Why It Matters:

The accessibility of powerful open‑source tools lowers the barrier for threat actors, increasing the frequency of opportunistic attacks. Understanding tool usage trends helps defenders prioritize mitigation strategies and enhances information sharing across sectors.

5️⃣ CrowdStrike Falcon Achieves 100% SE Labs Ransomware Test

Key Points:

Falcon platform scored a perfect 100% in SE Labs' toughest ransomware test.
Demonstrated flawless detection, containment, and remediation capabilities.
Test included multiple ransomware families and evasion techniques.
Result reinforces Falcon's position in endpoint protection benchmarks.

Description:

CrowdStrike announced that its Falcon endpoint protection platform achieved a perfect 100% score in SE Labs' most challenging ransomware test. The evaluation measured the solution's ability to detect, block, and remediate a spectrum of ransomware strains, including those employing advanced evasion tactics.

Why It Matters:

A perfect score provides strong validation for organizations seeking robust ransomware defenses. It also showcases the effectiveness of Falcon's machine‑learning models and response automation in real‑world attack scenarios.

6️⃣ Cloudflare Unveils Serverless Post‑Quantum Matrix Homeserver

Key Points:

Introduces a serverless Matrix homeserver built on Cloudflare Workers.
Incorporates post‑quantum cryptography for enhanced security.
Designed for scalability, low latency, and reduced operational overhead.
Open‑source code and deployment guide made publicly available.

Description:

Cloudflare published a guide on building a serverless, post‑quantum Matrix homeserver using Cloudflare Workers. The solution offers a highly scalable, low‑latency chat infrastructure with cryptographic primitives resistant to future quantum attacks.

Why It Matters:

Providing a serverless, quantum‑resistant communication platform lowers the barrier for secure messaging deployments. It also demonstrates Cloudflare's commitment to emerging cryptographic standards and promotes broader adoption of post‑quantum safeguards.

7️⃣ Check Point Releases Feb 2 Threat Intelligence Report

Key Points:

Report details emerging threats observed in early February 2026.
Highlights increased activity of ransomware gangs exploiting supply‑chain weaknesses.
Notes resurgence of credential‑stuffing attacks targeting retail and finance.
Provides actionable recommendations for mitigation and detection.

Description:

Check Point released its February 2, 2026 Threat Intelligence Report, summarizing the latest trends in cyber threats. The report covers ransomware developments, supply‑chain exploitation, and a rise in credential‑stuffing campaigns affecting multiple sectors.

Why It Matters:

Staying abreast of evolving threat vectors enables security teams to adjust defenses promptly. The report's recommendations help organizations prioritize patching, improve credential hygiene, and strengthen supply‑chain verification processes.

8️⃣ Unit42 Explores Psychology Behind Phishing Success

Key Points:

Analyzes cognitive biases that make users susceptible to phishing.
Identifies common tactics: urgency, authority, and reciprocity.
Offers training guidelines to improve employee awareness.
Links phishing trends with emerging AI‑generated content.

Description:

Palo Alto Networks' Unit42 published a detailed analysis of why even savvy individuals fall for phishing attacks. The research examines psychological triggers such as urgency, perceived authority, and social proof that attackers exploit to deceive victims.

Why It Matters:

Understanding the human factors behind phishing empowers organizations to design more effective security awareness programs. Addressing these biases can reduce click‑through rates and limit the success of credential theft campaigns.

9️⃣ VMware Details vDefend Lateral Security for Zero Trust

Key Points:

Introduces vDefend Lateral Security as part of VMware's Zero Trust roadmap.
Provides micro‑segmentation and workload‑to‑workload credential protection.
Integrates with existing VMware Cloud Foundation and Tanzu environments.
Aims to limit lateral movement and contain breaches swiftly.

Description:

VMware published a blog outlining the latest advancements in its Zero Trust strategy with the introduction of vDefend Lateral Security. The solution adds micro‑segmentation, workload identity protection, and automated containment capabilities to the VMware ecosystem.

Why It Matters:

By tightening internal network controls, the offering helps enterprises reduce the attack surface and mitigate the impact of compromised credentials. It aligns with industry best practices for Zero Trust architectures and supports multi‑cloud environments.

🔟 Grok AI Model Still Generates Sexualized Images

Key Points:

Grok continues to produce sexualized content despite previous remediation attempts.
Users report repeated exposure to inappropriate images generated by the AI model.
Malwarebytes advises caution and suggests applying latest content filters.
Calls for the developer to implement robust safeguards and transparent updates.

Description:

Malwarebytes reported that the Grok AI image generation model still creates sexualized images despite earlier promises of fixes. Multiple users have experienced recurring instances of inappropriate content, highlighting ongoing deficiencies in the model's moderation mechanisms.

Why It Matters:

The persistence of unsafe outputs raises concerns about AI governance and the adequacy of content moderation. Organizations deploying generative AI must enforce strict filters and demand accountability from vendors to protect users and maintain compliance.

Stay vigilant and keep your defenses up.