Cyber Threats surge as AI tools expose data 🚨. New vendor CVE spikes and cloud actor tracking reshape defenses 🤖.

Hello, here is your Daily Cybersecurity & AI Threat Intelligence newsletter for 2026-02-10.

Today's headlines

• GreyNoise launches real‑time Vendor CVE and Tag Spike alerts.
• Unit42 uncovers extensive global espionage campaigns exploiting multiple vulnerabilities.
• AI chat agents can inadvertently leak malicious link previews.
• Novel cloud‑log techniques reveal activity of threat groups like Scattered Spider and HAFNIUM.
• VMware introduces vDefend for zero‑trust private cloud protection.

1️⃣ GreyNoise launches Vendor CVE and Tag Spike alerts

Key Points:

• Real‑time detection of spikes in vendor‑issued CVE disclosures.
• Configurable blocklists allow immediate blocking of malicious traffic.
• Early‑warning capability helps prioritize high‑risk vulnerabilities.

Description:

GreyNoise announced new event feeds named Vendor CVE Spike and Tag Spike, which surface sudden increases in traffic related to newly disclosed vulnerabilities. The feeds integrate with existing security stacks, enabling teams to automatically generate blocklists and focus investigation on high‑probability attacks.

Why It Matters:

Important for cybersecurity awareness.

2️⃣ Unit42 reveals global espionage Shadow Campaigns

Key Points:

• State‑linked threat actors target enterprises across multiple sectors.
• Exploited vulnerabilities include SAP Solution Manager, Microsoft Exchange, D‑Link, and Struts2.
• Techniques span remote code execution, SQL injection, and file‑read attacks.

Description:

Unit42's investigation uncovered a series of coordinated espionage operations, dubbed "Shadow Campaigns," that leverage a wide array of software vulnerabilities to gain persistent access. The report lists specific CVEs and attack vectors used by the groups, highlighting their adaptability and focus on high‑value targets.

Why It Matters:

Important for cybersecurity awareness.

 3️⃣ AI agents leak data by previewing malicious links

Key Points:

• AI chat assistants can automatically expand shortened URLs.
• Previewing malicious links may disclose payload details to unintended recipients.
• Highlights need for strict controls on AI content generation within messaging platforms.

Description:

A recent Register article demonstrates that AI agents embedded in messaging apps inadvertently reveal content of malicious URLs when generating previews. The behavior exposes sensitive data and potentially aids attackers by confirming link effectiveness.

Why It Matters:

Important for cybersecurity awareness.

 4️⃣ Unit42 tracks cloud threat actors via logging

Key Points:

• Introduces a methodology to detect actor behavior in cloud service logs.
• Covers groups such as Scattered Spider, HAFNIUM, and the emerging Serpens actor.
• Demonstrates rise of cloud‑native exploitation techniques.

Description:

The Unit42 blog details a novel approach that leverages cloud platform logging (e.g., AWS CloudTrail, Azure Activity Logs) to identify patterns associated with known threat groups. By correlating login anomalies, API misuse, and lateral movement signatures, analysts can pinpoint malicious cloud activity.

Why It Matters:

Important for cybersecurity awareness.

 5️⃣ CISA reports on publicly available tools in incidents

Key Points:

• Catalogues open‑source and commercial tools employed in worldwide cyber incidents.
• Provides guidance for reporting and mitigation through NCCIC resources.
• Emphasizes partnership between public and private sectors for threat intelligence sharing.

Description:

CISA’s advisory lists numerous publicly available hacking tools that have been observed in recent incidents, ranging from credential dumpers to automated scanning frameworks. The document also outlines reporting procedures and points to feedback mechanisms for continuous improvement.

Why It Matters:

Important for cybersecurity awareness.

 6️⃣ Bitdefender uncovers hidden payloads in OpenClaw skills

Key Points:

• Hundreds of malicious OpenClaw AI skills hide among legitimate ones.
• Bitdefender releases a free AI Skills Checker to analyze skill behavior.
• Identifies hidden execution commands, external downloads, and unsafe operations.

Description:

Bitdefender Labs examined the OpenClaw AI skill marketplace and discovered a growing number of skills containing concealed malicious payloads. The research introduces an AI Skills Checker tool that scans skill scripts for red‑flag behaviors before deployment.

Why It Matters:

Important for cybersecurity awareness.

 7️⃣ CrowdStrike details Linux sensor web‑shell defenses

Key Points:

• Falcon Linux sensor can detect sophisticated web‑shell payloads in real time.
• Utilizes behavioral analysis and file integrity monitoring.
• Provides automated containment actions to block lateral movement.

Description:

CrowdStrike’s blog post dives into the capabilities of its Falcon sensor on Linux systems, focusing on advanced detection of web shells that attackers deploy for persistence. The sensor correlates file modifications, process injection patterns, and network traffic anomalies to generate alerts.

Why It Matters:

Important for cybersecurity awareness.

 8️⃣ CrowdStrike earns Gartner Customers’ Choice for EASM

Key Points:

• Recognized as the sole vendor achieving Gartner Customers’ Choice in 2025 for External Attack Surface Management.
• Highlights CrowdStrike’s comprehensive visibility across on‑prem, cloud, and SaaS environments.
• Reinforces the strategic importance of continuous surface monitoring.

Description:

The announcement details how CrowdStrike’s Falcon platform secured the exclusive Gartner Customers’ Choice award for EASM, reflecting strong customer satisfaction and market leadership. The award emphasizes the platform’s ability to discover, prioritize, and remediate external exposures.

Why It Matters:

Important for cybersecurity awareness.

 9️⃣ Android Trojan leverages Hugging Face for RAT payloads

Key Points:

• Malware uses Hugging Face model hosting to deliver RAT payloads to Android devices.
• Identified sample hashes, C2 domains (trustbastion.com, au‑club.top) and IP addresses.
• Demonstrates novel use of AI model repositories in mobile threat supply chains.

Description:

Bitdefender researchers uncovered an Android trojan campaign that stages its malicious payloads on the Hugging Face platform, a service typically used for sharing AI models. The investigation details dropper hashes, command‑and‑control infrastructure, and the evasion techniques employed.

Why It Matters:

Important for cybersecurity awareness.

 🔟 VMware advances zero‑trust private cloud with vDefend

Key Points:

• Introduces vDefend, a lateral movement security solution for private clouds.
• Implements zero‑trust policies that verify every workload interaction.
• Targets threats across multi‑cloud environments and modern application stacks.

Description:

VMware’s security blog outlines the vDefend framework, which extends zero‑trust principles to private cloud infrastructures. The solution enforces micro‑segmentation, continuous authentication, and real‑time threat detection for workloads spanning on‑prem and public clouds.

Why It Matters:

Important for cybersecurity awareness.

Stay vigilant and keep your defenses up.