🛡️ Gartner ASPM win, ransomware test triumphs, and new exploit waves 🌐
Hello, here is your Daily Cybersecurity & AI Threat Intelligence update for February 4, 2026.
Today's headlines
- CrowdStrike earns Gartner Customers’ Choice for Application Security Posture Management.
- Amaranth‑Dragon APT exploits the newly patched WinRAR CVE‑2025‑8088 in Southeast Asia.
- SolarWinds Web Help Desk vulnerability is actively exploited in the wild.
- CrowdStrike Falcon achieves a perfect 100% score in SE Labs ransomware testing.
- CISA reports widespread abuse of publicly available hacking tools across incidents.
1️⃣ CrowdStrike Wins Gartner Customers’ Choice for ASPM 🚀
Key Points:
- Customers praise risk‑based prioritization and reduced alert noise.
- Seamless integration with existing DevSecOps pipelines.
- Graph view of dependencies highlighted as a unique capability.
- Adoption spans travel, banking, and IT services sectors.
Description:
CrowdStrike was named a Customers’ Choice in the 2026 Gartner Peer Insights Voice of the Customer report for Application Security Posture Management (ASPM) tools. The vendor’s platform received high marks for its ability to prioritize risks based on exploitability, provide clear asset visibility, and correlate findings from multiple sources, delivering a concise view of security priorities.
Why It Matters:
The recognition validates CrowdStrike’s ASPM solution as a market leader, encouraging enterprises to adopt tools that streamline vulnerability management and reduce operational overhead, which is crucial as application environments become increasingly complex.
2️⃣ Amaranth‑Dragon Exploits CVE‑2025‑8088 in SE Asia Espionage 🎯
Key Points:
- APT group linked to China weaponizes the WinRAR CVE‑2025‑8088 flaw.
- Campaign targets government and industrial entities in Southeast Asia.
- Stealthy infrastructure limits exposure to selected victim regions.
- Malicious RAR archives deliver arbitrary code execution payloads.
Description:
Check Point researchers identified Amaranth‑Dragon, an evolution of the APT‑41 nexus, weaponizing the recently disclosed CVE‑2025‑8088 vulnerability in WinRAR. The group distributes malicious RAR files that, when opened, execute code and establish persistence, focusing on high‑value targets in Southeast Asian nations.
Why It Matters:
The rapid exploitation of a newly patched zero‑day underscores the speed at which threat actors adopt vulnerabilities, highlighting the need for immediate patch deployment and vigilant monitoring of file‑based attack vectors.
3️⃣ Critical SolarWinds Web Help Desk Vulnerability Under Exploit ⚠️
Key Points:
- A critical flaw in SolarWinds Web Help Desk is being actively scanned.
- Potential for remote code execution affecting managed service providers.
- Advisories recommend immediate patching and network segmentation.
- Incident aligns with increased targeting of ITSM platforms.
Description:
The Register reports that a critical vulnerability in SolarWinds Web Help Desk is currently being probed by threat actors. The bug could allow unauthenticated attackers to execute arbitrary code on affected systems, posing a risk to organizations that rely on the platform for ticketing and remote support.
Why It Matters:
Given SolarWinds’ widespread use, exploitation could lead to large‑scale compromise of service desk environments, emphasizing the importance of timely remediation and defensive layering around privileged access tools.
4️⃣ Falcon Achieves 100% Rating in SE Labs Ransomware Test 🏆
Key Points:
- CrowdStrike Falcon detected and blocked all ransomware samples in SE Labs test.
- Test emulated sophisticated multi‑stage ransomware attacks.
- Results demonstrate robust endpoint detection and response (EDR) capabilities.
- Provides assurance for enterprises seeking high‑confidence protection.
Description:
CrowdStrike announced that its Falcon platform scored a perfect 100% in the most challenging ransomware simulation conducted by SE Labs. The test included a range of modern ransomware families and evasion techniques, all of which were successfully identified and mitigated by Falcon.
Why It Matters:
Achieving a flawless score reinforces Falcon’s credibility as a leading EDR solution, helping organizations justify investments in advanced endpoint protection amid rising ransomware threats.
5️⃣ CISA Highlights Abuse of Open‑Source Tools in Global Incidents 🔧
Key Points:
- Publicly available hacking tools were observed in numerous incidents worldwide.
- Common tools include credential‑dumpers, scanners, and ransomware kits.
- Advisory urges organizations to monitor tool usage and enforce strict controls.
- Provides a framework for reporting and mitigating tool‑based attacks.
Description:
The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory documenting the proliferation of publicly available tools used in cyber incidents across the globe. The report lists specific utilities that adversaries leverage to gain footholds, exfiltrate data, and deploy ransomware.
Why It Matters:
Understanding which open‑source tools are weaponized helps defenders prioritize detection signatures and harden environments against common attack primitives, reducing the attack surface.
6️⃣ ScanBox Deployed via Watering‑Hole Campaigns 🕵️
Key Points:
- APT TA423 uses compromised news sites to deliver the ScanBox JavaScript keylogger.
- Targets include Australian organizations and offshore energy firms in the South China Sea.
- ScanBox captures keystrokes and exfiltrates reconnaissance data.
- Campaign demonstrates refined watering‑hole tactics with tailored lures.
Description:
ThreatPost details a watering‑hole operation attributed to APT group TA423 that plants the ScanBox JavaScript‑based keylogger on compromised websites. Victims are redirected to malicious scripts that silently record keystrokes and send the data to the attackers’ command‑and‑control servers.
Why It Matters:
The use of a JavaScript keylogger in watering‑hole attacks expands the threat landscape beyond traditional binaries, highlighting the need for web‑traffic monitoring and strict content security policies.
7️⃣ Check Point February 2 Threat Intel Summary 📊
Key Points:
- Increase in ransomware‑as‑a‑service activity observed across Europe.
- Notable resurgence of APT groups targeting supply‑chain vendors.
- Emerging AI‑generated phishing campaigns show higher success rates.
- Recommendations include zero‑trust adoption and enhanced email security.
Description:
Check Point’s 2 February threat intelligence report outlines current trends, including a surge in ransomware‑as‑a‑service operations, renewed activity from supply‑chain focused APT groups, and the rise of AI‑powered phishing attempts that evade traditional filters.
Why It Matters:
The report provides actionable insights that enable security teams to adjust defenses, prioritize threat hunting, and implement mitigations against evolving adversary techniques.
8️⃣ Psychology Behind Successful Phishing Attacks 🧠
Key Points:
- Human cognitive biases such as authority and scarcity are exploited.
- Social engineering tactics increase click‑through rates among educated users.
- Training programs that address mindset reduce phishing susceptibility.
- Metrics show that even tech‑savvy professionals fall for well‑crafted lures.
Description:
Unit42 explores the psychological factors that make phishing effective, detailing how attackers leverage authority, urgency, and social proof to manipulate recipients. The analysis includes case studies of high‑profile phishing incidents and recommendations for behavior‑focused awareness training.
Why It Matters:
Understanding the human element behind phishing enables organizations to design more effective training and technical controls, thereby reducing the risk of credential compromise.
9️⃣ VMware vDefend Boosts Zero‑Trust Lateral Security 🔐
Key Points:
- vDefend provides continuous monitoring of east‑west traffic in private clouds.
- Detects lateral movement attempts using machine‑learning baselines.
- Integrates with existing VMware security stacks for unified policy enforcement.
- Early adopters report reduced dwell time and faster incident response.
Description:
VMware’s blog post outlines how the vDefend solution extends zero‑trust principles to private cloud workloads, offering real‑time detection of anomalous lateral movements. The tool leverages behavioral analytics to flag suspicious activity and automatically enforces micro‑segmentation policies.
Why It Matters:
As attackers increasingly pivot within compromised environments, vDefend’s capabilities help organizations limit blast radius and contain breaches before data exfiltration occurs.
🔟 Amaranth‑Dragon Leverages WinRAR Flaw for Espionage 📂
Key Points:
- Group distributes malicious RAR files exploiting CVE‑2025‑8088 shortly after disclosure.
- Targeted countries include Southeast Asian nations with high‑value government assets.
- Attack chain establishes persistence and remote code execution on victim machines.
- Stealthy command‑and‑control infrastructure limits detection opportunities.
Description:
The Hacker News reports that China‑linked Amaranth‑Dragon has been exploiting the WinRAR vulnerability CVE‑2025‑8088 to deliver malicious archives. The campaign’s payload gains execution rights and maintains persistence, focusing on espionage objectives across Southeast Asian targets.
Why It Matters:
The swift weaponization of a newly disclosed flaw highlights the urgency for organizations to apply patches immediately and monitor for suspicious archive activity as part of their defense‑in‑depth strategy.
Stay vigilant and keep your defenses up.
Member discussion