Cybercrime/malcode – Lifeboat News: The Blog

Feb 4
2026

Pushback Works: Adobe Animate Is Not Shutting Down

According to the company’s new announcement, the earlier warning stating that March 1, 2027, would be the application’s final day should now be disregarded, as Adobe is neither discontinuing nor removing access to Adobe Animate, and there is no longer any deadline or date set for when Animate will stop being available.

Going forward, the software will remain accessible to both new and existing users, although Adobe has confirmed that users shouldn’t expect the addition of any new features. Instead, the program will remain in a perpetual “maintenance mode,” meaning Adobe will continue supporting the application and providing regular security updates and bug fixes.

Feb 4
2026

APT28 Uses Microsoft Office CVE-2026–21509 in Espionage-Focused Malware Attacks

APT28 exploited a Microsoft Office flaw to deliver MiniDoor and Covenant Grunt malware in targeted attacks across Ukraine and Eastern Europe.

Feb 3
2026

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.

Feb 3
2026

EScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

Attackers breached eScan antivirus update infrastructure to push malicious updates, deploying persistent malware on enterprise and consumer systems.

Feb 3
2026

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

Open VSX supply chain attack hijacked VS Code extensions delivered GlassWorm malware stealing macOS, crypto, and developer data.

Feb 3
2026

Microsoft to disable NTLM by default in future Windows releases

Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.

NTLM (short for New Technology LAN Manager) is a challenge-response authentication protocol introduced in 1993 with Windows NT 3.1 and is the successor to the LAN Manager (LM) protocol.

Kerberos has superseded NTLM and is now the current default protocol for domain-connected devices running Windows 2000 or later. While it was the default protocol in older Windows versions, NTLM is still used today as a fallback authentication method when Kerberos is unavailable, even though it uses weak cryptography and is vulnerable to attacks.

Feb 3
2026

Microsoft: January update shutdown bug affects more Windows PCs

Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled.

VSM is a Windows security feature that creates an isolated, protected memory region separate from the normal operating system (known as the “secure kernel”), using hardware virtualization that is extremely difficult for malware to access, even after a system compromise.

It protects sensitive credentials, encryption keys, and security tokens from kernel-level malware and pass-the-hash attacks, and it enables security features such as Credential Guard, Device Guard, and Hypervisor-Protected Code Integrity in Windows 10/11 Enterprise editions.

Feb 3
2026

New GlassWorm attack targets macOS via compromised OpenVSX extensions

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

The threat actor gained access to the account of a legitimate developer (oorzc) and pushed malicious updates with the GlassWorm payload to four extensions that had been downloaded 22,000 times.

GlassWorm attacks first appeared in late October, hiding the malicious code using “invisible” Unicode characters to steal cryptocurrency wallet and developer account details. The malware also supports VNC-based remote access and SOCKS proxying.

Feb 3
2026

Malicious MoltBot skills used to push password-stealing malware

More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool’s official registry and on GitHub.

Called skills, the packages pretend to be legitimate tools to deliver malware that steals sensitive data, like API keys, wallet private keys, SSH credentials, and browser passwords.

Originally named ClawdBot and switching to Moltbot and now OpenClaw in under a month, the project is a viral open-source AI assistant designed to run locally, with persistent memory and integrate with various resources (chat, email, local file system). Unless configured properly, the assistant introduces security risks.

Feb 2
2026

Securing the Neural Frontier: Cybersecurity and Privacy Risks in Brain-Computer Interfaces and Neurotechnology

Please see my LinkedIn article: “Securing the Neural Frontier.”

We are poised to witness one of the most significant technological advancements in human history: the direct interaction between human brains and machines. Brain-computer interfaces (BCIs), neurotechnology, and brain-inspired computing have already arrived and need to be secure.

Link.