CyberNews: 02/02/2026 Edition

Published by Dunateo on 2026-02-02

Today’s roundup

  • NationStates confirms data breach, shuts down game site
  • Exposed MongoDB instances still targeted in data extortion attacks
  • eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
  • Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
  • Real estate agents in Australia using apps that leave millions of lease documents at risk, digital researcher says
  • Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
  • Android RAT Uses Hugging Face to Host Malware
  • Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

    • Summary

    NationStates, a multiplayer browser-based game, confirmed a data breach and subsequently shut down its website to investigate the security incident. Details regarding the extent of the breach were not immediately provided.

    Automated data extortion attacks are persistently targeting exposed MongoDB instances. A threat actor is demanding low ransoms from affected owners for the recovery of their compromised data.

    The update infrastructure of eScan antivirus, developed by MicroWorld Technologies, suffered a compromise. Unknown attackers utilized this legitimate channel to distribute multi-stage malware to both enterprise and consumer systems.

    A supply chain attack impacted the Open VSX Registry, where threat actors compromised a legitimate developer's account to push malicious updates. On January 30, 2026, four established extensions published under the "oorzc" author were modified to embed GlassWorm malware.

    Millions of personal lease documents in Australia are exposed due to security vulnerabilities found in seven "rent-tech" platforms utilized by real estate agents. A researcher's analysis highlighted that sensitive information from renters and landlords was accessible via online hyperlinks.

    The Russia-linked Fancy Bear hacking group is actively exploiting a new, undisclosed vulnerability in Microsoft Office. CERT-UA has confirmed these cyber-attacks are targeting organizations in Ukraine and the European Union.

    Bitdefender researchers have identified a novel Android malware campaign that utilizes the legitimate artificial intelligence platform Hugging Face for hosting its RAT payload. This method potentially helps the malware evade detection.

    Nation-state attackers successfully hijacked the Notepad++ application's update system by compromising the hosting provider's infrastructure. This incident, active from June to December 2025 and attributed to a likely Chinese state-sponsored group, involved redirecting update traffic to malicious servers.

    Want to dig deeper?

    Cyber Groups

    APT28 IRON TWILIGHT, SNAKEMACKEREL, Swallowtail, Group 74, Sednit, Sofacy, Pawn Storm, Fancy Bear, STRONTIUM, Tsar Team, Threat Group-4127, TG-4127, Forest Blizzard, FROZENLAKE, GruesomeLarch