Today’s roundup
Google fixes first actively exploited Chrome zero-day of 2026
Canada Goose investigating as hackers leak 600K customer records
Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
Pastebin comments push ClickFix JavaScript attack to hijack crypto swaps
New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft
Odido Breach Impacts Millions of Dutch Telco Users
Japanese sex toys maker Tenga discloses data breach
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Summary
Google has released emergency updates for its Chrome browser to address CVE-2026-2441, a high-severity use-after-free zero-day vulnerability in CSS. This flaw, discovered by Shaheen Fazim on February 11, 2026, is actively exploited in the wild, allowing remote code execution via crafted HTML pages. Updates are available for Windows, Mac, and Linux.
The data extortion group ShinyHunters claims to have stolen and leaked over 600,000 Canada Goose customer records, including personal and payment information. Canada Goose states the data appears linked to past transactions and reports no evidence of a breach on its internal systems.
Microsoft has disclosed a new variant of the ClickFix social engineering attack, utilizing DNS queries for malware staging. Threat actors now trick users into running `nslookup` commands to retrieve a PowerShell payload, marking the first known use of DNS as a channel in these campaigns.
A malware campaign is actively abusing Google Groups and Google-hosted URLs to spread Lumma Stealer infostealing malware and a trojanized "Ninja Browser." CTM360 reports over 4,000 malicious Google Groups and 3,500 URLs are involved in this credential theft operation targeting Windows and Linux systems.
Threat actors are leveraging Pastebin comments to deploy a novel ClickFix-style JavaScript attack aimed at cryptocurrency users. This method tricks victims into executing malicious JavaScript, enabling the attackers to hijack Bitcoin swap transactions and redirect funds to their own wallets.
Cybersecurity researchers have identified a new mobile spyware platform named ZeroDayRAT, actively advertised on Telegram. This spyware facilitates real-time surveillance and sensitive data theft from both Android and iOS devices, with developers providing dedicated sales and support channels.
Dutch telecommunications provider Odido has announced a significant data breach impacting more than six million of its customers. Specific details regarding the compromised customer data or the attack vector involved were not immediately provided by the company.
Japanese sexual wellness company Tenga has disclosed a data breach resulting from a hacker gaining access to an employee's professional email account. This unauthorized access potentially exposed customer names, email addresses, order details, and customer service inquiries.
ReversingLabs has uncovered malicious npm and PyPI packages tied to a fake job recruitment campaign, "graphalgo," attributed to North Korea's Lazarus Group. The sophisticated, modular operation targets JavaScript and Python developers with cryptocurrency-themed lures, delivering a remote access Trojan that checks for crypto wallets.
Want to dig deeper?
Vulnerabilities
Cyber Groups
| Lazarus Group | Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Diamond Sleet |
Malware Families