Cynalysis Cyber Watch

APT28 Exploits Zero-Day Vulnerabilities: The Russia-linked group APT28 exploited the MSHTML zero-day vulnerability (CVE-2026-21513) before Microsoft issued a patch, emphasizing the urgency for organizations to monitor and apply updates promptly.

ClawJacked Vulnerability in OpenClaw: The "ClawJacked" flaw allowed malicious websites to brute-force access to OpenClaw AI agents, demonstrating how attackers are increasingly targeting AI technologies for data theft.

Shift in Ransomware Dynamics: Reports indicate that while ransomware attacks surged by 50% in 2025, the total revenue decreased by 28% as organizations increasingly refuse to pay ransoms, potentially due to the increased risks associated with such payments.

ClawJacked Vulnerability: This high-severity flaw in OpenClaw allows attackers to hijack AI agents via malicious websites, posing a significant risk to data integrity.

APT37's Ruby Jumper Campaign: North Korean APT37 utilized Zoho WorkDrive for command and control, indicating a novel approach to targeting air-gapped systems.

Exploitation of Chrome's Gemini Live Assistant: A vulnerability allowed malicious extensions to hijack Chrome’s AI assistant, raising concerns about user data protection.

Immediate Patch Management: Organizations must prioritize patching critical vulnerabilities like CVE-2026-21513 to mitigate exploitation risks from threat actors like APT28.

Strengthen AI Security Protocols: Implement robust security measures around AI systems, especially in light of vulnerabilities like ClawJacked that can lead to data theft.

Educate on Ransomware Risks: Companies should enhance their awareness programs regarding ransomware, emphasizing the dangers of paying ransoms and the benefits of incident response planning.