Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Banking and Finance
Smart Cities
Public Sector
Cyber Security Weekly Briefing, 6 February
An ecosystem of autonomous AI capable of attacking, negotiating and expanding without humans is born
HudsonRock has described the emergence of a new and unprecedented threat: a network of autonomous agents driven by the convergence of three elements, OpenClaw (local runtime with persistent memory), Moltbook (coordination network of 900,000 agents) and Molt Road (automated black market for credentials, exploitation skills and 0-day exploits), which form an emerging ecosystem of autonomous AI agents that act without human supervision to perform infiltration, lateral movement, exfiltration and monetisation of security compromises on a global scale, leveraging stolen credentials and infostealer logs as seed to attack high-value targets.
These platforms function as ecosystems where AIs collaborate, share skills, purchase exploits, publish malware disguised as skills, and even reuse ransomware profits to expand capabilities.
Attacks against Ukrainian and European government agencies exploiting CVE-2026-21509
According to CERT-UA, there has been a new wave of attacks targeting Ukrainian government agencies and EU organisations exploiting the Microsoft Office CVE-2026-21509 vulnerability (CVSSv3 7.8 according to Microsoft), a security feature bypass issue that allows an unauthenticated local attacker to bypass security mitigations built into Office if they convince a user to open a malicious document.
The actor, identified as APT28 (Fancy Bear), has distributed spearphishing emails with Word documents that, when opened, exploit the flaw to initiate a WebDAV connection and download additional components. The attack chain leads to the creation of a malicious DLL and an image file with shellcode, followed by modification of a CLSID in the registry and use of a scheduled task (OneDriveHealth) to activate persistence.
Finally, the COVENANT post-exploitation framework is deployed, with C2 communications masked through the legitimate cloud storage service Filen.
Metro4Shell (CVE-2025-11953): active exploitation of React Native Metro server
VulnCheck has observed actual exploitation of the critical CVE-2025-11953 flaw (CVSSv3 9.8 according to JFrog) in Metro development servers used by React Native. The first activity was detected on 21 December 2025, with operational repetitions on 4 and 21 January 2026, indicating sustained real-world use.
The flaw (Metro4Shell) is a system command injection (CWE-78) in Metro's /open-url endpoint, which by default links to external interfaces, allowing unauthenticated remote execution of OS commands (Windows, Linux, and macOS) via POST. The observed attacks used a base64 PowerShell loader that disables Microsoft Defender exclusions, establishes a raw TCP connection with the attacker's infrastructure, and downloads a malicious binary in Rust with basic anti-analysis techniques.
It is recommended to update to React Native Community CLI versions 20.0.0 or higher and segment/restrict access to Metro server.
Critical sandbox escape vulnerability discovered in n8n that allows remote code execution
Pillar Security identified a critical flaw in n8n, CVE-2026-25049 (CVSSv4 9.8 according to GitHub), which allows an authenticated user with permissions to create or edit workflows to escape the expression sandbox. Successful exploitation allows an authenticated user to execute arbitrary commands on the server (RCE), access the file system, and compromise the N8N_ENCRYPTION_KEY.
This facilitates the extraction and decryption of all stored credentials (API keys, OAuth tokens, and database passwords). The flaw is exploited by introducing malicious expressions into workflow parameters that bypass sandbox controls and return to the global Node.js context to invoke dangerous operations.
Among other issues, it is recommended to immediately update to n8n 2.5.2 or higher (1.123.17+) as Endor Labs has published a PoC.
ShinyHunters abuses SSO and vishing to exfiltrate SaaS data
Google has identified malicious activity associated with operations under the ShinyHunters brand, which uses advanced vishing techniques and victim-branded phishing sites to capture single sign-on (SSO) credentials and MFA codes from employees of the targeted company, tricking them into entering these credentials during simulated technical support phone calls.
The attackers register their own devices in the MFA mechanisms after stealing credentials, allowing them to legitimately authenticate and persist on the compromised systems. Once inside, they abuse SSO sessions to access multiple SaaS applications.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
