February 02, 2026

Our analyst team shares a few articles each week in our email newsletter which goes every Thursday. Make sure to register! This blog highlights those articles in order of what was the most popular in our newsletter – what our readers found the most intriguing. Stay tuned for a recap every month. We hope sharing these resources and news articles emphasizes the importance of cybersecurity and sheds light on the latest in threat intelligence.

1. ‘Bad actor’ hijacks Apex Legends characters in live matches – BleepingComputer

Over the weekend of January 09, players in Apex Legends, a battle royale shooter game, reported game disruptions caused by threat actors hijacking characters, disconnecting users, and changing nicknames. Respawn, the publisher of the game, confirmed the security incident claiming “bad actor is able to control the inputs of another player remotely in Apex Legends”. The company does not believe threat actors were able to exploit or infect malware, nor execute code. Read full article.

2. 27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials – The Hacker News

On December 23, 2025 the Socket Threat Research Team announced the discovery of a 5 month long spear-phishing operation that turned 27 npm packages “into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in”. The campaign targeted 25 organizations across the U.S. and Allied nations focusing on manufacturing, industrial automation, plastics, and healthcare. Specializing in focusing on sales and commercial personnel, the operation repurposed npm and package CDN’s “into durable hosting infrastructure, delivering client-side HTML and JavaScript lures that the threat actor embeds directly in phishing pages.” Following initial interaction, the script redirects the browser to threat-actor controlled infrastructure. Article here.

3. Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading – The Hacker News

ReliaQuest’s Threat Research team has discovered a new phishing campaign using private messages to deliver malicious payloads with the intent to deploy remote access trojan (RAT). The attack began with a message sent via LinkedIn that contained a “malicious WinRAR self-extracting archive”. Once opened, the archive extracts four components, mainly a PDF disguised with names that align with the victim’s industry. The final payload attempts to communicate with an external server that can grant persistent remote access. Read more here.

4. Silver Fox Targets Indian Users With Tax-Themed Emails Delivering ValleyRAT Malware – The Hacker News

Recent activity shows Chinese threat actor, Silver Fox, has begun using income tax themed lures to distribute ValleyRAT. The group has focused on Indian entities, using phishing emails containing decoy PDFs claiming to be from India’s Income Tax Department. Opening the attachment leads victims to download files that injects ValleyRAT into the system and communicates with external servers. Read here.

6. North Korea-Linked Hackers Target Developers via Malicious VS Code Projects – The Hacker News

The Contagious Interview campaign, which has been linked to North Korean threat actors, has been observed leveraging a version of Microsoft Visual Studio Code (VS Code) to deploy a backdoor on compromised systems. First discovered in December 2025, the attack involves instructing targets to clone a repository “on GitHub, GitLab, or Bitbucket, and launch the project in VS Code as part of a supposed job assessment.” The overall goal is for payload to run every time a file in the folder is opened, which eventually leads to deployment of malwares like, BeaverTail and InvisibleFerret. Read full article.

7. Hackers claim to hack Resecurity, firm says it was a honeypot – BleepingComputer

Scattered Lapsus$ Hunters (SLH) announced via Telegram that they had breached systems belonging to Resecurity and stole internal data. To prove their claims SLH posted screenshots of the data which revealed communications between employees and Pastebin personnel. Resecurity published a report in December 2025 disputing the claims and stated after identifying threat actor probing activity in November 2025, they deployed a “honeypot” account. The account was in an isolated environment that contained fake information and was being monitored. Read full article.

8. China-linked hackers exploited Sitecore zero-day for initial access – BleepingComputer

The China-linked threat actor UAT-8837 has been observed attempting to compromise North American infrastructure by exploiting both known and zero-day vulnerabilities. The attacks begin with leveraging compromised credentials or by exploiting server vulnerabilities. Recent attacks include zero-day flaw in Sitecore products, CVE-2025-53690. Researchers claim UAT-8837 uses “open-source and living-off-the-land utilities, continually cycling variants to evade detection.” Learn more.

Make sure to register for our weekly newsletter to get access to what our analysts are reading on a weekly basis.