Today’s Topics:

• SolarWinds Web Help Desk Exploitation Leads to Full Domain Compromise Scenarios
• OpenClaw Moves to Contain Malicious Skills With VirusTotal Scanning
• How can Netizen help?

SolarWinds Web Help Desk Exploitation Leads to Full Domain Compromise Scenarios

Security researchers have confirmed active exploitation of internet-exposed SolarWinds Web Help Desk (WHD) instances as part of a multi-stage intrusion chain that progressed from unauthenticated access to lateral movement and, in at least one case, domain-level compromise. The activity was observed by Microsoft during investigations into intrusions that occurred in December 2025 and targeted systems running vulnerable WHD deployments.

What makes this campaign difficult to pin down is the overlap between multiple high-severity vulnerabilities present on affected hosts at the time of compromise. Microsoft noted that impacted systems were simultaneously exposed to newly disclosed flaws, including CVE-2025-40551 and CVE-2025-40536, as well as an earlier issue, CVE-2025-26399. All three vulnerabilities affect SolarWinds Web Help Desk and include paths to unauthenticated access or remote code execution. Given that the attacks predated full remediation efforts, investigators could not reliably attribute initial access to a single CVE.

The technical risk profile across these flaws is consistent. CVE-2025-40536 enables a security control bypass that permits unauthenticated access to restricted WHD functionality. CVE-2025-40551 and CVE-2025-26399 both stem from unsafe deserialization of untrusted data, creating a direct path to remote code execution within the application context. Once exploited, attackers were able to execute arbitrary commands without valid credentials, effectively turning an exposed help desk portal into a foothold inside the network.

The severity of this exposure was reinforced when Cybersecurity and Infrastructure Security Agency added CVE-2025-40551 to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Federal Civilian Executive Branch agencies were instructed to apply patches by February 6, 2026, underscoring the urgency tied to internet-facing deployments of WHD.

Post-exploitation activity followed a pattern SOC teams will recognize. After gaining execution inside the WHD service, attackers spawned PowerShell and leveraged Background Intelligent Transfer Service to retrieve and execute payloads. From there, they introduced legitimate remote management tooling associated with Zoho ManageEngine. This choice allowed the attackers to blend into normal administrative activity and maintain long-term access using software that would not immediately raise alarms in many environments.

With persistence established, the intrusion moved laterally. Microsoft observed enumeration of sensitive domain users and privileged groups, including Domain Admins, alongside attempts to establish reverse SSH access and RDP sessions. In one case, the attackers attempted to create a scheduled task that launched a QEMU virtual machine under the SYSTEM account at startup. That approach provided a concealed execution environment while exposing SSH access through port forwarding, reducing on-host visibility.

Credential theft activity was also confirmed. On selected hosts, attackers abused DLL side-loading by invoking wab.exe, a legitimate Windows Address Book executable, to load a malicious sspicli.dll. This technique enabled LSASS memory dumping without deploying custom loaders or noisy exploit frameworks. In at least one intrusion, the activity escalated to a DCSync attack, allowing the attackers to impersonate a domain controller and request password hashes directly from Active Directory.

Taken together, the tradecraft reflects a disciplined intrusion rather than opportunistic exploitation. The attackers relied on exposed services, trusted binaries, and low-noise persistence instead of custom malware families. A single unpatched, internet-accessible application was sufficient to progress from initial access to domain-wide impact.

For defenders, the lesson is straightforward. SolarWinds Web Help Desk instances should not be exposed without strict access controls and continuous monitoring, and all available patches must be applied promptly. Environments should be reviewed for unauthorized RMM tooling, privileged credentials should be rotated following any suspected compromise, and affected systems should be isolated to prevent further lateral movement. Detection efforts need to focus on behavior rather than signatures, especially where living-off-the-land techniques and legitimate administrative tools are involved.

OpenClaw Moves to Contain Malicious Skills With VirusTotal Scanning

OpenClaw, the open-source agentic automation platform formerly known as Moltbot and Clawdbot, has announced a partnership with VirusTotal aimed at curbing the spread of malicious skills inside its ClawHub marketplace. The change introduces automated malware scanning for every skill uploaded to the registry, a move that follows weeks of scrutiny after researchers uncovered large numbers of weaponized skills circulating under the guise of legitimate tooling.

According to OpenClaw maintainers, every skill published to ClawHub is now hashed using SHA-256 and checked against VirusTotal’s existing dataset. If no prior match exists, the skill bundle is uploaded for deeper inspection using VirusTotal’s Code Insight analysis. Skills that receive a benign verdict are approved automatically. Skills flagged as suspicious are published with warnings, and those classified as malicious are blocked outright. OpenClaw has also begun re-scanning all active skills daily, an attempt to catch cases where a previously clean package later turns hostile.

The company has been clear that this step is defensive rather than definitive. VirusTotal scanning reduces risk, but it does not close the door on prompt-based abuse or logic that only becomes harmful once interpreted by a model at runtime. Prompt injection hidden inside otherwise harmless-looking skills remains a concern, particularly where the payload is designed to activate only after chaining multiple tool calls or consuming untrusted input.

The announcement lands against a backdrop of sustained security findings around the OpenClaw ecosystem. Multiple independent analyses have shown that malicious ClawHub skills often impersonate routine utilities while quietly exfiltrating data, planting backdoors, or staging follow-on payloads from paste sites and public repositories. In several cases, cloned skills were re-published at scale with small name changes, allowing them to persist even after takedowns.

The underlying issue is structural. OpenClaw operates as an automation engine that can interact with local systems, cloud services, messaging platforms, and smart devices. Skills extend that reach. Once installed, they inherit broad access to data and execution paths, often without clear separation between user intent and machine action. As Cisco recently warned, agents with system access can function as silent data-leak channels that bypass conventional monitoring and prevention controls, while prompts themselves become execution logic that traditional tools struggle to inspect.

This risk has been amplified by OpenClaw’s rapid adoption. The platform’s popularity, along with Moltbook, a related social network where autonomous agents interact with each other, has pushed agent security into what researchers describe as the “lethal trifecta”: autonomous execution, untrusted inputs, and privileged access. Together, those elements turn convenience into exposure. Integrations that make agents useful also expand the set of inputs they trust, creating space for indirect prompt injection, data theft, and unauthorized command execution.

OpenClaw has acknowledged these trade-offs directly. Skills can control smart homes, handle financial data, manage files, and broker communications. That same capability allows abuse if a skill is malicious or manipulated. Several reports have demonstrated zero-click and one-click scenarios where crafted documents, web pages, or messages trigger prompt injections that lead to backdoors, credential access, or silent outbound connections. In other cases, credentials and API keys stored in plaintext were exposed through logs or model output.

Enterprise environments face an added problem. OpenClaw agents are increasingly appearing on employee endpoints without formal approval, often installed because they are genuinely useful. Once present, they may operate with elevated privileges, open network listeners, or maintain persistent workspaces outside normal controls. Researchers tracking exposed instances have observed tens of thousands of internet-reachable gateways, a reminder that default configurations and convenience settings often outpace security review. Measurements from Censys suggest that many of these deployments remain accessible from public networks, even if tokens are required to interact with them.

Against that context, VirusTotal integration is a necessary baseline rather than a finish line. OpenClaw has indicated plans to publish a formal threat model, a public security roadmap, clearer reporting channels, and the results of a full codebase audit. Those steps matter, particularly for a platform that relies heavily on the underlying language model to make security-relevant decisions and defaults to broad system access unless users explicitly enable isolation features.

The larger takeaway extends beyond OpenClaw. Skill marketplaces for agent platforms resemble app stores and extension registries on the surface, but the blast radius is much wider. A malicious browser extension compromises a browser. A malicious agent skill can compromise every system, service, and dataset that agent can reach. Regulators and defenders are beginning to react accordingly. Chinese authorities have already issued alerts around misconfigured OpenClaw deployments, focusing on exposure rather than banning the technology outright.

Agent frameworks are not going away. They will continue to show up inside organizations, sanctioned or otherwise. The real question is whether teams can see them, constrain them, and monitor how they behave. VirusTotal scanning helps reduce obvious abuse, but the harder problem remains: controlling autonomous software that interprets language, acts on behalf of users, and operates across trust boundaries that security teams are only beginning to map.

How Can Netizen Help?

Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

Today’s Topics:

• Notepad++ Supply Chain Attack Quietly Pushed Malicious Updates to Select Users in 2025
• Moltbook and the Real Security Risks Behind the AI “Bot Network” Hype
• How can Netizen help?

Notepad++ Supply Chain Attack Quietly Pushed Malicious Updates to Select Users in 2025

The maintainer of the open-source text editor Notepad++ has confirmed that attackers were able to abuse the project’s update process to deliver malicious software to users for several months during 2025. The activity ran from roughly June through December and was limited to a narrow set of targets rather than the broader user base.

In a blog post, Notepad++ developer Don Ho said the activity appears consistent with a state-linked operation tied to China, based on analysis from outside security researchers. The limited scope of the infections stood out early, with only specific organizations affected instead of a wide, noisy campaign that would normally accompany commodity malware distribution.

Notepad++ has been around for more than twenty years and is installed on millions of systems worldwide. It is commonly used by developers, system administrators, and technical staff, which makes it a valuable foothold for espionage-focused actors interested in quietly accessing sensitive environments rather than maximizing infection numbers.

The campaign was first uncovered by security researcher Kevin Beaumont, who reported that the attackers successfully compromised a small group of organizations with interests connected to East Asia. In those cases, users installed a tampered version of Notepad++, giving the attackers direct, interactive access to victim machines rather than limited beacon-style persistence.

Ho said the investigation into the original server compromise is still ongoing, but he outlined how the attack functioned once access was gained. At the time, the Notepad++ website was hosted on a shared server. The attackers focused on the project’s web domain and exploited a vulnerability that allowed certain update requests to be redirected to infrastructure controlled by the attackers. Users who manually checked for updates were silently served malicious packages instead of legitimate releases.

That behavior continued until the vulnerability was patched in November. The attackers’ access was fully terminated in early December. Server logs show at least one failed attempt to reuse a patched flaw after the fix was deployed, suggesting the remediation held.

Ho apologized to users and advised anyone running older versions to update immediately. The current release removes the vulnerable behavior and restores the integrity of the update path.

Moltbook and the Real Security Risks Behind the AI “Bot Network” Hype

A newly launched platform called Moltbook has attracted outsized attention after viral claims that artificial intelligence agents are forming religions, inventing private languages, and openly discussing the elimination of humanity. From a security perspective, those claims miss the point. The more relevant issue is that Moltbook represents an early example of loosely governed agentic systems being deployed at scale, with limited safeguards and unusually broad access to user environments.

Moltbook went live on January 28 and describes itself as a social network built exclusively for AI agents. The site resembles a stripped-down forum platform where bots can post, reply, and interact with one another. Human users are restricted to observation. Since launch, Moltbook claims to have surpassed 1.5 million registered agents, a figure that has helped fuel speculation about emergent AI behavior and autonomous coordination.

Public reaction has amplified the spectacle. High-profile figures including Elon Musk and Andrej Karpathy have commented on the apparent self-organizing activity of the bots, framing it as either an early signal of advanced machine intelligence or a striking demonstration of complex agent behavior. Those interpretations rely heavily on screenshots circulating on social media rather than verifiable system behavior.

Security researchers examining the platform have offered a more restrained assessment. Moltbook agents are not independent entities. They are built using OpenClaw, an open-source agent framework that connects a large language model to a user’s local system. Each agent operates under human-defined prompts and constraints, and its output can be shaped directly by its owner. Several widely shared Moltbook posts alleging secret coordination were later traced back to human-managed accounts or marketing activity. In at least one case, referenced content could not be found on the platform at all.

From a technical standpoint, the bots’ behavior is consistent with how large language models operate under extended interaction. These systems are trained on massive datasets that include forum arguments, speculative fiction, conspiracy content, and role-playing scenarios. Left running with minimal guardrails, they tend to exaggerate narratives and reinforce dramatic themes. That behavior reflects training data and prompting dynamics, not intent or awareness.

The more substantive concern lies in the architecture supporting these agents. OpenClaw-based assistants are designed to perform real actions on behalf of users. To function, they may be granted access to email accounts, encrypted messaging platforms, authentication tokens, and in some configurations, financial or administrative credentials. That design places agent software in a position of significant trust, often without the isolation, auditing, or permission boundaries expected in enterprise automation systems.

Multiple security weaknesses have already been identified within the Moltbook and OpenClaw ecosystem. One flaw allows third parties to take control of agents and post content on behalf of their owners. Another class of issues involves prompt injection, where external input can manipulate an agent into disclosing sensitive information or executing unintended actions. These attack patterns are well understood in security circles and have appeared repeatedly in chatbot plugins, browser copilots, and AI-assisted workflows.

Even proponents of the technology have urged caution. Karpathy publicly advised against running these agents on personal systems, noting that the environment lacks basic safety controls and exposes users to unnecessary risk. That assessment aligns with broader concerns among security teams that agentic AI systems are being deployed faster than their threat models are being developed.

How Can Netizen Help?

Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

Today’s Topics:

• LastPass Warns Users of Active Phishing Campaign Mimicking Maintenance Alerts
• CISA Flags Actively Exploited VMware vCenter Server Flaw in KEV Catalog
• How can Netizen help?

LastPass Warns Users of Active Phishing Campaign Mimicking Maintenance Alerts

LastPass is warning customers about an active phishing campaign that impersonates the service and attempts to steal users’ master passwords by posing as routine maintenance notifications. The activity appears to have started around January 19, 2026, and relies on urgency and familiar branding to pressure recipients into acting quickly.

The phishing emails claim that infrastructure maintenance is imminent and instruct users to create a local backup of their password vault within a 24-hour window. Several subject lines have been observed, including “LastPass Infrastructure Update: Secure Your Vault Now,” “Protect Your Passwords: Backup Your Vault (24-Hour Window),” and “Important: LastPass Maintenance & Your Vault Security.” The messages are crafted to look legitimate and direct recipients to a fake page hosted on cloud infrastructure, which then redirects to a spoofed domain designed to capture credentials.

According to LastPass, the emails route victims through URLs hosted on Amazon S3 buckets before landing on domains that visually resemble official LastPass web properties. The company stressed that it will never request a user’s master password under any circumstance and does not require immediate action through email prompts. LastPass stated that it is working with external partners to dismantle the malicious infrastructure behind the campaign.

The phishing messages were sent from several suspicious sender addresses, including support@sr22vegas[.]com and multiple variants using “lastpass[.]server” domains. These addresses are not associated with legitimate LastPass operations. A spokesperson from the company’s Threat Intelligence, Mitigation, and Escalation team told The Hacker News that the campaign relies on a manufactured sense of urgency, a tactic frequently seen in credential-harvesting attacks aimed at end users.

At the time of disclosure, LastPass said it did not know how many customers had been targeted and reported no evidence suggesting successful account compromise. Attribution has proven difficult due to the use of commonly available hosting services, though the activity pattern and wide targeting are consistent with financially motivated cybercriminal groups rather than a focused intrusion set.

An updated advisory issued on January 22, 2026, noted a new wave of phishing emails that reuse the same maintenance narrative but rotate infrastructure after earlier domains were taken offline. Newly observed phishing sites include systems-resources.s3.eu-west-3.amazonaws[.]com/sSvLaIvIEm5iMal and security-lastpass[.]com, paired with revised subject lines such as “Critical: Please Backup Your LastPass Vault Before Maintenance” and “LastPass Server Maintenance: Backup Recommended.”

This campaign follows earlier warnings from LastPass about unrelated malware activity that targeted macOS users through fake GitHub repositories distributing trojanized software posing as the password manager. The company continues to encourage users to report suspicious emails and reiterates a single rule that remains constant: any message requesting a master password is malicious by definition.

CISA Flags Actively Exploited VMware vCenter Server Flaw in KEV Catalog

Cybersecurity and Infrastructure Security Agency has added a critical security flaw affecting VMware vCenter Server to its Known Exploited Vulnerabilities catalog after confirming active exploitation. The issue, tracked as CVE-2024-37079 and rated 9.8 on the CVSS scale, impacts Broadcom-managed VMware environments and was originally patched in June 2024.

The vulnerability stems from a heap overflow in the implementation of the DCE/RPC protocol. An attacker with network access to a vCenter Server instance could trigger remote code execution by sending a specially crafted packet, creating a direct path to full system compromise. The flaw was addressed by Broadcom alongside CVE-2024-37080, a related heap overflow in the same protocol handler that also allows remote code execution.

The issues were discovered and reported by researchers Hao Zheng and Zibo Li from QiAnXin LegendSec. During a security conference presentation in April 2025, the researchers explained that these bugs were part of a broader cluster of four vulnerabilities within the DCE/RPC service, consisting of three heap overflows and one privilege escalation flaw. The remaining two vulnerabilities, CVE-2024-38812 and CVE-2024-38813, were patched by Broadcom in September 2024.

The researchers demonstrated that one of the heap overflow vulnerabilities could be chained with the privilege escalation flaw, CVE-2024-38813, to obtain unauthorized remote root access. That chain ultimately allows full control of underlying ESXi hosts, escalating the impact from management-plane compromise to hypervisor-level takeover.

Details on real-world exploitation remain limited. The method of abuse, the actors involved, and the scope of observed attacks have not been publicly disclosed. Broadcom has since updated its advisory to confirm confirmed in-the-wild exploitation, stating that it has information indicating CVE-2024-37079 has already been abused outside of controlled research settings.

Following its inclusion in the KEV catalog, Federal Civilian Executive Branch agencies are now required to remediate the flaw by updating to a fixed version no later than February 13, 2026. The directive reinforces ongoing concerns around delayed patching in virtualization infrastructure, where vCenter often holds broad administrative reach across enterprise environments.

How Can Netizen Help?

Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.