Google patches first Chrome zero-day of 2026. AI agent frameworks like OpenClaw are now targeted by specialized infostealers. Over 300 malicious browser extensions discovered with 37 million downloads. Meanwhile, CISA is operating at only 38% capacity.
Google has released an emergency patch for the first Chrome zero-day vulnerability of 2026. The arbitrary code execution flaw is being actively exploited.
| Detail | Information |
|---|---|
| CVE | CVE-2026-2441 |
| Type | Arbitrary Code Execution |
| Severity | CRITICAL |
| Status | Actively exploited in the wild |
| Fix | Chrome 145 — Update now |
CVE-2026-1731: Critical unauthenticated remote code execution in BeyondTrust Remote Support. Exploitation began within 24 hours of PoC release.
CISA has ordered all federal agencies to patch within 3 days. If you use BeyondTrust, this is your top priority.
Security researchers have identified that 83% of all Ivanti EPMM exploitation attempts come from a single threat actor. CVE-2026-1281 and CVE-2026-1340 continue to be actively exploited.
This concentrated attack pattern suggests a highly organized operation — patch and monitor urgently.
Security researchers have documented the first known malware specifically targeting OpenClaw and similar AI agent frameworks. The malware steals:
This is a significant development. As agentic AI assistants become mainstream, they're becoming high-value targets. Organizations using AI frameworks should:
Three new ClickFix variants discovered this week show rapid evolution:
| Variant | Technique | Target |
|---|---|---|
| DNS-Based (NEW) | Uses nslookup to retrieve PowerShell payloads |
Windows |
| Pastebin Comments | Malicious JavaScript hijacks Bitcoin transactions | Crypto users |
| Claude LLM Artifacts | Abuses AI-generated artifacts via Google Ads | macOS |
The DNS-based technique is particularly concerning — it's the first known use of DNS as a payload delivery channel for ClickFix campaigns, deploying "ModeloRAT" malware. Microsoft has issued a warning.
Security researchers have identified over 300 malicious browser extensions with a combined 37 million downloads. These extensions leak data, steal personal information, and track users.
Notable example: The "CL Suite" extension targets Meta Business Suite users, stealing 2FA TOTP codes and Business Manager credentials.
| Organization | Records | Details |
|---|---|---|
| Odido (Dutch telecom) | 6 million | Names, addresses, phone numbers |
| Eurail B.V. | Unknown | Traveler data now for sale on dark web |
| Canada Goose | 600K | ShinyHunters — personal + payment data |
| LVMH (Vuitton/Dior/Tiffany) | 5.5M | $25M fine in South Korea |
Due to the DHS shutdown that began February 14, CISA is currently operating with only 888 of 2,341 staff. This significantly reduces federal cybersecurity oversight at a critical time.
Organizations should not rely on federal threat intelligence being as timely during this period. Increase internal monitoring and subscribe to commercial threat feeds.
A new malware framework called VoidLink has been identified, operated by threat actor UAT-9921 (active since 2019):
| Metric | Value |
|---|---|
| Active zero-days | 2 (Chrome, BeyondTrust) |
| Major breaches | 4 |
| Records exposed | 12M+ |
| Fines issued | $25M |
| Malicious extensions | 300+ |
| Extension downloads | 37M |
| CISA capacity | 38% |
AI-powered vulnerability management with 332,660+ CVEs indexed.
Start Free ScanStay secure. Stay vigilant.
🗡️ KENSAI Security Team