Hunting Lazarus: Inside the Contagious Interview C2 Infrastructure
In early January 2026, during routine vetting of a cryptocurrency project sourced via Upwork, Red Asgard’s threat research team discovered all three. The contractor—using a fake identity—had embedded malware in a legitimate-looking code repository. What followed was a five-day investigation into active Lazarus Group infrastructure. This article documents what we found.
Source: Red Asgard

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence (AI) Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0. It has been codenamed BodySnatcher by AppOmni. “This issue […] could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform,” the company said in an advisory released Monday.
Source: The Hacker News

Cisco Fixes AsyncOS Zero-Day Exploited since November
Cisco has finally patched a maximum-severity Cisco AsyncOS zero-day exploited in attacks against Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances since November 2025. As Cisco explained in December, when it disclosed the vulnerability (CVE-2025-20393), it affects only Cisco SEG and Cisco SEWM appliances with non-standard configurations when the Spam Quarantine feature is enabled and exposed on the Internet.
Source: BleepingComputer

LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive (“US now deciding what’s next for Venezuela.zip”) containing a malicious DLL that’s launched using DLL side-loading techniques. It’s not known if the campaign managed to successfully compromise any of the targets.
Source: The Hacker News

WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking
A vulnerability in the Google Fast Pair implementation of Bluetooth audio accessories can be exploited to force connections to attacker-controlled devices, academic researchers warn. The critical-severity issue is tracked as CVE-2025-36911 and exists due to a logic error in the key-based pairing code, where devices fail to check if they are in pairing mode. Google Fast Pair enables fast pairing and account synchronization with Bluetooth accessories such as earbuds, headphones, and speakers, all with a single tap. The Fast Pair specification states that the pairing procedure should only be performed if the accessory is in pairing mode, but models from numerous brands do not check the pairing status of the device.
Source: SecurityWeek