{"id":210408,"date":"2026-02-05T07:57:00","date_gmt":"2026-02-05T12:57:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/05\/codespaces-rce-asyncrat-c2-byovd-abuse-ai-cloud-intrusions-15-stories\/"},"modified":"2026-02-05T14:35:07","modified_gmt":"2026-02-05T19:35:07","slug":"codespaces-rce-asyncrat-c2-byovd-abuse-ai-cloud-intrusions-15-stories","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/05\/codespaces-rce-asyncrat-c2-byovd-abuse-ai-cloud-intrusions-15-stories\/","title":{"rendered":"Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions &#038; 15+ Stories"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/threatsday-bulletin-codespaces-rce.html\">Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions &#038; 15+ Stories<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/threatsday-bulletin-codespaces-rce.html\">https:\/\/thehackernews.com\/2026\/02\/threatsday-bulletin-codespaces-rce.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-05 07:57:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Feb 05, 2026<\/span><\/span><span class=\"p-tags\">Cybersecurity \/ Hacking News<\/span><\/p>\n<p>This week didn\u2019t produce one big headline. It produced many small signals \u2014 the kind that quietly shape what attacks will look like next.<\/p>\n<p>Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That\u2019s the point. Entry is becoming less visible while impact scales later.<\/p>\n<p>Several findings also show how attackers are industrializing their work \u2014 shared infrastructure, repeatable playbooks, rented access, and affiliate-style ecosystems. Operations are no longer isolated campaigns. They run more like services.<\/p>\n<p>This edition pulls those fragments together \u2014 short, precise updates that show where techniques are maturing, where exposure is widening, and what patterns are forming behind the noise.<\/p>\n<ol class=\"td-timeline\" role=\"list\">\n<li class=\"td-item\">\n<span class=\"td-punch\">Startup espionage expansion<\/span><\/p>\n<p class=\"td-desc\">In a sign that the threat actor has moved beyond government targets, the Pakistan-aligned APT36 threat actor has been observed targeting India&#8217;s startup ecosystem, using ISO files and malicious LNK shortcuts using sensitive, startup-themed lures to deliver Crimson RAT, enabling comprehensive surveillance, data exfiltration, and system reconnaissance. The initial access vector is a spear-phishing email carrying an ISO image. Once executed, the ISO contains a malicious shortcut file and a folder holding three files: a decoy document, a batch script that acts as the persistence mechanism, and the final Crimson RAT payload, disguised as an executable named Excel. &#8220;Despite this expansion, the campaign remains closely aligned with Transparent Tribe&#8217;s historical focus on Indian government and defense-adjacent intelligence collection, with overlap suggesting that startup-linked individuals may be targeted for their proximity to government, law enforcement, or security operations,&#8221; Acronis said.<\/p>\n<\/li>\n<li class=\"td-item\">\n  <span aria-hidden=\"true\" class=\"td-dot\"\/><\/p>\n<p>    <span class=\"td-punch\">Shared cybercrime&#8230;<\/span><\/li>\n<\/ol>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/threatsday-bulletin-codespaces-rce.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions &#038; 15+ Stories https:\/\/thehackernews.com\/2026\/02\/threatsday-bulletin-codespaces-rce.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":210409,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjYa_2XB7ryXippAp9zUFVo52pAx1ApwoiVUwGxURxVTNIji0VO33VdciwulLXVslQ90-eSYknrIr8KSJMDEjC2uHK92e1Iin45YEI3IN5LvHAp5AJif7FqHJ-hsZ_WlmiOlXemsLpQWZ5KBSvKKZGoQ6AqePah4TWVcwbu2aFAKgugkK6SA8YglMDW5kUx\/s1600\/threatsday-main.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,25,34],"class_list":["post-210408","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-phishing","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210408"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=210408"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210408\/revisions"}],"predecessor-version":[{"id":210410,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210408\/revisions\/210410"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/210409"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=210408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=210408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=210408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}