February 9, 2026 Cyber Threat Intelligence Briefing

kroll logo
Kroll
Feb 9, 2026
Kroll

This week’s briefing covers:

00:00 – Intro

00:52 [VULNERABILITY] New, Trending Critical Vulnerabilities Update
Critical vulnerabilities (CVSS 9) that are trending, have been reportedly exploited or have had a proof of concept (POC) released in the past week. It is recommended that affected products are patched, or mitigations are put in place to reduce the risk of exploitation.

02:16 [AI] Security Vulnerabilities in OpenClaw AI Agent
OpenClaw (formerly known as Clawdbot and Moltbot) is an open-source autonomous AI agent that has rapidly gained popularity, earning 149,000 stars on its GitHub repository within its first few months.

06:41 [THREAT ACTOR ACTIVITY] KTA007 (APT28) Observed Exploiting CVE-2026-21509
Following our earlier reporting on CVE 2026 21509, new intelligence confirms that the Russia aligned state actor KTA007 (APT28 / UAC 0001 / Fancy Bear) is now actively exploiting this Microsoft Office security feature bypass vulnerability across several coordinated campaigns.

10:21 [MALWARE] KTA529 Compromises Notepad++ Infrastructure to Deploy CHRYSALIS Backdoor
Threat group KTA529 (also known as Lotus Blossom, Spring Dragon, Billbug and Thrip) compromised Notepad++ hosting infrastructure between June and December 2025, intercepting update traffic to deliver a previously undocumented backdoor named CHRYSALIS.

13:49 [RANSOMWARE] FBI Seizes RAMP Ransomware Forum
In late January 2026, the FBI seized RAMP, a major Russian-language cybercrime forum that billed itself as “the only place ransomware allowed.” Both its Clearnet and Tor domains were taken over and now display official seizure notices.

Dive deeper:

Kroll’s Monthly Threat Intelligence Spotlight Report: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/cti-spotlight-trends-report

Kroll’s Q4 2024 Cyber Threat Landscape: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports/q4-2024-threat-landscape-report-phishing

Kroll’s 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era: https://www.kroll.com/Reports/Cyber/Threat-Intelligence-Reports/Threat-Landscape-Report-Lens-on-Crypto

Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: https://www.youtube.com/playlist

Kroll Cyber Blog: https://www.kroll.com/en/insights/cyber

Kroll Cyber Threat Intelligence: https://www.kroll.com/en/services/cyber/threat-intelligence-services

Kroll Threat Intelligence Reports: https://www.kroll.com/en/reports/cyber/threat-intelligence-reports

Kroll Responder MDR: https://www.kroll.com/en/services/cyber/kroll-responder

#krollcyber #threatintelligence #cyberthreats

Copyright © 2026 OpsMatters™. All rights reserved.