Foxit Patches Critical XSS Vulnerabilities in PDF Editor Cloud and eSign Foxit Software has addressed multiple cross-site scripting (XSS) vulnerabilities in its Foxit PDF Editor Cloud and Foxit eSign platforms, mitigating risks of arbitrary JavaScript execution in user browsers. The flaws, stemming from insufficient input validation and improper output encoding, could allow attackers to inject malicious scripts via crafted file attachments, layer names, or URL parameters. The primary vulnerabilities CVE-2026-1591 and CVE-2026-1592 affect Foxit PDF Editor Cloud, enabling script injection through the File Attachments list and Layers panel. Both carry a Moderate severity rating (CVSS 6.3) and require user interaction, such as opening a maliciously crafted PDF or layer configuration. Exploitation could lead to session token theft, data exfiltration, or redirection to malicious sites, posing heightened risks in enterprise environments where PDF workflows are prevalent. A separate XSS flaw, CVE-2025-66523 (CVSS 6.1), impacts Foxit eSign, arising from improper handling of URL parameters in specially crafted links. This vulnerability could facilitate privilege escalation and cross-domain data theft within eSign workflows. Foxit released patches on February 3, 2026 (PDF Editor Cloud) and January 15, 2026 (eSign), implementing stricter input validation and output encoding. Updates are deployed automatically, though organizations are advised to verify their systems are running the latest versions. The company’s security team encourages vulnerability reporting via [email protected] and provides updates through its [security advisory page](https://www.foxit.com/security-advisories).

Cybersecurity Roundup: Trust Abuse, AI Risks, and Supply Chain Attacks Dominate Threat Landscape This week’s cybersecurity developments highlight a growing trend: attackers are increasingly exploiting trusted systems AI platforms, software updates, messaging apps, and open-source ecosystems to bypass security controls. Below are the key incidents and trends shaping the threat landscape. ### AI and Open-Source Ecosystems Under Siege OpenClaw, an open-source AI agent framework, has partnered with Google’s VirusTotal to scan uploaded "skills" (AI extensions) for malware, following discoveries of malicious components in its ClawHub marketplace. Researchers warn that AI agents’ broad permissions, persistent memory, and user-controlled configurations create risks like prompt injection, data exfiltration, and supply chain attacks. Trend Micro reported threat actors on Exploit.in discussing OpenClaw for botnet operations, while Veracode noted a surge in typosquatted "claw" packages on npm and PyPI from zero in early 2026 to over 1,000 by February. Meanwhile, MoltBook, an AI-driven social platform built on OpenClaw, faces scrutiny after Simula Research Laboratory identified 506 prompt injection attacks, social engineering exploits, and unregulated cryptocurrency activity comprising 19.3% of its content. The platform’s autonomous AI agents, which interact without human oversight, raise concerns about data privacy and manipulation risks. Security firm Pillar Security detected active scanning of exposed OpenClaw gateways (port 18789), with attackers bypassing AI layers to target the WebSocket API directly for authentication bypasses and command execution. Censys identified 21,639 exposed OpenClaw instances as of January 2026, underscoring the framework’s outdated trust model lacking encryption-at-rest and containerization. ### Supply Chain Attacks: Trusted Updates as Malware Vectors A sophisticated supply chain attack targeted Notepad++ between June and December 2025, where threat actors redirected its WinGUp updater to malicious servers. Despite losing access to a compromised hosting provider in September, attackers reused stolen credentials to maintain control until December. The campaign, attributed to Lotus Blossom, exploited weak update verification in older Notepad++ versions, demonstrating how legitimate domains can become malware distribution hubs. Similarly, Docker’s AI assistant (Ask Gordon) was found vulnerable to remote code execution (RCE) via DockerDash, a flaw in its Model Context Protocol (MCP) Gateway. Attackers could embed malicious instructions in Docker image metadata, which the AI assistant executed without validation. Docker patched the issue in version 4.50.0 (November 2025). ### State-Sponsored Threats and High-Profile Targets Germany’s BfV and BSI issued a joint advisory warning of state-sponsored phishing attacks via Signal, exploiting the app’s PIN and device-linking features to hijack accounts. Targets included high-ranking officials, military personnel, diplomats, and journalists across Germany and Europe. In Ukraine, the government implemented a Starlink terminal verification system after confirming Russian forces were using the technology on attack drones. Only registered devices are now permitted to operate in the country. ### DDoS, Botnets, and Emerging Attack Techniques The AISURU/Kimwolf botnet set a record with a 31.4 Tbps DDoS attack in November 2025, lasting just 35 seconds. Cloudflare mitigated the attack, which was part of a broader campaign ("The Night Before Christmas") starting in December. Overall, DDoS attacks surged 121% in 2025, averaging 5,376 mitigated attacks per hour. Researchers also uncovered 54 malicious npm packages using EtherHiding, a technique leveraging Ethereum smart contracts to fetch C2 servers, complicating takedown efforts. The malware targets Windows systems with 5+ CPUs, employing sandbox evasion, COM hijacking, and system profiling. ### Linux Threats and Post-Exploitation Frameworks Cyble discovered ShadowHS, a fileless Linux post-exploitation framework that runs entirely in memory, prioritizing stealth and long-term control. The framework includes modules for credential access, lateral movement, privilege escalation, and data exfiltration, with aggressive defensive tooling enumeration to avoid detection. ### Ransomware, Dark Markets, and Legal Actions - INC Ransomware suffered a setback after Cyber Centaurs breached its backup server, helping 12 victims recover data. The group, active since 2023, had listed over 100 victims on its leak site. - Rui-Siang Lin, administrator of the Incognito Market darknet drug marketplace, was sentenced to 30 years in prison for facilitating $105 million in narcotics sales to over 400,000 users. - Xinbi, a Telegram-based illicit marketplace, processed $17.9 billion in transactions, outlasting competitors like Haowang and Tudou Guarantee, which saw declines of 100% and 74%, respectively. ### Critical Vulnerabilities and Exploits Notable CVEs disclosed this week include: - CVE-2026-25049 (n8n) - CVE-2026-0709 (Hikvision Wireless Access Point) - CVE-2026-23795 (Apache Syncope) - CVE-2026-1591/1592 (Foxit PDF Editor Cloud) - CVE-2026-24512 (ingress-nginx) - Multiple CVEs in Django, Google Chrome, Cisco, TP-Link, F5 BIG-IP, and Arista NG Firewall Additionally, XBOW uncovered two Insecure Direct Object Reference (IDOR) flaws in Spree (CVE-2026-22588/22589), allowing unauthorized access to user address data. ### Microsoft’s AI Backdoor Scanner Microsoft developed a scanner to detect hidden backdoors in open-weight AI models, addressing risks for enterprises relying on third-party large language models (LLMs). The tool identifies three key indicators: 1. Attention shifts when a hidden trigger is present. 2. Leakage of poisoned training data. 3. Partial triggers still activating malicious responses. The scanner extracts memorized content from models and ranks suspicious substrings as potential triggers. ### Conclusion This week’s incidents underscore a shift in attacker tactics exploiting trust in ecosystems, AI workflows, and supply chains rather than relying on traditional malware. As threats evolve, organizations must monitor integrations, verify updates, and secure AI deployments to mitigate risks from both state-sponsored actors and cybercriminals.

The California Office of the Attorney General reported a data breach involving Foxit Software on September 3, 2019. Unauthorized access to user account data potentially exposed users' names, email addresses, company names, phone numbers, passwords, and IP addresses, though no credit card or payment information was compromised.

Netherlands-based Fox-IT, one of the world's leading IT security providers was targeted by the cyber attack after an unknown attacker carried out a Man-in-the-Middle (MitM) attack and spied on a small number of Fox-IT customers. The company's domain name was taken over by an attacker, who then used it to sign up for an SSL certificate under Fox-name. IT's . Fox-IT also moved rapidly to alert affected clients and reset passwords that had been captured but were useless due to the usage of two-factor authentication by Fox-IT. The business added that the majority of the intercepted files did not include critical information, and none of the files were tagged as secret.