Daily Briefing for 02.10.26

Top stories.

• New commodity mobile spyware targets iOS and Android devices.
• Threat actors are exploiting SolarWinds Web Help Desk flaws.
• US sentences fugitive foreign national to twenty years for role in crypto scams.

New commodity mobile spyware targets iOS and Android devices.

Researchers at iVerify have published a report on a new mobile spyware platform dubbed "ZeroDayRAT" that's being peddled on Telegram. The malware targets Android and iOS devices, and is delivered by tricking users into downloading Trojanized apps. Once installed, the malware can collect all data, notifications, and messages sent to and from the device. The attacker can also track the live location of the device and its location history, as well as activate the front and back cameras, microphone, and screen recording functionality.

iVerify notes, "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware panel. From that panel, an operator gains full remote control over a user’s Android or iOS device, with support spanning Android 5 through 16 and iOS up to 26, including the iPhone 17 Pro. No technical expertise is required. The platform goes beyond typical data collection into real-time surveillance and direct financial theft."

Threat actors are exploiting SolarWinds Web Help Desk flaws.

Researchers at Huntress warn that threat actors are exploiting a vulnerability in the SolarWinds Web Help Desk (WHD) to gain access and deploy malware. Huntress states, "On February 7, 2026, Huntress SOC analyst Dipo Rodipe investigated a case of SolarWinds Web Help Desk exploitation, in which the threat actor rapidly deployed Zoho Meetings and Cloudflare tunnels for persistence, as well as Velociraptor for means of command and control."

The researchers believe the intrusion "stemmed from the many recently disclosed vulnerabilities affecting SolarWinds WHD," the most serious of which are CVE-2025-40551 and CVE-2025-26399. Both flaws are confirmed to be actively exploited, and users are urged to apply patches immediately. The US Cybersecurity and Infrastructure Security Agency (CISA) last week ordered Federal Civilian Executive Branch agencies to patch CVE-2025-40551 by Friday, February 6th.

Microsoft also published a report last Friday on the exploitation of SolarWinds WHD vulnerabilities, noting, "Since the attacks occurred in December 2025 and on machines vulnerable to both the old and new set of CVEs at the same time, we cannot reliably confirm the exact CVE used to gain an initial foothold."

US sentences fugitive foreign national to twenty years for role in crypto scams.

A fugitive dual citizen of China and St. Kitts and Nevis has been sentenced in absentia to twenty years in prison in the US for laundering more than $73 million in cryptocurrency stolen in cryptocurrency investment scams. 42-year-old Daren Li was arrested in April 2024, but fled the United States in December 2025 after cutting off his ankle monitor. US authorities are working with international law enforcement agencies to locate Li and return him to the US, RegTech Times reports.

Li had pleaded guilty in November 2024 to his involvement in online crimes run from Cambodian scam centers. The schemes were a variant of romance scams commonly known as "pig butchering," in which victims are tricked into investing in phony cryptocurrency trading platforms.