VulnHub

Hackers believed to be linked to China have targeted the Indian branch of a major global manufacturer using a new type of malware called TencShell. This malware is based on an open-source offensive toolkit, which suggests that the attackers are utilizing publicly available resources to carry out their operations. The implications of this attack are significant, as it not only affects the manufacturer but also raises concerns about the security of global supply chains. Companies operating in similar sectors should be vigilant, as this incident could indicate a broader trend of targeting multinational firms. The incident underscores the need for enhanced cybersecurity measures across industries to protect against sophisticated attacks.

Cisco has released a patch for a newly discovered zero-day vulnerability, identified as CVE-2026-20182, which has been actively exploited in targeted attacks. This vulnerability affects Cisco’s SD-WAN products and has been linked to a sophisticated threat actor known as UAT-8616. The exploitation of this flaw marks the sixth zero-day incident involving Cisco in 2026, raising concerns about the security of their products. Companies using Cisco SD-WAN solutions should prioritize applying the latest patches to protect against potential breaches. The ongoing exploitation of this vulnerability highlights the need for vigilance in cybersecurity practices.

Microsoft has announced a serious security vulnerability affecting on-premise versions of Exchange Server, identified as CVE-2026-42897. This issue, which has a CVSS score of 8.1, is classified as a spoofing vulnerability that arises from a cross-site scripting flaw. The vulnerability has been confirmed to be actively exploited by attackers, which raises significant concerns for organizations still using on-premise Exchange Servers. An anonymous researcher discovered and reported the issue, signaling the need for prompt attention from IT security teams. Organizations must take immediate action to protect their systems and data from potential exploitation.

A serious vulnerability in Cisco's SD-WAN network control system has been actively exploited, marking the second time this year that attackers have taken advantage of a CVSS 10.0 flaw. This critical bug poses a significant risk as it allows unauthorized access to the network, potentially compromising sensitive data and systems. Organizations using Cisco SD-WAN solutions should be particularly vigilant, as the severity of this vulnerability makes it a prime target for malicious actors. It's crucial for affected users to stay informed about the latest security updates and apply any available patches to mitigate risks associated with this vulnerability.

Researchers have identified malicious code in three versions of the popular npm package node-ipc, specifically versions 9.1.6, 9.2.3, and 12.0.1. This backdoor allows attackers to steal sensitive developer credentials and secrets. Users who have installed these versions are at risk of their private data being compromised. The discovery raises concerns for developers and organizations relying on this package for their applications. Immediate action is needed to mitigate potential damage and secure development environments.

The Mustang Panda hacking group has been linked to an updated version of the FDMTP backdoor, targeting networks in the Asia-Pacific region and Japan. This malware allows attackers to maintain persistent access to compromised systems, facilitating espionage activities. Researchers have identified this campaign as a part of broader efforts to infiltrate government and private sector networks in these areas. The implications are significant, as sensitive information could be at risk, potentially affecting national security and corporate confidentiality. Organizations in the targeted regions should take immediate steps to assess their security measures and protect against this evolving threat.

Researchers have discovered a new local privilege escalation vulnerability in the Linux kernel, identified as CVE-2026-46300, and nicknamed 'Fragnesia.' This vulnerability is related to the earlier Dirty Frag bugs and affects the xfrm-ESP Linux module. The flaw was unintentionally introduced when a patch was applied to fix one of the original Dirty Frag vulnerabilities, specifically CVE-2026-43284. This means that systems using the affected module could be at risk, potentially allowing attackers to gain elevated privileges. It is crucial for users and administrators of Linux systems to stay informed about this issue and apply necessary updates as they become available.

A Belarus-aligned hacking group known as Ghostwriter has launched new attacks against Ukrainian government organizations. This group, which has been active since at least 2016, is known for both cyber espionage and influence campaigns, primarily targeting Ukraine and its neighboring countries. The latest operations involve phishing attacks using geofenced PDF documents, which aim to trick users into revealing sensitive information. Additionally, the attackers are utilizing Cobalt Strike, a popular tool among cybercriminals for post-exploitation activities. These actions pose significant risks to Ukrainian governmental operations and national security, especially given the ongoing geopolitical tensions in the region.