VulnHub

A new botnet called AryStinger has been discovered, infecting over 4,000 D-Link routers worldwide. This malware targets outdated devices, converting them into proxies that can handle malicious traffic. Users of affected routers may be unaware that their devices are being misused in cyberattacks. The presence of this botnet raises concerns about the security of Internet of Things (IoT) devices, particularly those that are not regularly updated. This incident serves as a reminder for users to keep their router firmware up to date and to secure their home networks against potential threats.

A new ransomware strain called 'Prinz Eugen' has emerged, targeting recently modified files for encryption while notably avoiding the use of a ransom note on the infected systems. This approach may confuse victims, as they might not realize they've been attacked until it's too late. The ransomware's focus on recent files could affect businesses and individuals who regularly update their documents and data, making recovery more complicated. Users are urged to maintain regular backups and enhance their cybersecurity measures to protect against this evolving threat. The absence of a ransom note also raises questions about the attackers' intentions and future tactics.

Hackers are taking advantage of a recently patched vulnerability in the Gravity SMTP plugin for WordPress, which is used on around 100,000 websites. This security flaw, identified as CVE-2026-4020, allows attackers without authentication to access sensitive information, including API keys and OAuth tokens. The vulnerability has a medium severity score of 5.3, but the potential exposure of critical data makes it a significant concern for site administrators. Users of the Gravity SMTP plugin need to ensure they update to the latest version to protect their sites from these attacks. The urgency of addressing this issue is heightened by the fact that the vulnerability is currently being exploited in the wild.

Hackers are taking advantage of an unauthenticated information disclosure vulnerability in the Gravity SMTP plugin for WordPress, which is installed on around 100,000 websites. This vulnerability allows attackers to access sensitive information without needing to log in, potentially exposing user data and other critical site details. The flaw poses a serious risk to website owners and their users, as it could lead to further attacks or data breaches. Website administrators are urged to assess whether they are using this plugin and to take necessary actions to secure their sites. Ignoring this issue could leave users’ information vulnerable and put the integrity of the websites at risk.

eFAQ has released an investigation into alleged scam activities linked to coordinated reputation attacks targeting various individuals and organizations. The report outlines how these scams operate, often involving misinformation and fraudulent communications designed to damage reputations and mislead potential victims. Those affected include both individuals and businesses that have been wrongly accused or misrepresented in online platforms, leading to significant reputational harm. This incident highlights the growing concern around online scams and the need for vigilance among users and companies alike. Understanding these tactics is crucial for protecting personal and organizational integrity in the digital landscape.

CryptoBandits is a new type of malware that combines data theft with remote code execution capabilities. It uses a local SOCKS5 proxy to route its traffic, which allows it to operate discreetly while abusing the Tor network for anonymity. This dual functionality poses significant risks, as it can both steal sensitive information and provide attackers with a backdoor into compromised systems. Users and organizations should be vigilant, as this malware can impact various systems and potentially lead to severe data breaches. The ongoing threat of CryptoBandits highlights the need for enhanced security measures in environments where sensitive data is handled.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a serious vulnerability in Splunk Enterprise that is currently being exploited by attackers. This flaw poses a significant risk to U.S. federal agencies and could potentially affect many organizations using this software. CISA has urged these agencies to take immediate action to secure their systems by applying the necessary patches by this Sunday. Failure to address this vulnerability could result in unauthorized access to sensitive data or system controls, making it crucial for organizations to prioritize this update. The urgency of the situation highlights the ongoing challenges in cybersecurity and the need for vigilance in maintaining software security.

A recent operation known as Operation Endgame has successfully removed SocGholish malware from around 15,000 websites linked to the notorious Evil Corp hacking group. This malware is often used to deliver ransomware and has been a significant threat to users who visit compromised sites. The operation aims to disrupt the infrastructure that Evil Corp relies on to spread their malicious software, which is a positive step in combating cybercrime. By targeting these infected sites, authorities hope to reduce the risk of malware infections and protect users from potential data loss or financial harm. This incident highlights ongoing efforts to dismantle the operations of major ransomware gangs and improve online security for everyone.