VulnHub

The FBI has issued a warning about a series of phishing attacks where criminals are posing as U.S. city and county officials. These attacks primarily target businesses and individuals seeking planning and zoning permits. Scammers use these impersonations to trick victims into providing sensitive information or money. This situation is concerning as it can lead to financial losses and undermine trust in local government processes. The FBI urges anyone involved in such applications to verify the legitimacy of communications before responding, especially if they involve requests for personal or financial information.

A Chinese-speaking cyber actor has reportedly been targeting critical sectors in Asia for several years using a mix of custom malware, open-source tools, and living-off-the-land (LOTL) binaries. This activity appears to be focused on espionage, affecting both Windows and Linux systems. The attackers' tactics, which combine tailored malware with readily available tools, suggest a sophisticated approach aimed at infiltrating sensitive networks. The long-term nature of this threat raises concerns for organizations in the region, as prolonged access could lead to significant data breaches and intelligence gathering. Companies in critical infrastructure sectors need to be vigilant and enhance their cybersecurity measures to defend against these persistent threats.

Two Google Chrome extensions have been compromised after a transfer of ownership, allowing attackers to inject malicious code and steal sensitive user data. The extensions, originally developed by a user identified as 'akshayanuonline@gmail.com', are QuickLens and another unnamed extension. This incident raises significant concerns as it exposes users who have installed these extensions to potential malware and data breaches. Users of these extensions should be cautious and consider removing them to protect their information. This situation serves as a reminder of the risks associated with third-party software and the importance of monitoring the permissions and developers of browser extensions.

A Chinese threat actor has been targeting high-value organizations across South, Southeast, and East Asia in a long-running campaign. This group has focused on sectors such as aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications. Palo Alto Networks Unit 42 has linked these activities to a new, undocumented threat group that exploits web servers and utilizes Mimikatz, a tool known for stealing credentials. The implications of these attacks are significant, as they threaten the security of critical infrastructure in the region and could lead to serious disruptions or data breaches. Organizations in these sectors need to enhance their cybersecurity measures to defend against these sophisticated threats.

The Cybersecurity and Infrastructure Security Agency (CISA) has alerted U.S. federal agencies to address three critical security flaws in iOS that have been exploited in cyberespionage and cryptocurrency theft. These vulnerabilities are being targeted through the Coruna exploit kit, which has been linked to recent attacks. Federal agencies are urged to implement patches promptly to protect sensitive information and financial assets. The exploitation of these flaws poses serious risks, potentially allowing attackers to gain unauthorized access to devices and data. Swift action is essential to mitigate these threats and secure federal systems.

A hacking group known as Transparent Tribe, which has ties to Pakistan, is utilizing AI tools to create malware implants targeting India. This campaign is notable for its use of lesser-known programming languages like Nim, Zig, and Crystal, allowing attackers to produce a large number of implants quickly. The implants are described as being of mediocre quality but are still effective enough to pose risks to targeted systems. This shift to AI-driven malware production marks a concerning trend in cybercrime, as it may lead to increased frequency and variety of attacks. Organizations in India need to be vigilant and enhance their cybersecurity measures to defend against these evolving threats.

Cybercriminals are using a method called InstallFix to trick users into executing harmful commands disguised as legitimate installations of command line interface (CLI) tools. This tactic builds on an earlier technique known as ClickFix. The attackers create fake guides that appear to be helpful but ultimately install infostealer malware on victims' machines. This type of malware can capture sensitive information, leading to identity theft or financial loss. Users who rely on these guides for software installation are at significant risk, making it crucial for individuals to verify sources before executing any commands on their systems.

Cisco has confirmed that two vulnerabilities in the Catalyst SD-WAN Manager are currently being exploited by attackers. The first vulnerability, identified as CVE-2026-20122, has a CVSS score of 7.1 and allows authenticated remote users to overwrite files on the local file system. This could lead to significant disruptions and unauthorized access to sensitive data. Organizations using the Catalyst SD-WAN Manager should take immediate action to address these vulnerabilities, as they pose a serious risk to network security. It’s crucial for affected users to monitor their systems closely and apply any available patches as soon as possible.

A recent cyber campaign attributed to a group linked to Iran is targeting Iraqi government officials by impersonating the Ministry of Foreign Affairs. This operation, identified by Zscaler ThreatLabz and named Dust Specter, involves the deployment of new malware strains called SPLITDROP and GHOSTFORM. Observed in January 2026, these attacks aim to compromise sensitive information from officials within the Iraqi government. The use of sophisticated tactics and novel malware underscores a growing threat to government entities in the region. This incident raises concerns about the security of state institutions and the potential for sensitive data breaches that could have significant political ramifications.

Despite the widespread implementation of multi-factor authentication (MFA) in organizations, many still fall victim to credential theft. Attackers are exploiting valid usernames and passwords to gain unauthorized access to networks, particularly in Windows environments. The problem isn't with MFA itself, but rather with how comprehensively it is enforced through identity providers like Microsoft Entra ID and Okta. If MFA isn't applied consistently across all access points, attackers can bypass these security measures. This situation emphasizes the need for companies to ensure that MFA is enforced everywhere, not just in select areas, to truly safeguard their systems from credential abuse.