VulnHub

TeamPCP has released the source code for a variant of the Shai-Hulud malware, which has been implicated in recent attacks against companies like TanStack. While researchers indicate that this particular version is not the original malware, its release poses a risk as it may enable other attackers to replicate or modify the malware for their own use. The significance of this release lies in the potential for increased attacks against vulnerable systems, as the source code can be used by less skilled cybercriminals. Organizations need to remain vigilant and strengthen their defenses in light of this development to protect against possible exploits stemming from the released code.

Hackers are using PyInstaller to disguise XWorm malware, which is being delivered through deceptive emails or fake software updates that contain seemingly harmless files. Once a victim opens the infected file, the malware can execute and potentially compromise the user’s system. This tactic not only makes it difficult for antivirus programs to detect the malware but also highlights the ongoing risks associated with social engineering attacks. Users and organizations need to be cautious about unsolicited emails and software updates, ensuring they verify the source before downloading or opening any files. This incident serves as a reminder of the importance of cybersecurity awareness and vigilance in protecting personal and sensitive information.

ESET has reported a new campaign by the hacking group known as Ghostwriter, which is targeting the Ukrainian government. The campaign starts with a spear-phishing email that contains a PDF attachment disguised as an official document from Ukrtelecom, a key telecommunications provider in Ukraine. This type of attack aims to trick recipients into opening the attachment, potentially leading to further malicious activity. The focus on Ukrainian government entities indicates a continued effort by cybercriminals to exploit vulnerabilities in the region, particularly amid ongoing geopolitical tensions. Such attacks can undermine trust in government communications and disrupt essential services.

A vulnerability in the Funnel Builder plugin for WordPress, which is used by over 40,000 websites, has been exploited by attackers to steal payment data. This flaw allows unauthenticated users to change global settings through an unprotected checkout endpoint. As a result, any website using this plugin could be at risk of having sensitive payment information compromised. Website owners should take immediate action to secure their sites, as the potential for financial loss and damage to customer trust is significant. This incident serves as a reminder for users to regularly update their plugins and monitor for security patches.

Hackers have compromised the popular node-ipc npm package, adding malware designed to steal user credentials in recent versions. This supply chain attack specifically targets developers who rely on node-ipc for inter-process communication in their applications. Users of the affected package are at risk of having their sensitive information, such as passwords and tokens, captured by the malicious code. This incident serves as a reminder of the vulnerabilities that can arise in the software supply chain, affecting not just individual developers but also the larger ecosystem that relies on these packages. Developers are urged to review their dependencies and ensure they are using safe versions of node-ipc to protect their credentials.

Microsoft has confirmed that a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, is being actively exploited by attackers. This vulnerability has a CVSS score of 8.1, indicating a high level of severity. It stems from improper handling of user input during web page generation, which can lead to cross-site scripting (XSS) attacks. Organizations using affected versions of Exchange Server are at risk, as attackers could exploit this flaw to execute malicious scripts in the context of users' browsers. Microsoft urges users to take immediate action to protect their systems and data from potential breaches.

The REMUS infostealer is a malware that focuses on stealing browser sessions and authentication tokens, which are now considered more valuable than traditional passwords. Researchers from Flare have observed its rapid evolution, emphasizing its capability for session theft and operational scalability. This malware allows attackers to hijack users' online accounts without needing to crack passwords, posing a significant risk to individuals and organizations alike. As cybercriminals increasingly adopt this method, users must be vigilant about their online security practices. The shift towards session theft indicates a growing trend in cyberattacks that could affect a wide range of online services and platforms.

Cisco has released a patch for a serious security vulnerability (CVE-2026-20182) affecting its Catalyst SD-WAN solutions. This flaw allows attackers to bypass authentication in both the Catalyst SD-WAN Controller and the Catalyst SD-WAN Manager, which are critical components for managing SD-WAN deployments. The vulnerability has been actively exploited by a sophisticated cyber threat actor, putting both on-premises and cloud users at risk. Organizations using these Cisco products should prioritize applying the patch to safeguard their networks from potential breaches. Failure to address this vulnerability could lead to unauthorized access and significant security incidents.

Microsoft has issued a warning regarding a zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, which is currently being exploited by attackers. This vulnerability affects various versions of Exchange Server, putting organizations that use this software at risk. Microsoft has not yet released a permanent patch but has provided interim mitigations to help secure affected systems. Users and administrators are urged to implement these mitigations to protect their environments until a comprehensive fix is available. The active exploitation of this vulnerability underscores the urgency for affected organizations to take immediate action.