VulnHub

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about serious vulnerabilities in Ubiquiti UniFi OS and Lantronix serial-to-ethernet servers that are currently being exploited by hackers. These flaws could allow attackers to gain unauthorized access and control over affected systems. The vulnerabilities pose a significant risk to users, including businesses and organizations relying on these technologies for network management. CISA emphasizes the urgency for affected users to take immediate action to protect their networks from potential breaches. Prompt updates and patches are essential to mitigate these risks and secure vulnerable systems.

Service desks are increasingly targeted by attackers who use social engineering tactics to gain access to sensitive corporate accounts. These attackers often request password resets or multi-factor authentication changes, exploiting the trust that service desk staff typically have in callers. Researchers at Specops Software explain how these attacks are executed and emphasize the need for stronger security measures. Organizations are urged to implement rigorous verification processes to protect against these manipulative tactics. This is crucial because successful attacks can lead to significant data breaches and unauthorized access to critical systems.

A recent cybersecurity campaign, dubbed FortiBleed, has compromised around 110 million user credentials by targeting FortiGate devices. The attackers utilized a tool called FortigateSniffer, which exploits a diagnostic utility to continuously monitor network traffic, allowing them to capture sensitive information. This incident raises significant concerns for organizations using FortiGate products, as the compromised credentials could lead to further breaches or unauthorized access. The scale of the data theft is alarming, making it imperative for affected users to take immediate action to secure their accounts. Companies using FortiGate devices should review their security protocols and consider implementing additional protective measures to prevent future incidents.

Recent vulnerabilities discovered in Ubiquiti products pose significant risks as they allow remote attackers to access systems without authentication. These flaws enable unauthorized changes to be made to the system, access to underlying accounts, and the injection of malicious commands. This could lead to serious security breaches for users, particularly affecting those who rely on Ubiquiti for their networking equipment. Organizations using these products need to act quickly to safeguard their systems and data. Given the nature of these vulnerabilities, it is crucial for users to stay informed and apply any necessary updates or patches to mitigate the risks.

A recent report from NCC Group reveals that a group of state-backed Iranian hackers, known as MuddyWater, is disguising its cyber espionage activities by posing as a ransomware gang. Instead of demanding ransom payments, these attackers are using commercially available malware to infiltrate and steal sensitive information from their targets. This tactic not only complicates detection efforts but also blurs the lines between traditional ransomware attacks and espionage operations. Organizations need to be aware that these actors are leveraging the chaos surrounding ransomware to mask their true intentions. This approach poses significant risks to national security and corporate confidentiality, as it allows these hackers to operate under the radar while compromising valuable data.

A newly discovered vulnerability, CVE-2026-20230, affects Cisco's Unified Communications Manager (Unified CM) and is currently being exploited in the wild. This issue is a server-side request forgery (SSRF) flaw that allows attackers to drop webshells and execute code remotely on the affected servers. According to threat intelligence firm Defused, automated attacks have been observed using the Tor network to deploy these webshells. The exploitation process involves abusing the WebDialer SSRF to install a malicious Apache Axis service, which then facilitates the execution of further malicious payloads. Organizations using Cisco Unified CM should be aware of this security threat and take steps to mitigate potential risks.

A new backdoor known as Mistic has been identified in cyberattacks targeting various sectors, including insurance, education, IT, and professional services. This malware is believed to be linked to KongTuke, a group known for facilitating ransomware attacks. Mistic operates stealthily, allowing attackers to gain unauthorized access to sensitive systems without detection. Organizations in the affected industries should be particularly vigilant, as these types of threats can lead to significant financial and data losses. The emergence of Mistic emphasizes the ongoing risks faced by businesses in maintaining cybersecurity.

A serious security flaw has been discovered in Cisco Unified Communications Manager (Unified CM) and its Session Management Edition (Unified CM SME). The vulnerability, identified as CVE-2026-20230, has a CVSS score of 8.6, indicating its severity. It involves improper input validation for specific HTTP requests, which could allow attackers to execute commands remotely without authentication. This means that unauthorized individuals could potentially gain root access to affected systems. Companies using these Cisco products need to act quickly to protect their networks, as the flaw is already being exploited in the wild.