VulnHub

Cisco has been targeted in a cyberattack that resulted in the theft of source code from its internal development environment. This breach was made possible through the use of stolen credentials linked to a prior supply chain attack on Trivy, a tool used for scanning container vulnerabilities. The attackers gained access to sensitive source code belonging not only to Cisco but also to its customers, raising serious concerns about the security of their products and services. This incident emphasizes the risks associated with credential theft and the potential for significant impacts on a wide range of users who rely on Cisco's technology. Companies should assess their security protocols to prevent similar breaches in the future.

A significant security vulnerability in TrueConf, a video conferencing software, has been actively exploited in attacks on government networks in Southeast Asia. This vulnerability, identified as CVE-2026-3502, has a CVSS score of 7.8, indicating its severity. The flaw stems from a lack of integrity checks when updating the application, which allows attackers to deliver malicious updates to users. The campaign, named TrueChaos, is specifically targeting government entities, making it a serious concern given the sensitive nature of the information handled by these organizations. Immediate action is necessary to protect affected systems from further exploitation.

A recent report reveals that credential theft is a significant factor driving various cyberattacks, including ransomware incidents and breaches of Software-as-a-Service (SaaS) platforms. This trend indicates a shift in focus for cybersecurity efforts, moving from merely preventing breaches to actively detecting and responding to the misuse of legitimate access credentials. The report emphasizes that attackers are increasingly using stolen logins to carry out sophisticated attacks, which complicates the security landscape for many organizations. As a result, businesses must enhance their monitoring capabilities to identify unauthorized use of accounts and protect sensitive information. This shift is particularly crucial as nation-state actors also exploit these vulnerabilities for geopolitical purposes, further elevating the stakes in cybersecurity.

Venom Stealer is a new type of malware that allows cybercriminals to continuously collect sensitive information from infected devices. This software has features that enable it to maintain persistence, which means it can stay on a system even after a reboot or other attempts to remove it. The malware targets login credentials, session data, and cryptocurrency assets, putting users' financial security at risk. As it automates the data harvesting process, attackers can siphon off valuable information without needing to be present. This poses a significant threat to individuals and organizations that rely on digital platforms for transactions and communications.

Recent vulnerabilities in CrewAI have been identified, allowing attackers to exploit these flaws through a method known as prompt injection. By chaining these vulnerabilities, attackers can escape the sandbox environment and run arbitrary code on affected devices. This poses a significant risk as it could lead to unauthorized access and control over the devices that utilize CrewAI technology. Users and organizations that rely on this AI tool should be particularly vigilant, as the potential for exploitation could affect their data security and operational integrity. Immediate attention to these vulnerabilities is crucial to prevent possible breaches.

The UK's National Cyber Security Centre (NCSC) has issued a warning regarding targeted attacks on messaging apps. This advisory is aimed at individuals who might be vulnerable to these types of attacks, suggesting that cybercriminals are increasingly focusing their efforts on exploiting these platforms. The NCSC has recommended specific actions for users to protect themselves from potential threats, which could involve securing accounts and being vigilant about suspicious activity. This warning is significant as messaging apps are widely used for personal and professional communication, making them attractive targets for attackers. Users should take these precautions seriously to safeguard their private information and communications.

A new cyber campaign is targeting Chinese-speaking users by using fake domains that mimic trusted software brands. This operation delivers a remote access trojan (RAT) named AtlasCross, which has not been documented before. The attackers are focusing on applications used for VPN services, encrypted messaging, video conferencing, cryptocurrency tracking, and e-commerce. Eleven domains have been confirmed to deliver this malware, raising concerns about the security of users who may unknowingly download compromised software. This incident highlights the ongoing risk of typosquatting attacks, where malicious actors create look-alike domains to trick users into installing harmful software.

A Maryland man has been charged with stealing over $53 million from the Uranium Finance cryptocurrency exchange through two separate hacking incidents. The suspect allegedly used a cryptocurrency mixer to launder the stolen funds, complicating the tracking of the illicit gains. This case raises concerns about the security of cryptocurrency exchanges and the effectiveness of measures in place to protect user assets. As the crypto market continues to grow, incidents like this highlight the vulnerabilities that can be exploited by attackers, putting both exchanges and their users at risk. Law enforcement's response may also impact the perceived safety of investing in cryptocurrencies.