VulnHub

A cybersecurity researcher has disclosed a serious vulnerability in Windows, known as 'MiniPlasma', which allows attackers to escalate their privileges to SYSTEM level on fully patched systems. This zero-day exploit poses a significant risk because it can enable unauthorized access to sensitive data and system controls. Users of Windows systems, particularly those in corporate environments, should be on high alert as this exploit can potentially be used in cyberattacks. The researcher has also released a proof-of-concept (PoC) for the exploit, which can facilitate its misuse by malicious actors. This situation underscores the need for immediate attention to system security measures and vigilance against potential exploitation.

Attackers are exploiting a vulnerability in Funnel Builder, a tool used by online stores, to inject e-skimmers. These malicious scripts can steal payment information from unsuspecting customers during transactions. This incident affects e-commerce platforms that utilize Funnel Builder, potentially putting sensitive customer data at risk. As the holiday shopping season approaches, the urgency to address this vulnerability increases, as attackers may ramp up their efforts to exploit it. Companies using this tool should prioritize patching the identified bug to protect their customers and maintain trust.

A serious vulnerability in NGINX, tracked as CVE-2026-42945, is currently being exploited in the wild, just days after it was disclosed. This flaw is a heap buffer overflow in the ngx_http_rewrite_module, which affects NGINX Plus and NGINX Open versions from 0.6.27 to 1.30.0. The CVSS score of 9.2 indicates a high severity, as it could lead to worker crashes and potentially allow remote code execution (RCE). Organizations using affected versions should prioritize patching their systems to prevent exploitation. Given the active nature of this threat, immediate action is crucial for maintaining security.

Scammers are targeting Ledger wallet users in Italy by sending out physical letters that appear to be from the company. These letters contain QR codes designed to trick recipients into revealing their wallet seed phrases. This tactic exploits the trust users have in Ledger, a well-known cryptocurrency hardware wallet provider. By obtaining these seed phrases, scammers can gain access to users' cryptocurrency funds. It's crucial for crypto users to be vigilant and verify the authenticity of any communication they receive, especially those that ask for sensitive information. The incident underscores the ongoing risks associated with cryptocurrency security and the lengths that attackers will go to steal personal information.

Last week, Cisco released a patch for a zero-day vulnerability affecting its SD-WAN product. This flaw could allow attackers to gain unauthorized access to the network and potentially disrupt services. Meanwhile, a previously unpatched vulnerability in Microsoft Exchange Server has been actively exploited by attackers, putting many organizations at risk. These incidents highlight the ongoing challenges companies face in securing their systems against evolving threats. It’s crucial for affected users to apply the latest patches and take proactive measures to protect their networks.

A serious vulnerability in the Funnel Builder plugin for WordPress is currently being exploited by attackers to inject harmful JavaScript into WooCommerce checkout pages. This manipulation aims to capture sensitive payment information from users during transactions. The situation was reported by Sansec, revealing that this flaw does not yet have an official Common Vulnerabilities and Exposures (CVE) identifier. Website owners using this plugin should be particularly vigilant, as the lack of a CVE means there may not be a widely known fix available at this time. This incident poses a significant risk, especially for e-commerce sites that rely on WooCommerce for processing payments.

The Russian hacker group known as Secret Blizzard has transformed its Kazuar backdoor into a more sophisticated modular peer-to-peer (P2P) botnet. This new version is designed for long-term stealth and effective data collection, making it a significant threat to targeted organizations. The botnet's P2P structure allows it to operate without relying on a central command server, which complicates detection and mitigation efforts. This development raises concerns for businesses and individuals alike, as it could lead to unauthorized data access and prolonged security breaches. Cybersecurity experts are urging organizations to enhance their defenses against these evolving threats, as the Kazuar botnet is likely to be used for various malicious activities, including espionage and data theft.

OpenAI confirmed that a supply chain attack linked to malicious TanStack packages compromised two of its employee devices. This breach exposed sensitive credentials from the company's internal source code repositories. The attackers, part of a group known as TeamPCP, exploited vulnerabilities in the package publishing process to gain access. This incident raises concerns about the security of software supply chains, as it demonstrates how vulnerabilities can lead to significant data exposure. Organizations must be vigilant in monitoring their package management systems to prevent similar attacks.

TeamPCP has released the source code for a variant of the Shai-Hulud malware, which has been implicated in recent attacks against companies like TanStack. While researchers indicate that this particular version is not the original malware, its release poses a risk as it may enable other attackers to replicate or modify the malware for their own use. The significance of this release lies in the potential for increased attacks against vulnerable systems, as the source code can be used by less skilled cybercriminals. Organizations need to remain vigilant and strengthen their defenses in light of this development to protect against possible exploits stemming from the released code.

Hackers are using PyInstaller to disguise XWorm malware, which is being delivered through deceptive emails or fake software updates that contain seemingly harmless files. Once a victim opens the infected file, the malware can execute and potentially compromise the user’s system. This tactic not only makes it difficult for antivirus programs to detect the malware but also highlights the ongoing risks associated with social engineering attacks. Users and organizations need to be cautious about unsolicited emails and software updates, ensuring they verify the source before downloading or opening any files. This incident serves as a reminder of the importance of cybersecurity awareness and vigilance in protecting personal and sensitive information.