VulnHub

North Korean hackers are increasingly targeting cryptocurrency, with reports indicating that 76% of all stolen crypto in 2026 has ties to the country. These attacks have become so frequent that they are occurring on a weekly basis, raising concerns among security experts. Researchers suggest that artificial intelligence may be playing a role in these sophisticated heists, potentially enhancing the attackers' capabilities. This trend poses significant risks not only to individual investors but also to the broader cryptocurrency market, which is already vulnerable to theft and fraud. As these incidents escalate, it becomes crucial for users and companies to strengthen their security measures to protect against such attacks.

SonicWall has issued firmware updates to address three vulnerabilities that could be exploited by attackers, particularly ransomware groups. These flaws affect certain models of SonicWall firewalls, and experts are warning that unpatched devices may quickly become targets for exploitation. Users of SonicWall products are urged to apply the updates as soon as possible to protect their systems. The swift response from SonicWall indicates the seriousness of these vulnerabilities and the potential risks associated with leaving them unaddressed. Organizations relying on SonicWall firewalls should prioritize these updates to avoid falling victim to cyberattacks.

A Vietnamese-linked phishing campaign, dubbed AccountDumpling, has been uncovered, targeting Facebook users. This operation employs Google AppSheet as a tool to send phishing emails aimed at stealing Facebook account credentials. Researchers estimate that around 30,000 accounts have been compromised, with the attackers selling the stolen information through an underground marketplace. This incident raises concerns about the effectiveness of current phishing defenses, as even reputable platforms like Google can be misused for malicious purposes. Users are advised to remain vigilant and employ strong security measures to protect their accounts.

Hackers are exploiting poorly configured Jenkins servers to launch a distributed denial-of-service (DDoS) attack against gaming servers, particularly targeting infrastructure associated with Valve Corporation. This attack leverages the Jenkins automation server, which is often used for continuous integration and deployment. Misconfigurations in these servers make it easier for attackers to gain unauthorized access and deploy their botnets. The implications are significant for gamers and the gaming industry, as DDoS attacks can disrupt services and lead to extended downtimes. Companies operating gaming platforms need to ensure their Jenkins servers are properly secured to mitigate the risk of such attacks in the future.

According to Infosecurity Magazine, nearly a quarter of healthcare organizations in the U.S., UK, and Germany have experienced cyberattacks targeting medical devices in the past year. These attacks can disrupt critical healthcare services, putting patient safety at risk. The rise in incidents highlights vulnerabilities in medical devices that may not be adequately secured against cyber threats. As healthcare increasingly relies on connected technologies, the need for robust security measures becomes more pressing. Organizations must prioritize protecting their medical devices to ensure the safety and integrity of patient care.

A recent supply chain attack has targeted four SAP npm packages, embedding malware designed to steal user credentials. This incident is part of a broader campaign known as mini Shai-Hulud, which researchers have linked to a group of attackers aiming to exploit vulnerable software components. Organizations that rely on these SAP packages for their applications could be at risk, as the compromised packages can put sensitive information in jeopardy. Users are advised to review their systems for these packages and take appropriate measures to secure their credentials. The incident highlights ongoing vulnerabilities in software supply chains and the importance of vigilance in software management.

Cybersecurity researchers have revealed that two cybercrime groups, known as Cordial Spider and Snarky Spider, are conducting fast-paced attacks primarily targeting Software as a Service (SaaS) environments. These groups utilize methods like vishing and Single Sign-On (SSO) abuse to execute their operations, which are designed to steal data while leaving minimal traces. The attacks are characterized by a rapid execution style, making them particularly dangerous for companies relying on SaaS applications. As these threats evolve, organizations need to bolster their security measures to protect against such sophisticated tactics, which can lead to significant data breaches and financial losses. Users and businesses must remain vigilant and implement stronger authentication protocols to mitigate these risks.

A card-checking service used by cybercriminals, known as Jerry’s Store, has exposed 345,000 stolen payment card details due to a misconfigured server that was left accessible online. This incident has raised concerns as the exposed information includes sensitive data that can be exploited by other criminals for fraudulent transactions. The leak highlights the vulnerabilities within the infrastructure of illegal services that facilitate carding, putting countless victims at risk of financial loss. Users whose payment information has been compromised should monitor their accounts closely for any unauthorized activity and consider taking steps to protect their financial information. This incident serves as a stark reminder of the importance of securing sensitive data, even in illegitimate operations.

A serious vulnerability has been discovered in cPanel, a popular web hosting control panel, allowing attackers to bypass login credentials and gain root access to servers. This flaw has been actively exploited before any patches were released, putting many web hosting providers and their clients at risk. The vulnerability affects users of cPanel, particularly those running outdated versions of the software. With root access, attackers could manipulate server settings, steal sensitive data, or take the server offline, which could lead to significant operational and financial consequences for affected companies. It is crucial for users to update their systems as soon as patches become available to mitigate these risks.