VulnHub

Police departments across the United States are reportedly using Flock surveillance cameras in ways that raise serious privacy concerns. In over a dozen cases, officers have allegedly stalked individuals without legal justification, utilizing the camera system to track their movements obsessively. This misuse of technology not only breaches ethical standards but also raises alarms about the potential for abuse of surveillance tools meant to enhance public safety. The impact of these actions could undermine trust in law enforcement and lead to calls for stricter regulations on surveillance practices. Advocates for privacy rights are urging for greater oversight to prevent such incidents from occurring in the future.

Cisco has issued a warning about a vulnerability in its Catalyst SD-WAN Manager, designated CVE-2026-20262. This flaw allows attackers to write arbitrary files through the web interface, potentially compromising the system's integrity. Cisco confirmed that this vulnerability is currently being actively exploited, which raises significant concerns for organizations using affected systems. The vulnerability has a CVSS score of 6.5, indicating a moderate level of risk. Companies utilizing the Catalyst SD-WAN Manager should prioritize assessing their systems for this vulnerability and implement necessary security measures to protect against potential attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in the LiteSpeed cPanel user-end plugin, identified as CVE-2026-54420. This flaw poses a significant risk to U.S. government servers, prompting CISA to give agencies just three days to secure their systems. Attackers can exploit this vulnerability to gain unauthorized access, which could lead to data breaches or other malicious activities. The urgency of the warning highlights the need for prompt action to protect sensitive information and maintain system integrity. Agencies are advised to take immediate steps to patch their systems against this threat.

The DragonForce ransomware group has been found using a custom malware called 'Backdoor.Turn' to conceal their command-and-control traffic within Microsoft Teams relays. This tactic allows them to mask their activities, making it harder for security measures to detect their malicious actions. By leveraging the infrastructure of a widely-used collaboration tool, they are able to blend in with legitimate traffic, posing a significant challenge for cybersecurity professionals. This development raises concerns for organizations that utilize Microsoft Teams, as it highlights the potential for trusted platforms to be exploited for harmful purposes. Companies should remain vigilant and enhance their monitoring efforts to detect any unusual activities that could indicate an attack.

Researchers at Defused have reported that attackers are actively exploiting multiple serious vulnerabilities in Fortinet's FortiSandbox, a platform designed for detecting cyber threats. These flaws could allow unauthorized access to systems that rely on FortiSandbox for security measures, potentially leading to significant breaches. Organizations using FortiSandbox should be particularly vigilant as these vulnerabilities are now being targeted in the wild. It's crucial for affected users to assess their exposure and implement recommended security measures promptly. The situation highlights the ongoing risks associated with cybersecurity tools, where vulnerabilities can be exploited by malicious actors.

The FBI has issued a warning about a new trend in cryptocurrency scams where couriers are being used to pick up cash payments. This method is being exploited by scammers to bypass traditional banking systems and facilitate fraudulent investments. Victims are often lured into these schemes with promises of high returns, only to find themselves out of pocket after sending cash to a courier. This tactic not only complicates tracking the flow of money but also makes it easier for scammers to evade law enforcement. The warning serves as a crucial reminder for individuals to be cautious and verify the legitimacy of any investment opportunities, especially those involving cryptocurrency.

Cisco has issued security updates to address a medium-severity vulnerability in its Catalyst SD-WAN Manager, previously known as SD-WAN vManage. The flaw, identified as CVE-2026-20262, has a CVSS score of 6.5 and has been reported as actively exploited in the wild. This vulnerability affects the web user interface, allowing authenticated remote attackers to create files, which could lead to further compromise of the system. Given that this software is widely used for managing SD-WAN deployments, organizations utilizing this product should prioritize applying the latest updates to mitigate potential risks. The active exploitation of this flaw emphasizes the importance of maintaining up-to-date security measures in network management solutions.

Researchers at Proofpoint have identified two phishing campaigns linked to a North Korean hacking group known as Contagious Interview, also referred to as Famous Chollima. These campaigns are cleverly disguised as recruitment efforts for developer roles or as requests for code reviews. The tactics used by these attackers demonstrate a sophisticated approach to lure potential victims into providing sensitive information. This is particularly concerning for software developers and companies in the tech sector, who may be targeted due to their access to valuable intellectual property and sensitive data. The rise in these types of campaigns serves as a reminder for organizations to remain vigilant about phishing threats and to educate employees about identifying suspicious communications.