VulnHub

A serious vulnerability in Marimo, an open-source Python notebook designed for data science, has been exploited within just 10 hours of being made public. The flaw, identified as CVE-2026-39987, allows attackers to execute remote code without needing authentication, affecting all versions of Marimo up to and including the latest release. Researchers from Sysdig reported this rapid exploitation, underscoring the urgency for users to address this security gap. Organizations using Marimo need to prioritize patching their installations to avoid potential breaches, as the high CVSS score of 9.3 indicates a significant risk. The swift exploitation of this vulnerability serves as a reminder of the importance of timely updates and security practices in software development.

Attackers have compromised the update system for the Smart Slider 3 Pro plugin, a widely used tool for WordPress and Joomla, allowing them to distribute a malicious version containing a backdoor. This incident affects users of Smart Slider 3 Pro version 3.5.1.35 for WordPress, which has over 800,000 active installations. The backdoor could potentially allow unauthorized access to affected websites, putting sensitive data at risk. Users are urged to check their installations and ensure they are using a secure version of the plugin to prevent exploitation. This incident serves as a reminder of the vulnerabilities in third-party update systems and the importance of maintaining software security.

Researchers have discovered a new malware known as LucidRook, which is written in Lua and is being deployed in targeted spear-phishing campaigns aimed at non-governmental organizations (NGOs) and universities in Taiwan. This malware is particularly concerning because it represents a shift in tactics, focusing on sectors often involved in sensitive and impactful work. Attackers are leveraging deceptive emails to compromise their targets, potentially leading to data breaches or other security incidents. The targeting of educational and humanitarian organizations indicates that attackers are seeking valuable information that could be exploited for various malicious purposes. Organizations in these sectors need to be vigilant and enhance their security measures to defend against such threats.

Researchers from Censys have identified a significant cybersecurity threat posed by Iranian government-backed actors targeting critical infrastructure in the United States. This campaign is specifically aimed at energy, water, and government services, putting approximately 3,900 exposed devices at risk. The focus on these vital sectors raises alarms about potential disruptions to essential services. The implications of such attacks could be severe, affecting both public safety and national security. As the situation develops, organizations operating in these sectors need to enhance their cybersecurity measures to protect against potential intrusions.

The North Korean hacking group behind the Contagious Interview campaign has expanded its operations, releasing over a dozen new malicious packages across various programming ecosystems, including npm, PyPI, Go Modules, crates.io, and Packagist. Since the campaign began in January 2025, more than 1,700 harmful packages have been identified. These malicious packages are designed to compromise systems and facilitate malware installation, posing a significant risk to developers and organizations that rely on these ecosystems for software development. Users need to be cautious about the packages they download and verify their sources to avoid falling victim to these attacks.

The Iranian hacking group Handala has announced that it will continue its cyberattacks against Israel and plans to resume operations against the United States. This declaration comes during a fragile two-week ceasefire between Iran and both the U.S. and Israel. The group’s ongoing cyber threats pose significant risks to critical infrastructure and data security in these regions. Continuous cyber operations could disrupt services and heighten tensions in an already volatile geopolitical landscape, making it crucial for organizations in these countries to bolster their cybersecurity measures. The situation is particularly concerning given the potential for escalation in both cyber and traditional military engagements.

The Russian cyber espionage group known as Fancy Bear is reportedly continuing its global attacks, targeting various organizations around the world. Experts warn that while victims may not possess the same level of technical sophistication as the attackers, they must take proactive steps to protect themselves. Essential measures include regularly patching software vulnerabilities and implementing zero trust security models to enhance defenses. The ongoing activity of Fancy Bear underscores the need for organizations, regardless of size or technical expertise, to prioritize cybersecurity practices to mitigate risks. As these attacks evolve, awareness and preparedness are crucial for safeguarding sensitive data and systems.

A recent cybersecurity campaign attributed to APT28, also known as Fancy Bear, has been uncovered by Trend Micro. The attackers are using a new malware called PRISMEX to target Ukraine and its allies. They exploit recently disclosed vulnerabilities, specifically CVE-2026-21509 and CVE-2026-21513, to bypass security measures and gain unauthorized access. This type of espionage can significantly affect national security and the stability of the region, as sensitive information could be compromised. The targeting of Ukraine, in particular, raises alarms given the ongoing conflict in the area, indicating that the stakes are high for both military and political intelligence.

A hack-for-hire group has been targeting journalists and officials in the Middle East and North Africa (MENA) region since 2023, according to research from Access Now and Lookout. The campaign is described as sophisticated, employing various tactics to spy on its targets. Journalists, who often report on sensitive political issues, are particularly vulnerable, as are officials who may be involved in decision-making processes. This type of espionage raises serious concerns about press freedom and the safety of those working in journalism, as it can lead to self-censorship and a chilling effect on reporting. The ongoing nature of this campaign suggests that the threat is not only persistent but evolving, making it crucial for individuals and organizations in the region to be vigilant about their cybersecurity practices.

ChipSoft, a Dutch healthcare software provider, has been hit by a ransomware attack that has disrupted its online services. The attack forced the company to take its website and digital services offline, affecting both patients and healthcare providers who rely on their systems for medical information and services. This incident raises concerns about the security of healthcare IT systems, especially as they handle sensitive patient data. The downtime could lead to delays in patient care and disrupt operations for healthcare professionals. As ransomware attacks continue to pose a significant threat to the healthcare sector, this incident serves as a reminder of the vulnerabilities present in digital health infrastructure.

Hackers have compromised the update system for the Smart Slider 3 Pro plugin, which is used in WordPress and Joomla websites. These attackers managed to distribute a malicious version of the plugin that contains multiple backdoors, allowing them to access and control affected sites. This incident puts users of both platforms at risk, as the malicious code can lead to data breaches and unauthorized actions on their websites. Website administrators should be particularly vigilant, as the compromised update could have far-reaching consequences if not addressed promptly. Users are strongly advised to check their installations and update to the latest secure versions to mitigate any potential damage.