VulnHub

U.S. government agencies have issued an urgent warning about Iranian hackers targeting American energy and water infrastructure. These cyberattacks are aimed at disrupting devices and systems that manage industrial processes. Reports indicate that these attacks have already caused damage to some victims over the past month, coinciding with increased tensions due to U.S.-Israel strikes against Iran. This situation raises concerns about the security of critical infrastructure, as such attacks could lead to significant disruptions in essential services like electricity and water supply. Officials are urging organizations in the energy and water sectors to bolster their defenses against these threats.

APT28, a Russian state-linked hacking group, has been exploiting vulnerabilities in MikroTik and TP-Link routers as part of a global cyber espionage campaign. Since at least May 2025, the group has targeted these routers to change their settings, effectively turning them into tools for malicious activities. This campaign raises significant concerns for users of these devices, as it can lead to unauthorized access to sensitive information and potential data breaches. The exploitation highlights the importance of securing home and small office routers, which are often overlooked in cybersecurity discussions. Users are urged to update their firmware and review their router settings to prevent unauthorized access.

The UK’s National Cyber Security Centre (NCSC) has issued a warning about the Russian cyber group APT28, which is reportedly hijacking internet traffic by compromising vulnerable routers. The attackers manipulate DHCP and DNS settings to redirect user traffic through their own servers, allowing them to spy on victims. This activity is linked to the GRU's Military Intelligence Unit 26165. Organizations and individuals using susceptible routers may be at risk, making it crucial for them to secure their devices against such exploits. The ongoing activity highlights the need for constant vigilance in network security, especially when it comes to maintaining router configurations.

A serious vulnerability has been discovered in Flowise that allows attackers to run arbitrary JavaScript code, which could lead to unauthorized access to a user's file system. This issue stems from improper validation of user-supplied code, making it a significant risk for users and organizations relying on Flowise. If exploited, attackers could manipulate data or install malicious software, raising concerns about data integrity and security. Users need to be aware of this vulnerability and take steps to secure their systems. Immediate action is necessary to prevent potential breaches and safeguard sensitive information.

The UK security agency has issued a warning about a new series of cyberattacks linked to the Russian hacking group APT28. These attackers are modifying virtual private servers to function as malicious DNS servers, which they then use to hijack routers. This tactic allows them to steal user credentials and potentially gain access to sensitive information. The implications of these attacks are significant, as they could affect a wide range of internet users and organizations relying on compromised routers for secure connections. Users are advised to ensure their router firmware is up-to-date and to monitor their networks for any suspicious activity.

A serious vulnerability in Docker Engine, identified as CVE-2026-34040, has been reported that allows attackers to bypass authorization plugins under certain conditions. This flaw has a high severity rating, with a CVSS score of 8.8, and it is rooted in an incomplete fix for a previous vulnerability, CVE-2024-41110, which was disclosed in July 2024. This means that systems relying on Docker for container management could be at risk, potentially allowing unauthorized access to the host system. Organizations using Docker should take immediate action to assess their exposure and implement necessary security measures. The implications of this vulnerability are significant, as it could lead to unauthorized actions on affected systems, compromising sensitive data and operations.

A new privilege escalation vulnerability, dubbed 'BlueHammer', has been identified in Windows operating systems. This flaw, which merges a time-of-check to time-of-use (TOCTOU) vulnerability with path confusion, allows attackers to gain higher-level access to systems. Users of affected Windows versions are particularly at risk, as this could enable unauthorized actions that compromise system security. The release of exploit code for BlueHammer raises concerns about its potential use in cyberattacks, making it crucial for organizations to address this vulnerability promptly. Keeping systems updated and applying any available patches will be essential to mitigate the risks associated with this flaw.

Charming Kitten, a group linked to Iran's security forces, has been ramping up its use of social engineering tactics to carry out cyber espionage. This group is known for targeting officials, researchers, and employees at various companies by pretending to be trusted contacts. By impersonating familiar figures, they manipulate individuals into sharing sensitive information or clicking on malicious links. This method of attack is concerning because it exploits human psychology rather than technical vulnerabilities, making it harder for victims to recognize the threat. As these tactics become more sophisticated, it raises alarm bells for organizations that must bolster their defenses against such deceptive practices.

A new exploit known as GrafanaGhost has been discovered that can bypass AI guardrails, allowing attackers to exfiltrate sensitive data from Grafana instances. This vulnerability combines AI prompt injection techniques with URL flaws to access information that should be protected. Grafana, a widely used open-source platform for data visualization, is particularly vulnerable, and this breach could expose critical insights stored by companies using the software. The implications are serious, as organizations could face data leaks that might compromise their operations and customer trust. Users of Grafana are urged to review their security settings and monitor for any unusual access patterns to safeguard their data.

Recent findings reveal that attackers can exploit Grafana's AI components to leak sensitive enterprise data. By directing Grafana to external resources and using indirect prompts, they can bypass existing security measures. This vulnerability poses a significant risk to organizations that rely on Grafana for data visualization and monitoring, as it may expose confidential information. Companies using Grafana should take immediate action to assess their configurations and consider implementing additional safeguards to protect against such exploitation. The implications of this issue are serious, as it could lead to unauthorized access to critical business data.