VulnHub

A recent study by CloudSEK has found that attackers quickly took advantage of a serious remote code execution (RCE) vulnerability in Oracle WebLogic the same day that exploit code became available. This flaw poses a significant risk to organizations using affected versions of WebLogic, as it allows malicious actors to execute arbitrary code on compromised servers. The rapid exploitation indicates that cybercriminals are closely monitoring vulnerability disclosures and acting swiftly, which raises concerns for businesses that may not have applied necessary security patches. Companies using Oracle WebLogic should prioritize updating their systems to mitigate this threat and protect sensitive data.

The UK government has sanctioned Xinbi, an online marketplace that operates in Chinese and specializes in cryptocurrency transactions. This platform is known for selling stolen data and satellite internet equipment, primarily serving scam networks in Southeast Asia. The sanctions are part of a broader effort to combat cybercrime and protect consumers from fraudulent activities. By targeting Xinbi, the UK aims to disrupt the operations of these scam centers, which have been linked to various cybercrimes affecting individuals and businesses. This action underlines the increasing focus on international cooperation to tackle online scams and the darker side of cryptocurrency use.

Recent reports indicate that cybercriminals are increasingly using cloud phones, which are virtualized Android devices hosted on remote servers, to carry out financial fraud schemes. These devices provide attackers with anonymity and the capability to manipulate phone numbers, making it easier for them to bypass traditional security measures. As a result, victims can include individuals and businesses alike, potentially leading to significant financial losses. Security experts warn that the rise of these technologies poses a growing risk to online transactions and personal data. Companies and users need to be vigilant and adopt more stringent security practices to mitigate these threats.

A new malware known as EtherRAT is using Ethereum smart contracts to hide its command and control (C2) infrastructure, making it difficult for security systems to detect. The malware employs a technique called EtherHiding, which allows it to obscure its activities within the blockchain. Once deployed, EtherRAT can steal cryptocurrency wallets and sensitive credentials from infected devices. This poses a significant risk to users involved in cryptocurrency transactions, as they may unknowingly expose their assets to attackers. Researchers are warning that as this malware evolves, more users could fall victim to theft and fraud, particularly in the growing landscape of decentralized finance.

A new phishing campaign is targeting TikTok for Business accounts, aiming to trick users into revealing their login credentials. The attackers have employed tactics that hinder security bots from detecting the malicious pages, making it easier for them to succeed. This means that businesses using TikTok for advertising or promotion are at risk of having their accounts compromised. The implications are significant, as a breach could lead to unauthorized access, loss of sensitive data, and damage to brand reputation. Companies and users need to be vigilant and implement strong security measures to protect their accounts.

Researchers at CyberProof have identified a significant rise in PXA Stealer malware attacks, with a 10% increase targeting financial institutions in the first quarter of 2026. This malware is particularly concerning because it is designed to steal sensitive information from banking customers. Attackers use Telegram as a channel to exfiltrate the stolen data, which raises red flags about the security measures in place for protecting financial transactions. This surge in attacks could have serious implications for both banks and their clients, potentially leading to financial losses and privacy breaches. As the threat evolves, financial institutions must strengthen their defenses and educate users on recognizing potential scams and threats.

Recent research by IPQS reveals a concerning trend in fraud attacks that combine automated bots, proxy servers, and stolen login details to execute multi-stage operations, leading to account takeovers. These attacks start with bots creating fake accounts and escalate as the attackers gain access to legitimate user credentials. This pattern of fraud not only impacts individual users but also poses significant risks to companies that rely on online accounts for customer interactions. By correlating data points such as IP addresses, device information, and user behavior, organizations can better defend against these sophisticated attacks. The findings emphasize the need for enhanced security measures to protect users and maintain trust in online platforms.

Recent findings from Kaspersky reveal that the Coruna iOS exploit kit is using an updated version of the kernel exploit code from the 2023 Operation Triangulation campaign. This exploit targets two specific vulnerabilities in Apple’s iOS, raising concerns about the potential for mass attacks against users. Initially, there wasn't enough evidence to connect Coruna to the earlier campaign, but researchers have now established a clear link. This means that devices running affected versions of iOS could be at risk from attackers leveraging these exploits. Users and organizations need to be vigilant and ensure their devices are updated to protect against these threats.