VulnHub

Real-time Cybersecurity News

US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites

SecurityWeek

Overview

The U.S. government has taken action against Handala, a group linked to Iranian cyber operations, by seizing multiple domains associated with their activities. These operations were primarily focused on psychological tactics aimed at influencing public perception. The seizure underscores the ongoing battle against state-sponsored cyber activities, particularly those originating from Iran. This move is part of a broader strategy to disrupt malicious online operations that can impact political stability and public opinion. By targeting these domains, the U.S. aims to limit Handala's ability to conduct its operations effectively.

Key Takeaways

  • Timeline: Newly disclosed

Original Article Summary

The US has seized several domains used by Handala in cyber-enabled psychological operations. The post US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites appeared first on SecurityWeek.

Impact

Not specified

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps

CyberScoop

The FBI and CISA have issued a public service announcement regarding a Russian intelligence campaign aimed at users of messaging apps, particularly Signal. This warning aligns with previous alerts from authorities in the Netherlands and Germany, highlighting a growing concern about the targeting of secure communication platforms. The campaign suggests that attackers are attempting to compromise the privacy and security of individuals who rely on these apps for confidential conversations. This situation is particularly alarming as it raises questions about the safety of messaging services that users often consider secure. People using these apps should remain vigilant and consider enhancing their security measures to protect their communications.

Mar 20, 2026

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

darkreading

Oracle has announced a critical vulnerability in its Fusion Middleware that allows attackers to execute arbitrary code without needing authentication. This flaw affects Oracle's Identity and Web Services Managers, particularly if they are exposed to the internet. The lack of authentication means that anyone can potentially exploit this vulnerability, making it especially dangerous for organizations that have these services publicly accessible. Companies using these products should take immediate action to secure their systems to prevent unauthorized access and potential data breaches. It's crucial for users to apply the necessary patches as soon as possible to mitigate the risks associated with this flaw.

Mar 20, 2026

Oracle pushes emergency fix for critical Identity Manager RCE flaw

BleepingComputer

Oracle has issued an emergency security update to address a serious vulnerability in its Identity Manager and Web Services Manager products, identified as CVE-2026-21992. This flaw allows attackers to execute remote code without needing any authentication, which poses a significant risk to organizations using these systems. The vulnerability could potentially be exploited to gain unauthorized access and control over sensitive information. Users of Oracle's Identity Manager and Web Services Manager should prioritize applying the update to protect their systems from potential attacks. This incident underscores the ongoing need for vigilance in software security, particularly with products that manage identity and access controls.

Mar 20, 2026

Trio sentenced for facilitating North Korean IT worker scheme from their homes

CyberScoop

Three men have been sentenced for their roles in a scheme that funneled approximately $1.28 million in salaries from U.S. companies to North Korean IT workers. The trio operated from their homes, setting up laptop farms and assisting remote workers in creating fake identities to secure jobs. This operation not only defrauded companies but also contributed to North Korea's illicit activities by providing the regime with foreign currency. The case highlights ongoing concerns about cybercrime linked to North Korea and the challenges companies face in verifying the identities of remote workers. As cyber threats evolve, organizations must remain vigilant in their hiring practices to avoid falling victim to similar scams.

Mar 20, 2026

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

The Hacker News

Trivy, an open-source vulnerability scanner developed by Aqua Security, has been compromised for the second time in a month. This breach specifically targeted the GitHub Actions workflows 'aquasecurity/trivy-action' and 'aquasecurity/setup-trivy', which are commonly used for scanning Docker container images for vulnerabilities. Attackers hijacked 75 tags to deliver malware that aims to steal sensitive continuous integration and continuous delivery (CI/CD) secrets. This incident is particularly concerning as it exposes users relying on these tools to potential data breaches and security risks. Organizations using these GitHub Actions should take immediate action to secure their environments and monitor for any unauthorized access or data leaks.

Mar 20, 2026

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

darkreading

The ransomware group known as Beast Gang has accidentally exposed files from their central cloud server, revealing their aggressive tactics for attacking network backups. These files show a clear strategy focused on targeting backup systems, which is a common method used by ransomware groups to ensure victims are more likely to pay the ransom. This incident raises serious concerns for organizations that rely on cloud services for data storage and highlights the importance of securing backup systems against potential ransomware attacks. As these tactics become more public, companies may need to reassess their cybersecurity measures to protect against such vulnerabilities. The exposure of these files could also lead to further attacks as other cybercriminals may adopt similar strategies.

Mar 20, 2026