VulnHub

Real-time Cybersecurity News

New Ukrainian CERT-spoofing phishing campaign delivers RAT

SCM feed for Latest
Actively Exploited
PhishingMalwareTrojan

Overview

A recent phishing campaign has targeted various sectors in Ukraine, including government entities, healthcare providers, financial institutions, educational organizations, and software development firms. Attackers impersonated the country's Computer Emergency Response Team (CERT) to deliver the AGEWHEEZE Remote Access Trojan (RAT) between March 26 and 27. This type of malware allows unauthorized access to infected systems, posing significant risks to sensitive data and operational security. The incidents emphasize the ongoing cyber threats faced by Ukrainian organizations, particularly amid heightened geopolitical tensions. Entities in the affected sectors need to remain vigilant and enhance their cybersecurity measures to mitigate such risks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ukrainian government entities, healthcare providers, financial institutions, educational institutions, software development companies
  • Action Required: Entities should implement phishing awareness training, strengthen email filtering, and ensure software and systems are updated to protect against RATs.
  • Timeline: Ongoing since March 26-27, 2023

Original Article Summary

Ukrainian government entities, healthcare providers, financial providers, security firms, educational institutions, and software development companies have been targeted with a phishing campaign spoofing the country's Computer Emergency Response Team to facilitate the deployment of the AGEWHEEZE RAT between Mar. 26 and 27, reports The Cyber Express.

Impact

Ukrainian government entities, healthcare providers, financial institutions, educational institutions, software development companies

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since March 26-27, 2023

Remediation

Entities should implement phishing awareness training, strengthen email filtering, and ensure software and systems are updated to protect against RATs.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Malware, Trojan.

Read Original Article

Related Coverage

Claude AI finds Vim, Emacs RCE bugs that trigger on file open

BleepingComputer

Researchers discovered serious vulnerabilities in the Vim and GNU Emacs text editors that could allow attackers to execute remote code simply by opening a malicious file. This means that users of these popular text editors could be at risk without any interaction beyond opening a file. The vulnerabilities were identified with the help of the Claude AI assistant, which used simple prompts to find the flaws. This is significant as many developers and users rely on these tools for coding and text editing, making a large number of systems potentially vulnerable. Users should be cautious about the files they open and look out for updates from the developers to address these issues.

Mar 31, 2026

Critical Fortinet FortiClient EMS vulnerability under attack

SCM feed for Latest

Researchers from Defused have reported ongoing attacks exploiting a serious SQL injection vulnerability in Fortinet's FortiClient EMS, identified as CVE-2026-21643. These intrusions have been active since March 24, raising concerns for organizations using this software. SQL injection vulnerabilities allow attackers to manipulate database queries, potentially leading to unauthorized access and data breaches. Companies utilizing FortiClient EMS are urged to take immediate action to protect their systems and data from these exploits. The situation emphasizes the need for regular security updates and vigilance against emerging threats.

Mar 31, 2026

ChatGPT data leakage vulnerability discovered and patched

SCM feed for Latest

Researchers from Check Point have identified a vulnerability in ChatGPT that could allow a malicious user to exploit a hidden outbound channel within the platform's code execution runtime. They found that a single, specially crafted prompt could trigger this channel, potentially leading to unauthorized data leakage. This issue raises concerns for users and organizations relying on ChatGPT for various applications, as it could expose sensitive information. Following the discovery, OpenAI has patched the vulnerability to address this security flaw. Users of ChatGPT should ensure they are using the latest version to benefit from the fix and safeguard their data.

Mar 31, 2026

Cisco source code stolen in Trivy-linked dev environment breach

BleepingComputer

Cisco has been targeted in a cyberattack that resulted in the theft of source code from its internal development environment. This breach was made possible through the use of stolen credentials linked to a prior supply chain attack on Trivy, a tool used for scanning container vulnerabilities. The attackers gained access to sensitive source code belonging not only to Cisco but also to its customers, raising serious concerns about the security of their products and services. This incident emphasizes the risks associated with credential theft and the potential for significant impacts on a wide range of users who rely on Cisco's technology. Companies should assess their security protocols to prevent similar breaches in the future.

Mar 31, 2026

AtlasCross RAT campaign targets Chinese users via typosquatted domains

SCM feed for Latest

A cybercrime campaign attributed to the Silver Fox group is targeting Chinese users using typosquatted domains. This campaign involves malicious versions of various applications, such as VPN clients, encrypted messaging services, video conferencing tools, and e-commerce platforms. By creating fake websites that closely resemble legitimate ones, attackers aim to trick users into downloading these harmful applications. This poses a significant risk not only to individual users but also to businesses that rely on these tools for communication and transactions. As cyber threats continue to evolve, users must be vigilant about the sources from which they download software to avoid falling victim to such scams.

Mar 31, 2026

Maryland man charged in $53 million Uranium Finance crypto heist

SCM feed for Latest

A Maryland man named Spalletta has been charged in connection with a $53 million theft involving Uranium Finance, a decentralized finance platform. The allegations state that he exploited vulnerabilities in the platform's smart contracts on two occasions in April 2021. This incident raises concerns about the security of decentralized finance platforms, which are becoming increasingly popular but also susceptible to attacks. The case highlights the need for stronger security measures in cryptocurrency systems to protect users' investments. As decentralized finance continues to grow, incidents like this could undermine trust in the entire sector.

Mar 31, 2026