VulnHub

Real-time Cybersecurity News

Iranian cyberattacks to continue amid ceasefire

SCM feed for Latest
Actively Exploited
Critical

Overview

The Iranian hacking group Handala has announced that it will continue its cyberattacks against Israel and plans to resume operations against the United States. This declaration comes during a fragile two-week ceasefire between Iran and both the U.S. and Israel. The group’s ongoing cyber threats pose significant risks to critical infrastructure and data security in these regions. Continuous cyber operations could disrupt services and heighten tensions in an already volatile geopolitical landscape, making it crucial for organizations in these countries to bolster their cybersecurity measures. The situation is particularly concerning given the potential for escalation in both cyber and traditional military engagements.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Israeli and U.S. government systems, critical infrastructure
  • Action Required: Organizations should enhance their cybersecurity defenses, conduct regular security assessments, and implement incident response plans.
  • Timeline: Ongoing since recent ceasefire announcement

Original Article Summary

Iranian hacking group Handala has declared continuous cyberattacks against Israel and an imminent resumption of cyber operations against the U.S. amid a shaky two-week ceasefire between Iran and the U.S. and Israel, The Associated Press reports.

Impact

Israeli and U.S. government systems, critical infrastructure

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since recent ceasefire announcement

Remediation

Organizations should enhance their cybersecurity defenses, conduct regular security assessments, and implement incident response plans.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

Security Affairs

Recently, attackers compromised four Laravel-Lang Composer packages, which are widely used for providing translation and localization files in Laravel applications. By rewriting over 700 Git tags linked to historical versions, they managed to inject malware into these packages, potentially affecting numerous Laravel apps. This incident poses a significant risk to developers using Laravel-Lang, as the malware could lead to unauthorized access or other security breaches in their applications. Users of these packages should take immediate action to ensure their systems are not vulnerable and consider removing or updating the compromised packages. This situation serves as a reminder for developers to monitor the integrity of their dependencies closely.

May 26, 2026

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

Help Net Security

Microsoft has patched a serious remote code execution vulnerability in SharePoint, identified as CVE-2026-45659. This flaw impacts SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. The vulnerability arises from the way SharePoint handles untrusted data, allowing an authenticated attacker to execute code on a vulnerable server without requiring any user interaction. The simplicity of the attack makes it particularly concerning, as it poses a risk to organizations using these versions of SharePoint. Companies should prioritize applying the patches to safeguard their systems from potential exploitation.

May 26, 2026

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

The Hacker News

Multi-factor authentication (MFA) was designed to enhance security by requiring users to provide a second form of verification, making it harder for attackers to gain access to accounts. However, researchers have found that some attackers are using a technique called MFA prompt bombing, where they bombard users with repeated authentication requests until they inadvertently approve one. This method takes advantage of users being overwhelmed and mistakenly granting access. As a result, organizations that rely solely on MFA may be putting themselves at risk, as this approach can easily bypass the intended security measures. It's essential for companies to educate their employees about this tactic and consider additional security layers to protect against unauthorized access.

May 26, 2026

Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign

Infosecurity Magazine

Iranian hackers, known as Nimbus Manticore, have launched a campaign targeting U.S. aviation through phishing attacks and SEO poisoning. They are distributing a malicious backdoor called MiniFast, which is designed to exploit vulnerabilities in systems related to aviation. This campaign poses a significant risk to the aviation sector, as it could potentially allow attackers to gain unauthorized access to sensitive information and disrupt operations. The use of AI to create the MiniFast backdoor indicates a sophisticated approach to cyberattacks, raising concerns about the evolving tactics of state-sponsored hacking groups. Companies in the aviation industry need to be vigilant and enhance their cybersecurity measures to protect against such threats.

May 26, 2026

CISA orders feds to patch actively exploited Drupal vulnerability

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that U.S. government agencies address a critical SQL injection vulnerability in the Drupal content management system by Wednesday evening. This vulnerability, which has been flagged as actively exploited, poses a significant risk to the security of servers running Drupal. Government organizations must act swiftly to protect their systems from potential attacks that could exploit this weakness. The urgency of this directive highlights the ongoing challenges faced by agencies in maintaining secure web platforms, especially as attackers increasingly target widely used software like Drupal. Ensuring that these systems are patched is essential to safeguard sensitive data and maintain operational integrity.

May 26, 2026

Anthropic’s restricted Claude Mythos model may be coming to Claude Code

BleepingComputer

Anthropic is reportedly getting ready to release its Mythos model, which was initially announced in April as a restricted version due to its potential security risks. This model poses significant threats to both private and public software, raising concerns among developers and users about its implications for security. The rollout of such a model could lead to vulnerabilities being exploited if not properly managed. As the technology moves closer to public availability, it’s crucial for stakeholders to understand the risks and prepare accordingly. The situation emphasizes the need for careful consideration in how AI models are deployed, especially those that can impact software security.

May 25, 2026