VulnHub

Real-time Cybersecurity News

MuddyWater targets Israel with new MuddyViper backdoor

SCM feed for Latest
Actively Exploited
Critical

Overview

The article discusses a cybersecurity campaign by MuddyWater that targeted various sectors in Israel using a new backdoor known as MuddyViper. The attack, which occurred between September 30, 2024, and March 18, 2025, poses significant risks to critical infrastructure and organizations in engineering, government, and technology sectors.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Engineering, local government, manufacturing, technology, transportation, utilities, universities in Israel
  • Action Required: Organizations should implement robust cybersecurity measures, including monitoring for unusual activity, applying security patches, and educating staff on phishing and social engineering tactics.
  • Timeline: Ongoing since September 30, 2024

Original Article Summary

The campaign, active between September 30, 2024, and March 18, 2025, targeted sectors including engineering, local government, manufacturing, technology, transportation, utilities and universities.

Impact

Engineering, local government, manufacturing, technology, transportation, utilities, universities in Israel

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since September 30, 2024

Remediation

Organizations should implement robust cybersecurity measures, including monitoring for unusual activity, applying security patches, and educating staff on phishing and social engineering tactics.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

Grubhub confirms hackers stole data in recent security breach

BleepingComputer

Grubhub has confirmed that it recently experienced a data breach, allowing hackers access to its systems. According to reports, the attackers are now demanding a ransom, which adds a layer of urgency to the situation. The breach affects customer data, although specific details about what information was accessed have not been disclosed. This incident raises concerns about the security measures in place at Grubhub and the potential risk to users' personal information. As food delivery services become increasingly popular, breaches like this can undermine customer trust and highlight the need for better cybersecurity practices across the industry.

Jan 15, 2026

Predator Spyware Sample Indicates 'Vendor-Controlled' C2

darkreading

Researchers have uncovered how Intellexa, the company behind the Predator spyware, adapts its tactics based on failed deployments and unsuccessful attacks. By analyzing these setbacks, Intellexa aims to refine its commercial spyware, making future operations more effective. This raises concerns for privacy advocates and targets who may be vulnerable to such sophisticated surveillance tools. The findings suggest that Predator could be continuously evolving, increasing the risk for individuals and organizations that may be targeted. As spyware technology becomes more advanced, the implications for personal and national security are significant.

Jan 15, 2026

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

Security Affairs

Kyowon Group, a major South Korean conglomerate, has confirmed that it was hit by a ransomware attack that significantly disrupted its operations. This incident may have also compromised customer data, raising concerns about the safety of personal information for millions of users across its various subsidiaries. Kyowon is involved in diverse sectors including education, publishing, media, and technology, making the potential impact of this breach far-reaching. The company is currently working to assess the damage and restore its systems, but the attack underscores the vulnerabilities that large organizations face in today’s digital landscape. This incident serves as a reminder for companies to bolster their cybersecurity measures to protect sensitive data from similar attacks.

Jan 15, 2026

Max Messenger data breach claimed by hacker on DarkForums

SCM feed for Latest

A hacker has claimed responsibility for a significant data breach involving Max Messenger, reportedly extracting 142 GB of compressed data that includes around 15.4 million user records. The exposed information consists of full names, usernames, and phone numbers, which could put many users at risk of identity theft or spam. This incident raises concerns about the security measures in place to protect user data, especially given the large volume of personal information compromised. Users of Max Messenger should be vigilant about potential phishing attempts and consider changing their passwords to enhance their security. The situation also serves as a reminder for companies to prioritize data protection and implement stronger safeguards against unauthorized access.

Jan 15, 2026

New StackWarp Attack Threatens Confidential VMs on AMD Processors

SecurityWeek

Researchers have revealed a new vulnerability dubbed the StackWarp Attack that targets AMD processors, enabling attackers to execute code remotely within confidential virtual machines (VMs). This flaw poses a significant risk to cloud environments where sensitive data is processed, as it could allow unauthorized access to protected information. The attack exploits weaknesses in the architecture of AMD processors, making it particularly concerning for organizations relying on these systems for secure operations. Companies using AMD processors in their cloud infrastructure should assess their systems for vulnerabilities and stay informed about potential patches or mitigations that may be issued in response to this discovery. The implications of this attack are serious, especially for sectors dealing with confidential data such as finance, healthcare, and government.

Jan 15, 2026

Bluspark Global patches critical vulnerabilities after data exposure

SCM feed for Latest

Security researcher Eaton Zveare identified five serious vulnerabilities in Bluspark's Bluvoyix platform, which is used in shipping and supply chain management. Among these flaws were the use of plaintext passwords and an unauthenticated API, both of which could potentially allow unauthorized access to sensitive data. This incident raises concerns for companies relying on Bluvoyix, as attackers could exploit these weaknesses to gain access to critical operational information. Bluspark has since released patches to address these vulnerabilities, but the exposure of such significant flaws underscores the need for robust security practices in software development. Users of the platform should ensure they update to the latest version to mitigate these risks.

Jan 15, 2026