VulnHub

Real-time Cybersecurity News

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

Security Affairs
Actively Exploited
Critical

Overview

A Chinese-linked hacking group known as FamousSparrow has targeted an Azerbaijani oil and gas company in a series of espionage attacks. The group repeatedly exploited the same entry point for three separate intrusions between December 2025 and February 2026. These attacks are part of a broader campaign aimed at gathering intelligence from the energy sector, which is vital for Azerbaijan's economy. The repeated access indicates a level of persistence and sophistication in their approach, raising concerns about the security measures in place to protect critical infrastructure. This situation underscores the ongoing risks that state-sponsored actors pose to national energy resources and the need for enhanced cybersecurity protocols in the sector.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Azerbaijani oil and gas company
  • Action Required: Companies in the energy sector should review their security protocols, conduct thorough audits of their systems, and implement multi-factor authentication to prevent unauthorized access.
  • Timeline: Ongoing since December 2025

Original Article Summary

Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025 […]

Impact

Azerbaijani oil and gas company

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since December 2025

Remediation

Companies in the energy sector should review their security protocols, conduct thorough audits of their systems, and implement multi-factor authentication to prevent unauthorized access.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

KongTuke hackers now use Microsoft Teams for corporate breaches

BleepingComputer

KongTuke, an initial access broker, has shifted its tactics to utilize Microsoft Teams for social engineering attacks. This method allows attackers to gain persistent access to corporate networks in as little as five minutes. By exploiting the platform, they can trick employees into providing sensitive information or credentials. This development poses a significant risk to organizations that rely on Microsoft Teams for communication, as it opens up new avenues for breaches. Companies should be vigilant about security practices and employee training to mitigate these risks.

May 14, 2026

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

The Hacker News

A newly disclosed vulnerability in the PraisonAI framework, identified as CVE-2026-44338, has drawn the attention of cybercriminals within just four hours of its announcement. This vulnerability has a CVSS score of 7.3 and involves a missing authentication issue, which means that sensitive endpoints could be accessed by unauthorized users. If exploited, attackers could invoke potentially harmful actions, leading to significant security risks for any systems running this open-source orchestration tool. Organizations utilizing PraisonAI are urged to assess their systems and implement necessary security measures to protect against possible exploitation. This incident serves as a reminder of the rapid response from threat actors to newly revealed vulnerabilities.

May 14, 2026

G7 Countries Release AI SBOM Guidance

SecurityWeek

The G7 countries have released guidance focused on Software Bill of Materials (SBOM) for artificial intelligence systems. This guidance aims to establish minimum standards for transparency in AI systems and their supply chains. By doing so, the G7 intends to enhance trust and security within AI technologies that many organizations rely on today. This step is crucial as AI systems become increasingly integrated into various sectors, raising concerns about their safety and reliability. The guidance serves as a framework for organizations to better understand the components of AI systems and ensure they are secure and compliant.

May 14, 2026

Kimsuky targets organizations with PebbleDash-based tools

Securelist

Kaspersky researchers have identified new tools based on the PebbleDash framework that are being used in recent campaigns by the North Korean hacking group Kimsuky. These tools are linked to the AppleSeed malware cluster, indicating a sophisticated approach to targeting various organizations. Kimsuky has a history of focusing on sectors like government, defense, and technology, making this a significant concern for those industries. The use of PebbleDash tools suggests that attackers are developing more advanced methods to infiltrate networks and steal sensitive information. Organizations need to enhance their defenses and remain vigilant against these evolving threats.

May 14, 2026

China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage

Hackread – Cybersecurity News, Data Breaches, AI and More

A recent report from Darktrace reveals that a group of Chinese hackers, known as Twill Typhoon, is using counterfeit websites mimicking Apple and Yahoo to conduct espionage. These fake sites are designed to lure unsuspecting users into providing sensitive information, which the attackers can then leverage for spying on various organizations. The hackers are utilizing a malware framework called FDMTP, which further aids their operations. This tactic poses a significant risk to individuals and companies who may mistakenly trust these fraudulent sites, potentially leading to data breaches and compromised security. Organizations are urged to remain vigilant and educate their employees about the dangers of phishing and counterfeit websites.

May 14, 2026

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

SecurityWeek

Hackers began exploiting a newly discovered vulnerability in PraisonAI within hours of its public disclosure. This flaw allows attackers to bypass authentication measures, potentially granting unauthorized access to sensitive data. The rapid response from malicious actors indicates a high level of interest in exploiting this weakness, which could affect numerous users and organizations relying on PraisonAI's services. Companies using this technology should take immediate steps to secure their systems to prevent unauthorized access and data breaches. The quick exploitation attempts serve as a reminder of the urgency in addressing newly disclosed vulnerabilities.

May 14, 2026