VulnHub

Real-time Cybersecurity News

ESET details new Ghostwriter activity targeting Ukrainian government

SCM feed for Latest
Actively Exploited
PhishingExploit

Overview

ESET has reported a new campaign by the hacking group known as Ghostwriter, which is targeting the Ukrainian government. The campaign starts with a spear-phishing email that contains a PDF attachment disguised as an official document from Ukrtelecom, a key telecommunications provider in Ukraine. This type of attack aims to trick recipients into opening the attachment, potentially leading to further malicious activity. The focus on Ukrainian government entities indicates a continued effort by cybercriminals to exploit vulnerabilities in the region, particularly amid ongoing geopolitical tensions. Such attacks can undermine trust in government communications and disrupt essential services.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ukrtelecom, Ukrainian government agencies
  • Action Required: Users should be cautious about unsolicited emails and verify the authenticity of attachments before opening them.
  • Timeline: Newly disclosed

Original Article Summary

The latest FrostyNeighbor campaign begins with a spear-phishing email containing a PDF attachment disguised as an official communication from Ukrtelecom, a major Ukrainian telecommunications provider.

Impact

Ukrtelecom, Ukrainian government agencies

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should be cautious about unsolicited emails and verify the authenticity of attachments before opening them. Implementing email filtering and security awareness training can also help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Exploit.

Read Original Article

Related Coverage

TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge

SCM feed for Latest

TeamPCP has released the source code for a variant of the Shai-Hulud malware, which has been implicated in recent attacks against companies like TanStack. While researchers indicate that this particular version is not the original malware, its release poses a risk as it may enable other attackers to replicate or modify the malware for their own use. The significance of this release lies in the potential for increased attacks against vulnerable systems, as the source code can be used by less skilled cybercriminals. Organizations need to remain vigilant and strengthen their defenses in light of this development to protect against possible exploits stemming from the released code.

May 15, 2026

Hackers use PyInstaller to hide XWorm malware

SCM feed for Latest

Hackers are using PyInstaller to disguise XWorm malware, which is being delivered through deceptive emails or fake software updates that contain seemingly harmless files. Once a victim opens the infected file, the malware can execute and potentially compromise the user’s system. This tactic not only makes it difficult for antivirus programs to detect the malware but also highlights the ongoing risks associated with social engineering attacks. Users and organizations need to be cautious about unsolicited emails and software updates, ensuring they verify the source before downloading or opening any files. This incident serves as a reminder of the importance of cybersecurity awareness and vigilance in protecting personal and sensitive information.

May 15, 2026

FTC begins enforcing Take It Down Act for nonconsensual deepfakes

SCM feed for Latest

The Federal Trade Commission (FTC) is now enforcing the Take It Down Act, a law aimed at combating nonconsensual intimate imagery and AI-generated deepfakes. Under this law, online platforms are required to remove such content within 48 hours after a victim reports it. This is significant as it provides victims with a quicker pathway to protect their privacy and dignity against harmful digital forgeries. The act reflects growing concerns about the misuse of technology to create and share intimate images without consent, which can have devastating effects on individuals. By imposing strict removal timelines, the FTC is taking steps to hold platforms accountable and enhance user safety online.

May 15, 2026

U.S. officials discard items from China trip over security concerns

SCM feed for Latest

During a recent meeting between U.S. officials and Chinese leaders, security concerns prompted American personnel to leave behind certain items, including burner phones and lapel pins that were presented as gifts. This decision reflects ongoing worries about surveillance and data security, particularly in high-stakes diplomatic interactions. By discarding these items, U.S. officials are taking precautionary measures to prevent potential breaches of sensitive information. The move highlights the increasing focus on cybersecurity in international relations and the lengths officials will go to protect their communications. This incident serves as a reminder of the vulnerabilities that can arise when dealing with foreign governments, especially in contexts where trust is limited.

May 15, 2026

WordPress Funnel Builder vulnerability exploited to steal payment data

SCM feed for Latest

A vulnerability in the Funnel Builder plugin for WordPress, which is used by over 40,000 websites, has been exploited by attackers to steal payment data. This flaw allows unauthenticated users to change global settings through an unprotected checkout endpoint. As a result, any website using this plugin could be at risk of having sensitive payment information compromised. Website owners should take immediate action to secure their sites, as the potential for financial loss and damage to customer trust is significant. This incident serves as a reminder for users to regularly update their plugins and monitor for security patches.

May 15, 2026

Here’s how the FTC plans to enforce the Take It Down Act

CyberScoop

The Federal Trade Commission (FTC) is stepping up its enforcement of the Take It Down Act, which aims to combat the online sharing of explicit images without consent. The agency plans to impose significant fines on those who violate the law and has promised to initiate investigations against offenders. While this move is a strong statement against non-consensual sharing, experts have raised concerns about the FTC's resources and priorities in handling such cases. The effectiveness of these measures will depend on how the agency allocates its resources in the face of ongoing challenges in online safety. This law is particularly important as it seeks to protect individuals from harmful digital practices that can have lasting emotional and social consequences.

May 15, 2026