VulnHub

Real-time Cybersecurity News

Middle East malicious infrastructure report highlights concentration of C2 servers

SCM feed for Latest
Actively Exploited
Malware

Overview

A recent report by Hunt.io has uncovered over 1,350 command and control (C2) servers operating across 14 countries in the Middle East. Notably, Saudi Telecom Company (STC) has been linked to more than 72% of these servers, often through systems that have been compromised by attackers. This concentration of malicious infrastructure raises concerns for cybersecurity in the region, as it suggests that many customer systems are being exploited for nefarious purposes. The presence of so many C2 servers indicates a significant risk for data breaches and other cyber incidents, affecting both businesses and individuals who rely on these services. Stakeholders in the region should be vigilant and take steps to secure their networks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: C2 servers impacting customer systems of Saudi Telecom Company (STC) and other providers in the region.
  • Action Required: Organizations should conduct security assessments of their systems, enhance monitoring for unusual activities, and strengthen access controls to prevent exploitation.
  • Timeline: Newly disclosed

Original Article Summary

The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries. Saudi Telecom Company (STC) alone accounted for more than 72% of this regional activity, often through compromised customer systems.

Impact

C2 servers impacting customer systems of Saudi Telecom Company (STC) and other providers in the region.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should conduct security assessments of their systems, enhance monitoring for unusual activities, and strengthen access controls to prevent exploitation.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

BleepingComputer

Italian officials have taken action against the CINEMAGOAL app, a piracy tool that illegally provided access to popular streaming services like Netflix, Disney+, and Spotify. The app was reportedly using stolen authentication codes to bypass payment systems, allowing users to access content without subscriptions. This crackdown is significant as it not only protects the intellectual property rights of these streaming platforms but also highlights ongoing challenges in combating online piracy. By dismantling this network, authorities aim to deter similar activities in the future and safeguard legitimate services. The action is part of a broader effort to enforce copyright laws and ensure users are not misled into using illegal services.

May 23, 2026

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News

Anthropic announced that its Project Glasswing has identified over 10,000 high- or critical-severity vulnerabilities in widely-used software since its launch last month. This initiative involves collaboration with around 50 partners and focuses on software deemed systemically important on a global scale. These vulnerabilities pose significant risks to organizations and users relying on this software, potentially exposing them to data breaches or cyberattacks. The findings emphasize the urgent need for software developers and companies to address these flaws promptly to safeguard their systems and users. This proactive approach highlights the role of AI in enhancing cybersecurity efforts.

May 23, 2026

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

SecurityWeek

A new vulnerability, dubbed 'Underminr', affects around 88 million domains, allowing attackers to hide malicious connections behind trusted domain names. This exploit can bypass DNS filtering mechanisms, making it easier for cybercriminals to manage command-and-control traffic without detection. As a result, organizations that rely on these domains for security may be at greater risk of compromise. The vulnerability raises concerns about the effectiveness of current DNS security measures, as attackers can leverage this flaw to blend in with legitimate traffic. Companies and system administrators are urged to review their DNS filtering strategies to mitigate potential risks associated with this vulnerability.

May 23, 2026

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

The Hacker News

Cybersecurity researchers have identified a software supply chain attack that compromised several PHP packages associated with Laravel-Lang. The affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. These packages were manipulated to deliver a credential-stealing framework that could potentially affect developers and users utilizing these resources. This incident raises concerns about the security of software supply chains, particularly in open-source communities where such packages are widely used. Developers should remain vigilant and review their dependencies to ensure they are not using compromised versions of these packages.

May 23, 2026

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

The Hacker News

A severe security vulnerability has been discovered in the LiteSpeed User-End cPanel Plugin, identified as CVE-2026-48172, which has a maximum CVSS score of 10.0. This flaw allows attackers to exploit incorrect privilege assignments, enabling them to execute arbitrary scripts with root privileges. As a result, any cPanel user, including potential attackers or compromised accounts, can take advantage of this vulnerability. The ongoing exploitation of this flaw poses significant risks to server security and data integrity, making it crucial for affected users to take immediate action. The situation emphasizes the need for vigilance among web hosts and cPanel users to prevent unauthorized access and maintain secure environments.

May 23, 2026

Ubiquiti patches three critical vulnerabilities in UniFi OS

SCM feed for Latest

Ubiquiti has patched three serious vulnerabilities in its UniFi OS, labeled CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. These flaws could allow unauthorized users to make system changes, access sensitive system files through path traversal, and execute commands remotely via command injection. This is a significant concern for users of UniFi OS, as it could lead to unauthorized access and control over network devices. Ubiquiti is urging all users to apply the updates as soon as possible to protect their systems from potential exploitation. Given the nature of these vulnerabilities, companies using UniFi OS should prioritize updating their systems to ensure their networks remain secure.

May 22, 2026