VulnHub

Real-time Cybersecurity News

Belarus-linked Ghostwriter group targets Ukraine using Prometheus learning platform lures

SCM feed for Latest
Actively Exploited
MalwareCritical

Overview

The Belarus-linked hacking group Ghostwriter, also known as UAC-0057 and UNC1151, has launched a multi-stage cyberattack targeting Ukraine. Researchers have identified that the group is using the Prometheus learning platform as bait to lure victims into their traps. This tactic raises concerns as it not only threatens the security of individuals and organizations in Ukraine but also highlights the ongoing cyber warfare linked to the conflict in the region. The implications are significant, as such attacks can disrupt critical infrastructure and undermine trust in digital platforms, especially in a time of heightened tensions. As the situation evolves, vigilance is essential for those engaged in online education and other sectors potentially impacted by these tactics.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Prometheus learning platform, Ukraine's digital infrastructure
  • Action Required: Users and organizations should enhance their cybersecurity measures, including employee training on phishing and social engineering tactics, as well as implementing robust endpoint protection solutions.
  • Timeline: Ongoing since the recent escalation of the conflict

Original Article Summary

Ghostwriter, also known as UAC-0057 and UNC1151, employs a multi-stage attack.

Impact

Prometheus learning platform, Ukraine's digital infrastructure

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since the recent escalation of the conflict

Remediation

Users and organizations should enhance their cybersecurity measures, including employee training on phishing and social engineering tactics, as well as implementing robust endpoint protection solutions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Critical.

Read Original Article

Related Coverage

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

BleepingComputer

Italian officials have taken action against the CINEMAGOAL app, a piracy tool that illegally provided access to popular streaming services like Netflix, Disney+, and Spotify. The app was reportedly using stolen authentication codes to bypass payment systems, allowing users to access content without subscriptions. This crackdown is significant as it not only protects the intellectual property rights of these streaming platforms but also highlights ongoing challenges in combating online piracy. By dismantling this network, authorities aim to deter similar activities in the future and safeguard legitimate services. The action is part of a broader effort to enforce copyright laws and ensure users are not misled into using illegal services.

May 23, 2026

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News

Anthropic announced that its Project Glasswing has identified over 10,000 high- or critical-severity vulnerabilities in widely-used software since its launch last month. This initiative involves collaboration with around 50 partners and focuses on software deemed systemically important on a global scale. These vulnerabilities pose significant risks to organizations and users relying on this software, potentially exposing them to data breaches or cyberattacks. The findings emphasize the urgent need for software developers and companies to address these flaws promptly to safeguard their systems and users. This proactive approach highlights the role of AI in enhancing cybersecurity efforts.

May 23, 2026

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

SecurityWeek

A new vulnerability, dubbed 'Underminr', affects around 88 million domains, allowing attackers to hide malicious connections behind trusted domain names. This exploit can bypass DNS filtering mechanisms, making it easier for cybercriminals to manage command-and-control traffic without detection. As a result, organizations that rely on these domains for security may be at greater risk of compromise. The vulnerability raises concerns about the effectiveness of current DNS security measures, as attackers can leverage this flaw to blend in with legitimate traffic. Companies and system administrators are urged to review their DNS filtering strategies to mitigate potential risks associated with this vulnerability.

May 23, 2026

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

The Hacker News

Cybersecurity researchers have identified a software supply chain attack that compromised several PHP packages associated with Laravel-Lang. The affected packages include laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. These packages were manipulated to deliver a credential-stealing framework that could potentially affect developers and users utilizing these resources. This incident raises concerns about the security of software supply chains, particularly in open-source communities where such packages are widely used. Developers should remain vigilant and review their dependencies to ensure they are not using compromised versions of these packages.

May 23, 2026

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

The Hacker News

A severe security vulnerability has been discovered in the LiteSpeed User-End cPanel Plugin, identified as CVE-2026-48172, which has a maximum CVSS score of 10.0. This flaw allows attackers to exploit incorrect privilege assignments, enabling them to execute arbitrary scripts with root privileges. As a result, any cPanel user, including potential attackers or compromised accounts, can take advantage of this vulnerability. The ongoing exploitation of this flaw poses significant risks to server security and data integrity, making it crucial for affected users to take immediate action. The situation emphasizes the need for vigilance among web hosts and cPanel users to prevent unauthorized access and maintain secure environments.

May 23, 2026

Ubiquiti patches three critical vulnerabilities in UniFi OS

SCM feed for Latest

Ubiquiti has patched three serious vulnerabilities in its UniFi OS, labeled CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. These flaws could allow unauthorized users to make system changes, access sensitive system files through path traversal, and execute commands remotely via command injection. This is a significant concern for users of UniFi OS, as it could lead to unauthorized access and control over network devices. Ubiquiti is urging all users to apply the updates as soon as possible to protect their systems from potential exploitation. Given the nature of these vulnerabilities, companies using UniFi OS should prioritize updating their systems to ensure their networks remain secure.

May 22, 2026