VulnHub

Real-time Cybersecurity News

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets

SecurityWeek
Actively Exploited
APT

Overview

A Russian advanced persistent threat (APT) group known as Turla has been using a new backdoor called 'StockStay' to target Ukrainian government and military organizations. This espionage campaign aims to gather sensitive information amidst the ongoing conflict in Ukraine. The backdoor allows attackers to maintain persistent access to compromised systems, facilitating data theft and surveillance. The situation raises significant concerns about the security of vital governmental infrastructure and the potential for further cyberattacks as tensions in the region continue to escalate. Ukrainian authorities and cybersecurity experts are urged to enhance their defenses against this ongoing threat.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ukrainian government and military organizations
  • Action Required: Organizations are advised to strengthen their cybersecurity measures, including regular system updates, employee training on phishing threats, and monitoring for unusual network activity.
  • Timeline: Newly disclosed

Original Article Summary

Turla has been using the backdoor against government and military organizations in Ukraine for espionage. The post Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets appeared first on SecurityWeek.

Impact

Ukrainian government and military organizations

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations are advised to strengthen their cybersecurity measures, including regular system updates, employee training on phishing threats, and monitoring for unusual network activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to APT.

Read Original Article

Related Coverage

Think tank warns US markets face hidden infrastructure risks

SCM feed for Latest

A new report from the Institute for Critical Infrastructure Technology (ICIT) warns that the U.S. financial markets are at risk due to hidden vulnerabilities in infrastructure concentration. The report indicates that many critical systems are overly reliant on a small number of providers, which could lead to significant disruptions if those providers experience failures or attacks. This concentration poses a challenge to market resilience, as the interconnected nature of these systems means that a single point of failure could have widespread repercussions. The findings urge policymakers and businesses to address these vulnerabilities to ensure the stability and security of the market. Addressing these issues is crucial for maintaining public trust and the overall health of the economy.

Jun 26, 2026

NIST seeks public feedback on updated IoT security guidelines

SCM feed for Latest

The National Institute of Standards and Technology (NIST) has released a draft of updated guidelines aimed at improving the cybersecurity of Internet of Things (IoT) products used by the federal government. Titled 'IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements,' this draft is open for public comment until August 24. The guidelines are intended to set specific cybersecurity standards for IoT devices, which have become increasingly prevalent in both government and private sectors. By seeking feedback, NIST hopes to address potential security gaps and ensure that IoT devices meet certain safety benchmarks. This initiative is crucial as vulnerabilities in IoT products can lead to significant risks, including unauthorized access and data breaches.

Jun 26, 2026

FCC approves new cybersecurity rules for emergency alerts and undersea cables

SCM feed for Latest

The Federal Communications Commission (FCC) has approved new cybersecurity regulations aimed at enhancing the security of the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA). These systems, which are critical for disseminating emergency information to the public, are vulnerable to hijacking attacks. The new rules are designed to prevent unauthorized access and ensure that alerts sent during emergencies are authentic and reliable. This move comes as a response to increasing concerns about the potential misuse of these systems, which could lead to widespread panic and misinformation. By strengthening these regulations, the FCC hopes to protect public safety and maintain trust in emergency communication channels.

Jun 26, 2026

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

The Hacker News

A serious vulnerability in Amazon Q Developer was discovered, allowing malicious repositories to execute commands and potentially steal cloud credentials from developers. This flaw, tracked as CVE-2026-12957, received a CVSS score of 8.5, indicating its severity. The issue stemmed from the way Amazon's AI coding assistant interacted with Model Context Protocol (MCP) servers. Developers could unknowingly expose their credentials simply by opening a compromised repository and trusting its workspace. Amazon has since patched the vulnerability, emphasizing the need for developers to be cautious when dealing with untrusted code repositories.

Jun 26, 2026

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

The Hacker News

A newly discovered vulnerability in the Linux kernel, identified as CVE-2026-46331 and dubbed 'pedit COW', poses a significant risk by allowing unprivileged local users to gain root access on affected systems. This flaw resides in the traffic-control subsystem, specifically in the packet-editing action (act_pedit), which can lead to an out-of-bounds write that corrupts shared page-cache memory. The public release of a working exploit occurred just a day after the vulnerability was disclosed on June 16, raising concerns about its potential for exploitation. Red Hat has classified this flaw as important, emphasizing the urgency for users to assess their systems and apply necessary security measures. Given the rapid emergence of exploits, organizations using Linux systems should prioritize patching and monitoring for unusual activity to mitigate the risk of unauthorized access.

Jun 26, 2026

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

The Hacker News

A new privilege escalation vulnerability in the Linux kernel, known as DirtyClone, has been identified, allowing local users to gain root access by exploiting corrupted file-backed memory through cloned network packets. This flaw, tracked as CVE-2026-43503, has a CVSS score of 8.8, indicating a high severity level. JFrog Security Research demonstrated a working exploit for this vulnerability on June 25, marking the first public showcase of its kind. Users and organizations running affected Linux systems should be aware of the potential risks this flaw poses, as it can be exploited to take control of systems if not addressed promptly. A patch has been released to mitigate this issue, and users are encouraged to apply it as soon as possible to protect their systems.

Jun 26, 2026