Attackers are exploiting a vulnerability in Funnel Builder, a tool used by online stores, to inject e-skimmers. These malicious scripts can steal payment information from unsuspecting customers during transactions. This incident affects e-commerce platforms that utilize Funnel Builder, potentially putting sensitive customer data at risk. As the holiday shopping season approaches, the urgency to address this vulnerability increases, as attackers may ramp up their efforts to exploit it. Companies using this tool should prioritize patching the identified bug to protect their customers and maintain trust.
ESET has reported a new campaign by the hacking group known as Ghostwriter, which is targeting the Ukrainian government. The campaign starts with a spear-phishing email that contains a PDF attachment disguised as an official document from Ukrtelecom, a key telecommunications provider in Ukraine. This type of attack aims to trick recipients into opening the attachment, potentially leading to further malicious activity. The focus on Ukrainian government entities indicates a continued effort by cybercriminals to exploit vulnerabilities in the region, particularly amid ongoing geopolitical tensions. Such attacks can undermine trust in government communications and disrupt essential services.
A serious vulnerability in the Funnel Builder plugin for WordPress is being exploited by attackers to inject harmful JavaScript into WooCommerce checkout pages. This allows them to steal customers' credit card information during transactions. The exploit is particularly dangerous as it targets e-commerce sites using the WooCommerce platform, affecting both businesses and their customers. Website owners using this plugin should take immediate action to protect their customers and their own financial interests. The ongoing exploitation of this bug highlights the need for vigilance in securing online payment systems.
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
Security Affairs
Actively Exploited
Microsoft has confirmed that a new zero-day vulnerability in Exchange Server, identified as CVE-2026-42897, is being actively exploited by attackers. This vulnerability has a CVSS score of 8.1, indicating a high level of severity. It stems from improper handling of user input during web page generation, which can lead to cross-site scripting (XSS) attacks. Organizations using affected versions of Exchange Server are at risk, as attackers could exploit this flaw to execute malicious scripts in the context of users' browsers. Microsoft urges users to take immediate action to protect their systems and data from potential breaches.
Researchers from USC and the University of Twente have identified a significant issue with expired domains, which can continue to hold trust long after they have changed hands. This phenomenon, referred to as 'zombie linkages,' occurs in systems like Web PKI, Maven Central, and Ethereum Name Service. When a domain expires and is transferred to a new owner, the systems still recognize and trust the previous owner, potentially allowing malicious actors to exploit this trust. This lingering trust can create security risks, as users may unknowingly interact with compromised or malicious domains. Addressing this problem is crucial for maintaining the integrity of online systems and protecting users from potential fraud or exploitation.
A recent cybersecurity article warns about a significant vulnerability that cannot simply be fixed by applying patches. The issue affects multiple software systems and could leave users exposed if not addressed comprehensively. Researchers emphasize that traditional patch management strategies may not suffice, as attackers could exploit underlying flaws. This situation puts organizations at risk of data breaches and financial losses. The need for a more thorough approach to security is critical for companies relying on these systems.
A serious vulnerability in Cisco's SD-WAN network control system has been actively exploited, marking the second time this year that attackers have taken advantage of a CVSS 10.0 flaw. This critical bug poses a significant risk as it allows unauthorized access to the network, potentially compromising sensitive data and systems. Organizations using Cisco SD-WAN solutions should be particularly vigilant, as the severity of this vulnerability makes it a prime target for malicious actors. It's crucial for affected users to stay informed about the latest security updates and apply any available patches to mitigate risks associated with this vulnerability.
A new vulnerability known as the Fragnesia flaw has been discovered in the Linux kernel, allowing unprivileged local users to escalate their privileges to root access. This flaw poses a significant risk as it enables attackers with local access to gain complete control over affected systems. Researchers have indicated that various Linux distributions could be impacted, making it crucial for system administrators to assess their environments. The potential for exploitation is concerning, especially in multi-user setups where unauthorized users could exploit this flaw to compromise system integrity. Users and administrators should prioritize patching their systems to mitigate the risk associated with this vulnerability.
Recent cyber campaigns attributed to Chinese advanced persistent threat (APT) groups have expanded their targets and updated their tactics. The group known as Salt Typhoon has reportedly attacked an energy entity in Azerbaijan, raising concerns about the security of critical infrastructure in the region. Another group, Twill Typhoon, has focused on entities in Asia, deploying an updated remote access Trojan (RAT) that enhances their capabilities. These developments suggest that these APTs are adapting to better infiltrate and exploit various sectors, which could lead to increased risks for organizations in affected areas. As these campaigns evolve, organizations need to bolster their cybersecurity measures to defend against such sophisticated attacks.
Foxconn's North American facilities recently suffered a Nitrogen ransomware attack, marking one of 600 similar incidents targeting manufacturers this year. These cyberattacks are increasingly common as threat actors exploit the sector's low tolerance for downtime, meaning manufacturers often feel pressured to pay ransoms quickly to avoid significant operational disruptions. The attack is a stark reminder that manufacturers, often seen as less secure than other sectors, are prime targets for cybercriminals. This incident not only affects Foxconn's operations but also raises concerns about the security measures in place across the manufacturing industry as a whole. Companies must reevaluate their cybersecurity strategies to better protect against ongoing threats.
A newly disclosed vulnerability in the PraisonAI framework, identified as CVE-2026-44338, has drawn the attention of cybercriminals within just four hours of its announcement. This vulnerability has a CVSS score of 7.3 and involves a missing authentication issue, which means that sensitive endpoints could be accessed by unauthorized users. If exploited, attackers could invoke potentially harmful actions, leading to significant security risks for any systems running this open-source orchestration tool. Organizations utilizing PraisonAI are urged to assess their systems and implement necessary security measures to protect against possible exploitation. This incident serves as a reminder of the rapid response from threat actors to newly revealed vulnerabilities.
A recent study by Semperis indicates that 74% of organizations are concerned that artificial intelligence (AI) will lead to more attacks on their identity infrastructure. As companies increasingly rely on AI agents for sensitive security tasks, there are growing worries about how these technologies might be exploited by attackers. The research suggests that while AI can enhance security measures, it also presents new vulnerabilities that cybercriminals may try to exploit. This trend raises important questions for businesses about how to balance the benefits of AI with the potential risks it introduces. Organizations will need to take proactive steps to secure their identity systems against these emerging threats.
A new variant of a local privilege escalation vulnerability in the Linux kernel, named Fragnesia, has been identified. This vulnerability, tracked as CVE-2026-46300 with a CVSS score of 7.8, allows local attackers to gain root access through page cache corruption. This marks the third such vulnerability discovered in the Linux kernel within just two weeks, raising concerns for users and administrators. The flaw is rooted in the kernel's XFRM component, which is responsible for managing IPsec protocols. This means that systems using affected kernel versions could be at risk if not addressed promptly, as attackers could exploit this vulnerability to gain elevated privileges and potentially take control of vulnerable systems.
A serious vulnerability has been found in certain configurations of the Exim mail transfer agent, which could allow remote attackers to execute arbitrary code without authentication. This flaw poses a significant risk to systems running Exim, as it could lead to unauthorized access and control over affected servers. Organizations using Exim should take immediate action to assess their configurations, as attackers could exploit this vulnerability if not addressed promptly. The issue emphasizes the need for regular updates and security checks in mail server configurations to protect against potential breaches. Users and administrators are advised to stay vigilant and ensure they are running the latest versions of the software.
A newly discovered vulnerability, identified as CVE-2026-41940, is affecting cPanel and WebHost Manager, allowing attackers to exploit it shortly after it was made public. The threat actor known as Mr_Rot13 has been observed using this flaw to deploy a backdoor known as Filemanager, which can grant unauthorized access to compromised systems. This situation poses serious risks to web hosting providers and their customers, as it could lead to data breaches and unauthorized control over hosted websites. Companies using affected versions of cPanel and WebHost Manager need to take immediate action to secure their systems and protect sensitive data from being exploited. The urgency of addressing this vulnerability cannot be overstated, given the potential for widespread impact on affected users.