VulnHub

On April 2, 2023, the pro-Iranian hacker group Handala claimed to have breached PSK Wind Technologies, an Israeli defense contractor known for its work on command and control systems. This incident raises concerns about the security of critical infrastructure, as PSK Wind develops technology used in air defense and other sensitive applications. The breach highlights the ongoing cyber conflict between Iran and Israel, where state-sponsored hacking is increasingly used as a tactic. The extent of the breach and any potential data theft or disruptions it may cause remain unclear. However, this incident underscores the vulnerability of defense contractors to cyberattacks, which could have serious implications for national security.

A significant credential harvesting campaign has been detected, utilizing the React2Shell vulnerability (CVE-2025-55182) to gain access to sensitive data from 766 Next.js hosts. Attackers are stealing various credentials, including database logins, SSH private keys, AWS secrets, Stripe API keys, and GitHub tokens. This operation has been linked to a threat group that Cisco Talos is monitoring. The widespread nature of this breach is concerning, as it affects a range of developers and companies using Next.js, potentially compromising their applications and user data. Companies need to be vigilant and take immediate steps to secure their systems against this threat.

Hackers have exploited a zero-day vulnerability in TrueConf conference servers, which enables them to execute arbitrary files on all connected endpoints. This means that attackers can potentially install malicious software on users' devices without their knowledge. The vulnerability poses a significant risk to organizations using TrueConf for video conferencing, especially as it allows for remote execution of harmful code. Users of TrueConf should be particularly vigilant and consider updating their systems to protect against these types of attacks. Security researchers are urging companies to monitor their networks for any suspicious activity related to this vulnerability.

Google has released a series of updates to address 21 vulnerabilities in its Chrome browser, including a significant zero-day flaw identified as CVE-2026-5281. This vulnerability affects the Dawn component of Chrome and has been exploited in the wild, which means attackers are actively taking advantage of it. Users of Chrome are urged to update their browsers to the latest version to protect themselves against potential exploits. Keeping browsers up to date is crucial as these vulnerabilities can allow unauthorized access or manipulation of user data. The timely patching of such vulnerabilities emphasizes the ongoing need for vigilance in maintaining cybersecurity.

Google has addressed 21 vulnerabilities in its Chrome browser, including a serious zero-day flaw identified as CVE-2026-5281. This vulnerability is categorized as a use-after-free (UAF) issue in Dawn, which is part of the WebGPU standard utilized by Chromium and its derivatives. While specific details about the exploitation of this flaw are scarce, the fact that it has been flagged as 'in-the-wild' suggests that attackers are actively using it. Users of Chrome and other Chromium-based browsers should ensure they are running the latest versions to protect themselves from potential attacks. Keeping browsers updated is crucial because such vulnerabilities can lead to unauthorized access or other malicious activities.

Researchers from Defused have reported ongoing attacks exploiting a serious SQL injection vulnerability in Fortinet's FortiClient EMS, identified as CVE-2026-21643. These intrusions have been active since March 24, raising concerns for organizations using this software. SQL injection vulnerabilities allow attackers to manipulate database queries, potentially leading to unauthorized access and data breaches. Companies utilizing FortiClient EMS are urged to take immediate action to protect their systems and data from these exploits. The situation emphasizes the need for regular security updates and vigilance against emerging threats.

A significant security vulnerability in TrueConf, a video conferencing software, has been actively exploited in attacks on government networks in Southeast Asia. This vulnerability, identified as CVE-2026-3502, has a CVSS score of 7.8, indicating its severity. The flaw stems from a lack of integrity checks when updating the application, which allows attackers to deliver malicious updates to users. The campaign, named TrueChaos, is specifically targeting government entities, making it a serious concern given the sensitive nature of the information handled by these organizations. Immediate action is necessary to protect affected systems from further exploitation.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies must patch their Citrix NetScaler appliances by Thursday to address a vulnerability that is currently being exploited by attackers. This flaw poses a significant risk as it allows unauthorized access and could lead to data breaches or further network compromises. Government agencies using Citrix NetScaler are particularly at risk, and timely action is essential to prevent potential exploitation. The urgency of this directive underscores the importance of maintaining up-to-date security measures in federal systems to protect sensitive information from malicious actors.

A recently discovered vulnerability, identified as CVE-2026-20929, involves a Kerberos authentication relay attack that exploits CNAME records. This vulnerability can allow attackers to impersonate legitimate users and gain unauthorized access to sensitive systems. Organizations using Kerberos for authentication, particularly those with complex DNS configurations, are at risk. The implications are serious, as successful exploitation could lead to data breaches or unauthorized actions within an organization's network. Cybersecurity teams need to assess their systems for this vulnerability and take appropriate measures to secure their environments against potential attacks.