VulnHub

A serious vulnerability in Marimo, an open-source Python notebook designed for data science, has been exploited within just 10 hours of being made public. The flaw, identified as CVE-2026-39987, allows attackers to execute remote code without needing authentication, affecting all versions of Marimo up to and including the latest release. Researchers from Sysdig reported this rapid exploitation, underscoring the urgency for users to address this security gap. Organizations using Marimo need to prioritize patching their installations to avoid potential breaches, as the high CVSS score of 9.3 indicates a significant risk. The swift exploitation of this vulnerability serves as a reminder of the importance of timely updates and security practices in software development.

Researchers from Censys have identified a significant cybersecurity threat posed by Iranian government-backed actors targeting critical infrastructure in the United States. This campaign is specifically aimed at energy, water, and government services, putting approximately 3,900 exposed devices at risk. The focus on these vital sectors raises alarms about potential disruptions to essential services. The implications of such attacks could be severe, affecting both public safety and national security. As the situation develops, organizations operating in these sectors need to enhance their cybersecurity measures to protect against potential intrusions.

The Iranian hacking group Handala has announced that it will continue its cyberattacks against Israel and plans to resume operations against the United States. This declaration comes during a fragile two-week ceasefire between Iran and both the U.S. and Israel. The group’s ongoing cyber threats pose significant risks to critical infrastructure and data security in these regions. Continuous cyber operations could disrupt services and heighten tensions in an already volatile geopolitical landscape, making it crucial for organizations in these countries to bolster their cybersecurity measures. The situation is particularly concerning given the potential for escalation in both cyber and traditional military engagements.

Rostelecom, a major state-run telecommunications company in Russia, reported a significant distributed denial-of-service (DDoS) attack on Monday. This incident disrupted internet access, government services, and online banking for users in 30 cities across the country. The attackers behind the DDoS attack have not yet been identified. This incident is concerning as it affects essential services, highlighting vulnerabilities in critical infrastructure that could have broader implications for national security and public safety. The scale of the attack raises questions about the resilience of state-run systems against cyber threats.

Researchers have identified seven new variants of BPFDoor malware that have advanced capabilities for stealthily compromising major telecommunication networks. This malware can now utilize stateless command-and-control routing, making it more difficult for security teams to detect and mitigate. The implications of this development are significant, as it potentially allows attackers to infiltrate and disrupt critical communication infrastructure. Telecommunication companies should be on high alert and assess their defenses against this evolving threat. The discovery emphasizes the ongoing challenges in securing network environments against sophisticated malware attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive for U.S. government agencies to patch a serious vulnerability in Ivanti Endpoint Manager Mobile (EPMM). This flaw has been exploited in attacks since January, making it a significant risk for federal systems. Agencies have only until Sunday to address this issue, underscoring the urgency to protect sensitive data from potential breaches. The vulnerability affects the Ivanti EPMM software, which is widely used for managing mobile devices. Failure to patch could leave these systems open to further exploitation by attackers, which could have serious implications for national security.

A research collaboration between Access Now, Lookout, and SMEX has uncovered a troubling spyware campaign targeting journalists in the Middle East and North Africa. The campaign is believed to be linked to a group called Bitter, which is suspected of having connections to the Indian government. The spyware, identified as ProSpy, poses a significant risk to the privacy and safety of journalists in the region, as it can be used to monitor their communications and activities. This incident raises serious concerns about the increasing use of hack-for-hire services to silence critical voices and undermine press freedom. The implications of this spyware campaign extend beyond individual journalists, potentially affecting the broader landscape of media and freedom of expression in these areas.

Signature Healthcare in Brockton, Massachusetts, experienced a cyberattack that severely disrupted its hospital operations, leading to the diversion of ambulances and the cancellation of some services. The attack particularly affected pharmacy operations, preventing staff from filling prescriptions, although urgent care and walk-in services continued to function. This incident highlights the vulnerabilities in healthcare systems, which are increasingly targeted by cybercriminals. The impact on patient care and access to medications raises significant concerns about the security measures in place at healthcare facilities. As more hospitals digitize their operations, the need for robust cybersecurity practices becomes more critical.

Iranian hackers have targeted critical infrastructure in the United States by exploiting Internet-facing operational technology (OT) devices, specifically programmable logic controllers (PLCs). This breach has led to file and display manipulation, causing significant operational disruptions and financial losses across various sectors. The attackers have demonstrated their capability to disrupt essential services, raising concerns about the security of critical infrastructure in the U.S. Organizations relying on these systems need to review their security measures to prevent similar incidents in the future. The situation serves as a wake-up call for industries to prioritize the protection of their OT environments against external threats.