VulnHub

A threat actor has been exploiting a vulnerability in Marimo notebooks, specifically CVE-2026-39987, to gain unauthorized access. After taking control of a publicly accessible notebook, the attacker utilized a large language model (LLM) agent to carry out further actions. They extracted cloud credentials from the compromised system, which could potentially lead to additional breaches or data leaks. This incident raises concerns for organizations using Marimo products, as it demonstrates how quickly attackers can adapt and use advanced tools for post-exploitation activities. Companies must remain vigilant and ensure their systems are secured against such vulnerabilities.

According to ESET's 2026 APT Activity Report, Chinese-backed advanced persistent threats (APTs) are capitalizing on the instability caused by ongoing conflicts in Iran to target maritime and energy companies. This surge in cyber-attacks indicates that attackers are exploiting geopolitical tensions to carry out their operations. The report highlights that these APTs are not only focusing on regional targets but are also continuing their activities against organizations globally. This situation raises concerns for companies in the maritime and energy sectors, as they may face increased risks of data breaches and operational disruptions due to these cyber threats. Understanding these tactics is crucial for organizations to bolster their cybersecurity defenses and protect sensitive information.

Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server (EMS), identified as CVE-2026-35616, which allows them to bypass authentication. This flaw is being used to deliver a credential-stealing malware known as EKZ. Organizations using FortiClient EMS are at risk, as attackers can gain unauthorized access to sensitive information through this exploit. The situation is concerning since the malware targets credentials, potentially leading to further data breaches. Companies should prioritize patching this vulnerability to protect their systems and data from compromise.

A new cyber campaign has emerged, targeting cryptocurrency firms through deceptive recruitment tactics and custom malware designed for macOS systems. Researchers from Wiz have identified this threat actor, known as JINX-0164, which employs social engineering to lure victims into downloading malicious software. The malware is tailored to exploit continuous integration and continuous deployment (CI/CD) infrastructures, increasing the risk of digital asset theft for affected organizations. As cryptocurrency firms often handle significant amounts of valuable digital assets, these attacks could lead to substantial financial losses and damage to their reputations. Companies in the crypto space need to be vigilant and enhance their security measures to protect against these sophisticated threats.

The FBI has issued a warning about a new tactic employed by the Silent Ransom Group (SRG), an extortion gang that is now targeting law firms in the U.S. The group is reportedly conducting in-person data theft attacks, posing a significant risk to sensitive client information held by these firms. This shift to physical attacks raises concerns about the security measures law firms have in place to protect their data. The FBI urges these organizations to enhance their security practices and be vigilant against potential threats. This development highlights the evolving nature of cybercrime, as attackers explore new methods to exploit vulnerabilities in various sectors.

Hackers have taken advantage of a zero-day vulnerability in the KnowledgeDeliver learning management system (LMS) to install a malicious web shell known as Godzilla. This security flaw allows attackers to gain unauthorized access to systems running this LMS, potentially compromising sensitive data and disrupting services. Organizations using KnowledgeDeliver should be particularly vigilant, as the exploitation of this vulnerability could lead to significant operational and data security issues. The presence of a web shell means that attackers can execute commands remotely, making it crucial for affected users to take immediate action to secure their systems. Companies must prioritize patching and monitoring their environments to mitigate the risks associated with this exploit.

A zero-day vulnerability identified as CVE-2026-5426 has been discovered in a Japanese Learning Management System (LMS). This security flaw arises from the use of hard-coded ASP.NET machine keys, which attackers can exploit to deploy Cobalt Strike, a popular penetration testing tool that can also be used for malicious purposes. The exploitation of this vulnerability poses significant risks to educational institutions and organizations using the LMS, potentially allowing unauthorized access to sensitive information and systems. Users of the affected LMS should take immediate steps to secure their systems to prevent potential intrusions.

Trend Micro has reported a serious security vulnerability in its Apex One platform, identified as CVE-2026-34926. This flaw allows for a directory path traversal, which means attackers could potentially access files and directories outside the intended scope. The company has confirmed that this vulnerability is being actively exploited in the wild, with at least one confirmed incident. Organizations using the Apex One platform are at risk, which makes it crucial for them to act quickly. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding this vulnerability, urging affected users to take immediate action to protect their systems.

Nimbus Manticore, an Iranian advanced persistent threat (APT) group, has been actively targeting aviation and software companies using updated tools. This activity has persisted during and after the recent US military actions against Iran, indicating a sustained effort by the group to exploit vulnerabilities within these sectors. The attacks raise concerns about the security of critical infrastructure and sensitive data in industries that are vital to national security and economic stability. Companies in the aviation and software fields should be on high alert and enhance their security measures to defend against these sophisticated threats. The ongoing nature of these operations suggests that the APT is evolving its tactics and tools, which could lead to more significant breaches if not addressed promptly.