Category: Uncategorized

  • Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

    Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

    A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations.
    According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design.
    “Fast16’s hook engine is selectively interested in
  • NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

    A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.
    The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the
  • Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

    Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

    Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase.

    “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana
    said
    in a series of

  • Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

    Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

    A critical security vulnerability impacting the
    Funnel Builder
    plugin for WordPress has come under active exploitation in the wild to
    inject malicious JavaScript code
    into WooCommerce checkout pages with the goal of stealing payment data.

    Details of the activity were
    published
    by Sansec this week. The vulnerability currently does not have an official CVE identifier. It

  • Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

    Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

    The Russian state-sponsored hacking group known as

    Turla

    has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts.

    Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia’s Federal Security Service (FSB)

  • Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

    Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

    Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence.

    The vulnerabilities, collectively dubbed

    Claw Chain

    by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below –

  • What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

    What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

    In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender’s analysis
  • On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

    On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

    Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild.
    The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue.
  • CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

    CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

    The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026.
    The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It’s
  • Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

    Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

    Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks.
    The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0.
    “A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly