Exploitation

Iran-Linked Hackers Target Internet-Exposed PLCs to Disrupt U.S. Critical Infrastructure

Cybersecurity authorities have issued warnings about a surge in attacks by Iran-linked threat actors targeting operational technology systems in the United States. These attacks are focused on internet-accessible industrial devices, particularly programmable logic controllers (PLCs), which are widely used in critical infrastructure environments. According to alerts from the Federal Bureau of Investigation (FBI), these intrusions have […]

Iran-Linked Hackers Target Internet-Exposed PLCs to Disrupt U.S. Critical Infrastructure Read More »

Microsoft Warns of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass on Windows

Microsoft has issued a warning about a newly discovered cyber campaign that uses WhatsApp to distribute malicious Visual Basic Script (VBS) files. The attack chain is designed to compromise Windows systems, establish persistence, and gain elevated privileges through stealth techniques. Attack Begins with Social Engineering The campaign, first observed in late February 2026, relies heavily on social engineering

Microsoft Warns of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass on Windows Read More »

Russian CTRL Toolkit Uses Malicious LNK Files to Hijack RDP Through FRP Tunnels

Cybersecurity researchers have uncovered a sophisticated Russian-origin remote access toolkit called CTRL, which is distributed through malicious Windows shortcut (LNK) files disguised as private key folders. The toolkit enables credential theft, keylogging, and RDP session hijacking, while using Fast Reverse Proxy (FRP) tunnels to maintain stealthy command and control (C2). Multi-Stage Deployment According to Censys Censys, the

Russian CTRL Toolkit Uses Malicious LNK Files to Hijack RDP Through FRP Tunnels Read More »

Citrix NetScaler Faces Active Reconnaissance for CVE-2026-3055 High-Severity Memory Overread Vulnerability

A newly disclosed high-risk vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway is already drawing attention from threat actors, with security firms reporting active reconnaissance activity targeting exposed systems. Critical Memory Overread Vulnerability Identified The flaw, tracked as CVE-2026-3055, has been assigned a CVSS score of 9.3, highlighting its severity. This issue stems from improper input

Citrix NetScaler Faces Active Reconnaissance for CVE-2026-3055 High-Severity Memory Overread Vulnerability Read More »

Hackers Exploit CVE-2025-32975 CVSS 10.0 to Take Over Unpatched Quest KACE SMA Systems

Cybersecurity researchers have identified active exploitation of a critical security flaw affecting Quest KACE Systems Management Appliance (SMA), raising serious concerns for organizations relying on the platform. According to recent findings from Arctic Wolf, suspicious activity linked to this vulnerability began emerging during the week of March 9, 2026. The attacks specifically target SMA systems

Hackers Exploit CVE-2025-32975 CVSS 10.0 to Take Over Unpatched Quest KACE SMA Systems Read More »

Magento PolyShell Vulnerability Allows Unauthenticated File Uploads, RCE, and Account Takeover

A serious security flaw has been identified in Magento that allows unauthenticated attackers to upload malicious files, execute remote code, and potentially take over user accounts. This issue, referred to as PolyShell, has been analyzed by the security firm Sansec. The vulnerability affects all versions of Magento Open Source and Adobe Commerce up to 2.4.9-alpha2.

Magento PolyShell Vulnerability Allows Unauthenticated File Uploads, RCE, and Account Takeover Read More »

Critical Langflow Vulnerability CVE-2026-33017 Exploited Within 20 Hours of Disclosure

A newly disclosed critical vulnerability in the open-source AI platform Langflow has already been actively exploited within just 20 hours of its public announcement, demonstrating how quickly attackers weaponize newly discovered security flaws. The vulnerability, tracked as CVE-2026-33017 with a CVSS score of 9.3, is caused by a combination of missing authentication and unsafe code

Critical Langflow Vulnerability CVE-2026-33017 Exploited Within 20 Hours of Disclosure Read More »

DarkSword iOS Exploit Kit Uses Six Vulnerabilities Including Three Zero Days for Full Device Takeover

A sophisticated iOS exploit framework known as DarkSword has been actively used by multiple threat actors since late 2025 to compromise Apple devices and extract sensitive user data. Research from Google Threat Intelligence Group (GTIG), iVerify, and Lookout reveals that the exploit kit enables near-complete device takeover with minimal user interaction. DarkSword has been deployed

DarkSword iOS Exploit Kit Uses Six Vulnerabilities Including Three Zero Days for Full Device Takeover Read More »

FortiGate Devices

Attackers Exploit FortiGate Devices to Breach Networks and Steal Service Account Credentials

Cybersecurity researchers have uncovered a campaign in which threat actors are exploiting vulnerabilities in FortiGate Next‑Generation Firewall devices to gain unauthorized access to corporate networks and steal sensitive credentials. According to a report from SentinelOne, attackers are targeting firewall appliances by exploiting recently disclosed security flaws or by using weak authentication credentials. Once inside the system,

Attackers Exploit FortiGate Devices to Breach Networks and Steal Service Account Credentials Read More »

Web Server Exploits and Mimikatz

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure

High profile organizations across South Asia, Southeast Asia, and East Asia are being targeted in an ongoing cyber campaign believed to be conducted by a Chinese linked threat group. The attacks have been running for several years and primarily focus on organizations that play a critical role in national infrastructure. Security researchers from Palo Alto Networks

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure Read More »