Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Fortinet
TL;DR
Security teams face multiple actively exploited vulnerabilities in Cisco SD-WAN and Android devices, while a sophisticated iOS exploit kit targets crypto theft. Law enforcement scored wins against ransomware operations and phishing platforms.
Multiple actively exploited vulnerabilities including Cisco SD-WAN flaws and Qualcomm Android components, combined with sophisticated spyware-grade iOS exploit kits targeting high-value victims.
Cisco has flagged two additional Catalyst SD-WAN Manager security flaws as actively exploited in the wild, marking a concerning escalation in attacks against enterprise network infrastructure. The networking giant urges administrators to immediately upgrade vulnerable devices as threat actors continue targeting these critical network management systems.
Cisco released security updates for two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software that could grant attackers root-level access to compromised systems. These CVSS 10.0 flaws represent the highest possible severity rating and demand immediate patching attention.
Researchers disclosed a maximum severity vulnerability in the FreeScout helpdesk platform that allows remote code execution without user interaction or authentication. Dubbed "Mail2Shell," this zero-click attack vector enables complete server compromise through malicious email processing.
Security researchers uncovered "Coruna," a previously undocumented collection of 23 iOS exploits deployed by multiple threat actors in both espionage campaigns and financially motivated attacks targeting cryptocurrency assets. The spyware-grade exploit kit demonstrates the increasing sophistication of mobile device compromise techniques.
Google patched 129 Android vulnerabilities in its March security update, including an actively exploited high-severity flaw affecting a widely deployed Qualcomm component. The targeted attacks demonstrate continued threat actor focus on mobile device compromise through hardware-level vulnerabilities.
Cisco Talos disclosed UAT-9244, a China-nexus advanced persistent threat actor with high confidence ties to Famous Sparrow. The group deployed three new malware implants against South American telecommunications providers, highlighting continued APT focus on critical infrastructure sectors.
Following U.S.-Israeli strikes on Iran, FortiGuard Labs observed rising regional cyber activity but noted the absence of large-scale cyber retaliation. Organizations should strengthen cyber hygiene, rotate credentials, and reduce exposure as geopolitical tensions may trigger future campaigns.
The FBI seized the LeakBase cybercrime forum, a major marketplace where cybercriminals bought and sold hacking tools and stolen data. The operation captured data from 142,000 forum members, dealing a significant blow to the underground economy.
An international law enforcement operation coordinated by Europol disrupted Tycoon2FA, a major phishing-as-a-service platform linked to tens of millions of phishing messages monthly. The takedown removes a critical infrastructure component used by multiple threat actors.
A Russian national pleaded guilty to wire fraud conspiracy charges related to administering the Phobos ransomware operation, which breached hundreds of victims worldwide. The legal action represents continued law enforcement pressure on ransomware operators.
The University of Mississippi Medical Center resumed normal operations nine days after a ransomware attack blocked access to electronic medical records and disabled IT systems. The incident highlights ongoing ransomware threats to critical healthcare infrastructure.
Huntress Labs detailed how a routine RDP brute-force alert uncovered a geo-distributed VPN-linked infrastructure connected to suspected ransomware-as-a-service operations tied to initial access brokers. The analysis demonstrates the interconnected nature of modern cybercrime ecosystems.
LastPass warned users of phishing campaigns using fake unauthorized account access alerts to steal vault passwords. The attacks demonstrate continued threat actor focus on password manager users as high-value targets.
Customers of restaurants using the HungerRush point-of-sale platform received extortion emails from threat actors warning that restaurant and customer data could be exposed if the company fails to respond to demands.
Researchers discovered attackers abusing OAuth's built-in redirect functionality to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads, exploiting trust in major authentication providers.
Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication and advancing passwordless security adoption.
The Supreme Court will decide whether geofence warrants are constitutional, with Google urging justices to strike down the controversial warrants that can sweep up location data from hundreds of phones near crime scenes.
Originally reported by BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Fortinet