Tag: active-exploitation

Iranian APT Groups Intensify Cyber Operations Against U.S. and Middle East Infrastructure

Check Point researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf states for military intelligence, while Broadcom's Symantec team uncovered MuddyWater deploying the new Dindoor backdoor against U.S. banks, airports, and nonprofits.

Mar 7, 2026Security Affairs

iranmuddywaterapt

🇮🇷MuddyWater

criticalMalware & Threats

Active Exploitation Surge: Cisco SD-WAN Flaws, iOS Exploit Kit, and Law Enforcement Disruptions

Security teams face multiple actively exploited vulnerabilities in Cisco SD-WAN and Android devices, while a sophisticated iOS exploit kit targets crypto theft. Law enforcement scored wins against ransomware operations and phishing platforms.

Mar 5, 2026BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Fortinet

cisco-vulnerabilitiesios-exploitsransomware

🏴Phobos

🇺🇸Google🇺🇸Near Intelligence

criticalIndustry & Policy

Weekly Threat Brief: Feb 23 - Mar 2, 2026 , Critical Infrastructure Under Active Exploitation

A three-year-old Cisco SD-WAN zero-day under active exploitation headlines a week of critical infrastructure vulnerabilities, while nation-state actors increasingly weaponize AI tools and geopolitical tensions drive cyber escalation.

Mar 2, 2026Black Temple Weekly Digest

weekly-roundupthreat-intelligencecritical-infrastructure

🏴ShinyHunters🇮🇷MuddyWater🇷🇺APT28

criticalVulnerabilities & Exploits

CISA Adds FileZen to KEV as Multiple Critical Vulnerabilities Surface

CISA added FileZen CVE-2026-25108 to its KEV catalog following confirmed active exploitation of the command injection vulnerability. Separately, GitHub patched the RoguePilot flaw that allowed attackers to steal tokens via malicious Copilot instructions, while Microsoft identified a developer-targeting campaign using poisoned Next.js repositories.

Feb 25, 2026The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates

filezencisa-kevgithub-copilot

criticalMalware & Threats

Active RoundCube Exploitation, AI-Generated Stealers, and France's FICOBA Breach

CISA flags actively exploited RoundCube flaws, researchers analyze AI-generated Arkanix Stealer, and France discloses 1.2M account breach in national banking registry.

Feb 23, 2026BleepingComputer, Checkpoint Research, Malwarebytes Labs

roundcubecisa-kevinfo-stealer

🇨🇳TikTok

criticalMalware & Threats

Critical Infrastructure Under Siege: From Actively Exploited BeyondTrust RCE to Healthcare Ransomware Shutdowns

CISA warns of actively exploited BeyondTrust RCE in ransomware campaigns while healthcare systems face operational shutdowns and AI-powered malware emerges on Android.

Feb 20, 2026BleepingComputer, Malwarebytes Labs, Fortinet

ransomwaredata-breachactive-exploitation

🇺🇸Meta Platforms🇺🇸Google

criticalVulnerabilities & Exploits

CISA Adds GitLab SSRF and Dell RP4VMs Hard-coded Credentials Vulnerabilities to KEV Catalog

CISA adds GitLab SSRF and Dell RecoverPoint hard-coded credential vulnerabilities to KEV catalog, requiring federal agencies to remediate due to active exploitation evidence.

Feb 18, 2026CISA Alerts

cisa-kevgitlabdell