Critical Cisco IMC Authentication Bypass Enables Unauthenticated Admin Access
Cisco has released urgent security patches addressing multiple critical and high-severity vulnerabilities, including a maximum-severity…
Critical Cisco IMC Authentication Bypass Enables Unauthenticated Admin Access
Cisco has released urgent security patches addressing multiple critical and high-severity vulnerabilities, including a maximum-severity authentication bypass in the Integrated Management Controller (IMC) that allows unauthenticated attackers to gain administrative access to affected systems. CVE-2026-20093: The Core Vulnerability Tracked as CVE-2026-20093, this critical vulnerability exists in the Cisco IMC password change functionality. The flaw enables…
Critical Cisco IMC Authentication Bypass Grants Remote Attackers Admin Privileges
Cisco has released emergency security updates to patch a critical authentication bypass vulnerability in its Integrated Management Controller (IMC), a critical component embedded on the motherboard of Cisco UCS C-Series and E-Series servers that provides out-of-band management capabilities. The Vulnerability: CVE-2026-20093 Tracked as CVE-2026-20093, this maximum-severity flaw exists in the password change functionality of Cisco…
CrystalX RAT: New Malware-as-a-Service Combines Spyware, Stealer, and Prankware Capabilities
Kaspersky researchers have uncovered CrystalX RAT, a sophisticated new malware-as-a-service (MaaS) platform that combines remote access trojan capabilities with data theft, keylogging, and uniquely disturbing prankware features designed to psychologically torment victims. From Webcrystal to CrystalX: The Evolution First observed in January 2026 as Webcrystal RAT, the malware was initially promoted through private Telegram groups….
CL-STA-1087: Chinese APT Targets Southeast Asian Militaries with AppleChris and MemFun Backdoors
Unit 42 researchers have uncovered a sophisticated Chinese espionage campaign, designated CL-STA-1087, that has been systematically targeting military organizations across Southeast Asia since at least 2020. The state-sponsored operation demonstrates exceptional operational patience and deploys previously undocumented malware tools designed for long-term intelligence collection against regional defense forces. Executive Summary The investigation reveals a methodical…
UAT-10608: NEXUS Listener Framework Compromises 766 Next.js Hosts in 24-Hour Credential Harvesting Blitz
Cisco Talos has disclosed a large-scale automated credential harvesting campaign carried out by a threat cluster they are tracking as “UAT-10608.” The systematic exploitation campaign leverages a custom framework called “NEXUS Listener” to target Next.js applications vulnerable to React2Shell (CVE-2025-55182), resulting in the compromise of at least 766 hosts within a 24-hour period. Key Findings…
DPRK Threat Actors Leverage GitHub as Command and Control Infrastructure in Multi-Stage LNK Attacks
North Korean state-sponsored threat actors have been observed targeting South Korean organizations with a sophisticated multi-stage attack chain that abuses GitHub as command and control (C2) infrastructure. Fortinet FortiGuard Labs published research on April 2, 2026 detailing the campaign, which leverages malicious LNK (shortcut) files, encoded payloads, and living-off-the-land (LOTL) techniques to maintain persistence while…
LiteLLM Supply Chain Attack: TeamPCP Deploys Multi-Stage Credential Stealer to 95M Monthly Downloads
A sophisticated supply chain attack has compromised LiteLLM, the widely-used Python library for interfacing with large language models, delivering multi-stage credential-stealing malware to systems downloading over 95 million packages per month. The attack, attributed to TeamPCP—the same threat group behind the recent Trivy supply chain compromises—targeted LiteLLM versions 1.82.7 and 1.82.8 on PyPI. According to…
Operation TrueChaos: Chinese APT Exploits TrueConf Zero-Day CVE-2026-3502 to Target Southeast Asian Governments
A critical zero-day vulnerability in the TrueConf video conferencing platform is being actively exploited in a sophisticated espionage campaign targeting government entities across Southeast Asia. Check Point Research has uncovered Operation TrueChaos, a targeted attack campaign weaponizing CVE-2026-3502 (CVSS 7.8) to compromise dozens of government agencies through a single compromised TrueConf server. The campaign deploys…
Axios npm Supply Chain Attack Deploys Cross-Platform RAT to 83 Million Weekly Users
On March 31, 2026, the cybersecurity landscape was shaken by a significant supply chain attack targeting Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem with over 83 million weekly downloads. Attackers compromised a maintainer account to inject a cross-platform remote access trojan (RAT) into two malicious package versions. Attack…
DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign
A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat after observing it achieve persistent, credential-stealing access through a single user action. What Makes DeepLoad Different DeepLoad isn’t notable for any single technique—it’s the…
