Cybersecurity News - Page 14

The intrusion originated from a single SmarterMail VM that had been set up by an employee and was not receiving updates.

The activity may have involved recently disclosed flaws tracked as CVE-2025-40551 and CVE-2025-40536, or a previous issue (CVE-2025-26399).

The activity exploits exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, as well as the critical React2Shell vulnerability.

The flaws (CVE-2026-1281 and CVE-2026-1340) allow attackers to remotely compromise mobile device management systems without authentication.

The attackers are exploiting Signal’s legitimate features rather than malware or software vulnerabilities.

TGR-STA-1030 relies on an extensive toolkit of frameworks, web shells, tunneling utilities to maintain long-term access.

DKnife is a post-compromise framework designed for traffic monitoring and adversary-in-the-middle (AitM) attacks.

The campaign, tracked by US and allied authorities, has previously targeted telecommunications providers and other critical infrastructure abroad.

In brief: Russian hackers exploit a Microsoft Office flaw, Citrix NetScaler infrastructure targeted in a coordinated campaign, and more.

Amaranth Dragon began exploiting CVE-2025-8088 on August 18, 2025, just days after a working exploit became public.