DJBSEC's CyberNews 2026-04-03

Cisco Patches Critical 9.8 CVSS Flaws in IMC and SSM

Cisco has released patches for critical vulnerabilities affecting its Integrated Management Controller (IMC) and Security Services Module (SSM), both rated with a CVSS score of 9.8. These flaws could allow unauthenticated attackers to execute remote code on affected systems. Given the widespread deployment of Cisco infrastructure, the potential impact is significant. Exploitation could lead to full system compromise and disruption of enterprise environments. Organizations are strongly urged to apply patches immediately and review exposed systems.
Read More

Qilin Ransomware Now Capable of Disabling EDR Tools

The Qilin ransomware group has enhanced its capabilities by developing techniques to disable endpoint detection and response (EDR) tools. This allows attackers to operate undetected while encrypting systems and exfiltrating data. By targeting security controls directly, Qilin increases its success rate against enterprise defenses. The evolution highlights how ransomware groups are becoming more sophisticated. Organizations should implement layered security and monitor for tampering with security tools.
Read More

Residential Proxies Bypass IP Reputation Checks in Majority of Sessions

A recent analysis shows that residential proxies were able to evade IP reputation checks in 78% of over 4 billion sessions. Attackers are increasingly using residential IP addresses to blend in with legitimate traffic and bypass security controls. This makes it harder for organizations to detect malicious activity based on IP reputation alone. The trend highlights the limitations of traditional network-based defenses. Security teams are encouraged to adopt behavioral analysis and advanced detection methods.
Read More

Hackers Use Multi-Format Files in Boeing-Themed Phishing Campaign

Threat actors are using a combination of DOCX, RTF, JavaScript, and Python files in a phishing campaign themed around Boeing requests for quotation (RFQs). The multi-format approach helps attackers bypass security filters and increase the likelihood of successful delivery. Once executed, the files deploy malware and establish persistence on victim systems. The campaign targets organizations in industries likely to engage with Boeing. Users are advised to be cautious with unsolicited attachments and verify communications.
Read More

UAC-0255 Impersonates CERT-UA to Deliver AgeWheeze Malware

The threat actor UAC-0255 is impersonating Ukraine’s CERT-UA to distribute AgeWheeze malware through phishing campaigns. Victims receive emails that appear to come from trusted security authorities, increasing the likelihood of interaction. Once executed, the malware enables unauthorized access and data exfiltration. The campaign demonstrates how attackers exploit trust in official organizations. Users should verify communications and remain cautious of unexpected emails.
Read More

Progress ShareFile Vulnerabilities Enable Pre-Auth RCE Attacks

Multiple vulnerabilities in Progress ShareFile can be chained together to enable pre-authentication remote code execution. This means attackers can compromise systems without needing valid credentials. The flaws affect file-sharing environments commonly used in enterprises. Successful exploitation could lead to data breaches and system compromise. Organizations should apply patches immediately and monitor for suspicious activity.
Read More

Storm Infostealer Offered as Malware-as-a-Service

A new infostealer known as Storm is being offered as a malware-as-a-service platform targeting browsers and cryptocurrency wallets. The malware is designed to harvest credentials, financial data, and sensitive information from infected systems. By offering it as a service, cybercriminals can easily deploy attacks without advanced technical skills. This model lowers the barrier to entry for cybercrime. Users are advised to maintain strong security practices and monitor for suspicious activity.
Read More