Vulnerability | Breaking Cybersecurity News | The Hacker News

New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It's affiliated with the Iranian Ministry of Intelligence and Security (MOIS). The campaign is assessed to have begun in early February, with recent activity detected following U.S. and Israeli military strikes on Iran . "The software company is a supplier to the defense and aerospace industries, among others, and has a presence in Israel, with the company's Israel operation seeming to be the target in this activity," the security vendor said in a report shared with The Hacker News. The attacks targeting the software company, as well as a U.S. bank and a Canadian non-profit, have been found to p...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The critical-severity vulnerabilities are listed below - CVE-2017-7921 (CVSS score: 9.8) - An improper authentication vulnerability affecting multiple Hikvision products that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.  CVE-2021-22681 (CVSS score: 9.8) - An insufficiently protected credentials vulnerability affecting multiple Rockwell Automation Studio 5000 Logix Designer, RSLogix 5000, and Logix Controllers that could allow an unauthorized user with network access to the controller to bypass the verification mechanism and authenticate with it, as well as alter its configuration and/or application code. The addition of CVE-2017-7921 to the KEV catalog comes more...

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2026-20122 (CVSS score: 7.1) - An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. Successful exploitation requires the attacker to have valid read-only credentials with API access on the affected system. CVE-2026-20128 (CVSS score: 5.5) - An information disclosure vulnerability that could allow an authenticated, local attacker to gain Data Collection Agent (DCA) user privileges on an affected system. Successful exploitation requires the attacker to have valid vManage credentials on the affected system. Patches for the security defects, along with CVE-2026-20126, CVE-2026-20129, and CVE-2026-20133, were released by Cisco late last month in the following versions - Earli...

Some weeks in cybersecurity feel routine. This one doesn’t. Several new developments surfaced over the past few days, showing how quickly the threat landscape keeps shifting. Researchers uncovered fresh activity, security teams shared new findings, and a few unexpected moves from major tech companies also drew attention. Together, these updates offer a useful snapshot of what is happening behind the scenes in the cyber world right now. From new tactics and campaigns to security and policy changes that could affect millions of users, there is a lot unfolding at once. Below is a quick roundup of the most notable stories making headlines this week. Phishing Campaign Deploys Multiple Malware Strains Ukraine Targeted by SHADOWSNIFF, SALATSTEALER, DEAFTICKK Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a hacking campaign targeting Ukrainian government institutions using phishing emails containing a...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria Operations to its Known Exploited Vulnerabilities ( KEV ) catalog, citing active exploitation in the wild. The high-severity vulnerability, CVE-2026-22719 (CVSS score: 8.1), has been described as a case of command injection that could allow an unauthenticated attacker to execute arbitrary commands. "A malicious unauthenticated actor may exploit this issue to execute arbitrary commands, which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress," the company said in an advisory released late last month. The shortcoming was addressed, along withCVE-2026-22720, a stored cross-site scripting vulnerability, and CVE-2026-22721, a privilege escalation vulnerability that could result in administrative access. It impacts the following products - VMware Cloud Foundatio...