News

Security researchers have identified RemotePE, a cross-platform malware used by North Korea-linked Lazarus Group to attack financial and cryptocurrency organizations. The malware operates as part of a sophisticated multi-stage attack chain involving two loaders: DPAPILoader and RemotePELoader. DPAPILoader functions to decrypt and execute subsequent malicious payloads, while RemotePELoader facilitates the deployment of RemotePE in memory without writing to disk. This memory-only approach makes detection difficult for traditional security tools. The campaign specifically targets organizations handling digital assets and financial services, highlighting persistent threats to India's growing crypto and fintech sectors. Source: NCC Group/Fox-IT Research.

Security experts have identified several emerging cybersecurity threats that individuals and organizations should prepare for in 2026. These trends include evolving attack methods targeting both personal and corporate data, increased sophistication in malware development, and new vulnerabilities in digital infrastructure. As cyber threats continue to advance, staying informed about these emerging patterns helps users strengthen their defenses. Indian internet users are particularly advised to maintain updated security practices, enable multi-factor authentication, and remain cautious of suspicious digital activities. Organizations should conduct regular security audits and employee training to combat these anticipated threats effectively. Source: Simplilearn.com.

Security researchers discovered a coordinated attack called TrapDoor targeting three major software package repositories: npm, PyPI, and Crates.io. The campaign distributed malicious code across 34 packages with over 384 versions designed to steal user credentials. Attackers published these packages in waves starting May 22, 2026, exploiting the trust developers place in open-source libraries. This supply chain attack demonstrates how cybercriminals can compromise software development tools to reach thousands of potential victims. Developers using affected packages are at risk of credential theft and system compromise. Source: Security Research Publication.

Wireshark, the widely-used network analysis tool, has released version 4.6.6 with important security updates. The latest release addresses one vulnerability and fixes eleven bugs to improve stability and security. Wireshark is commonly used by IT professionals and cybersecurity experts for monitoring network traffic and diagnosing connectivity issues. Users are advised to update to this version to benefit from the security patch and bug fixes. Keeping network analysis tools updated helps organizations maintain better visibility into their network activities and identify potential threats more effectively. Source: Wireshark.

A critical vulnerability (CVE-2026-48172) has been discovered in the LiteSpeed cPanel plugin that enables attackers to gain root-level privileges on affected systems. Security researchers report active exploitation of this flaw in the wild. System administrators running LiteSpeed with cPanel should immediately apply available patches to prevent unauthorized access. This vulnerability poses significant risk to web hosting infrastructure and server security across India. Users are urged to update their installations urgently and monitor systems for suspicious activity indicative of compromise. Source: Rescana.

Major tech companies have introduced dedicated security modes to protect users from targeted spyware attacks. Apple, Google, and Meta offer enhanced protection features that strengthen device defenses against sophisticated threats. These modes implement stricter security protocols and limit certain functionalities to reduce vulnerability. Users can activate these protective settings through their device preferences. Understanding how these security modes function and when to enable them is crucial for preventing unauthorized surveillance and protecting personal data from malicious actors attempting spyware installation. Source: Security publication.

Recent security research has identified three critical vulnerabilities in Linux systems—Dirty Frag, Copy Fail, and Fragesia—discovered through AI-assisted code analysis tools. These findings highlight an emerging trend where artificial intelligence is uncovering previously undetected bugs in widely-used operating systems. The vulnerabilities pose potential security risks for servers and systems relying on Linux infrastructure. Security experts warn that as AI scanning tools become more sophisticated, attackers may also leverage similar technology to identify exploitable flaws. Organizations running Linux systems should monitor security advisories and apply patches promptly to mitigate exposure to these newly-discovered threats. Source: Original publication.

Security training programs like SEC670 focus on red teaming and developing Windows malware, including shellcode and command-control systems. This approach complements traditional malware analysis courses by examining threats from the attacker's perspective rather than through reverse engineering. Understanding malware development techniques, including stack string obfuscation methods used in high-level languages, helps security professionals better recognize and defend against sophisticated cyber threats. Such knowledge enables analysts to identify malicious code patterns and improve detection capabilities. Source: SANS Institute.

Security researchers have identified a significant vulnerability in AppArmor, a Linux security framework, that could potentially allow attackers to gain root-level access to systems. The flaw, termed CrackArmor, has been detected and documented by Qualys, a prominent cybersecurity firm. This vulnerability affects systems relying on AppArmor for access control and permission management. Organizations using AppArmor-protected Linux environments should prioritize patching and updating their systems to mitigate exploitation risks. System administrators are advised to assess their infrastructure for exposure and apply security updates promptly to prevent unauthorized access escalation.

Attackers exploited an exposed F5 BIG-IP edge appliance to launch a multi-stage intrusion targeting Linux systems. The threat actors pivoted to an internal Confluence server to steal credentials and compromise user identities. The attack involved attempts at Kerberos relay attacks and lateral movement across the network. Microsoft Defender successfully detected and blocked the attack chain, providing insights into how such edge appliance compromises can escalate into enterprise-wide threats. Organizations should secure exposed edge devices and monitor for suspicious lateral movement activities. Source: Microsoft Security Blog.

A clothing brand's website was hijacked by cybercriminals who attempted to distribute malware to visitors. Users on social media platforms reported the compromise, which led to the website being taken offline. The attackers had modified the site to trick unsuspecting users into downloading malicious software. Website hijacking incidents like these highlight the importance of maintaining strong security measures and regularly monitoring for unauthorized access. Users should avoid clicking suspicious links or downloading files from compromised websites and keep their systems updated with latest security patches. Source: Security Reports.

India's cybersecurity teams should note that CISA, the US Cybersecurity and Infrastructure Security Agency, has added CVE-2026-9082, a critical SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities catalog. This designation indicates active exploitation by threat actors. While CISA's mandate applies to US federal agencies, the agency recommends all organizations globally prioritize patching this vulnerability as part of standard security practices. SQL injection flaws remain favored attack vectors for cybercriminals targeting enterprise systems. Organizations running Drupal should apply available patches immediately to prevent potential compromise. Source: CISA.