Cisco and Microsoft Grapple with Actively Exploited Zero-Days; Foxconn Hit by Major Ransomware Attack
Summary
This reporting period has been dominated by critical zero-day vulnerabilities, with both Cisco and Microsoft confirming active exploitation of flaws in Catalyst SD-WAN and on-premises Exchange Servers, respectively. Adding to the pressure, two unpatched Windows zero-days affecting BitLocker and privilege escalation were publicly disclosed. In the threat landscape, electronics giant Foxconn confirmed a significant ransomware attack by the Nitrogen group, while multiple Chinese and Belarusian state-sponsored APTs were observed launching new campaigns with updated toolsets. Regulators in the UK have also issued a stark warning about emerging cyber risks from frontier AI, signaling a new front in cybersecurity policy.
Today New Articles
Cisco Scrambles to Patch Critical 10.0 CVSS Zero-Day in SD-WAN Under Active Attack
Cisco has released emergency patches for a critical authentication bypass vulnerability (CVE-2026-20182) in its Catalyst SD-WAN products, which carries a maximum CVSS score of 10.0. The flaw is being actively exploited in targeted attacks by a sophisticated th...
Microsoft Exchange Zero-Day Under Active Attack, Mitigations Deployed Automatically
Microsoft has disclosed a new high-severity zero-day vulnerability (CVE-2026-42897) in on-premises Exchange Server 2016, 2019, and Subscription Edition. The flaw, a cross-site scripting (XSS) issue in Outlook Web Access (OWA), is being actively exploited for s...
UK Financial Regulators Put Firms on Notice Over Frontier AI Cyber Risks
The Bank of England, the Financial Conduct Authority (FCA), and HM Treasury have issued a joint statement warning UK financial firms about the escalating cyber threats posed by frontier AI. The regulators stressed that AI's ability to amplify attacks requires...
Belarus-Aligned APT 'FrostyNeighbor' Deploys New JavaScript Loader in Attacks on Poland & Ukraine
The Belarus-aligned cyber-espionage group 'FrostyNeighbor' (also known as Ghostwriter/UNC1151) has launched a new wave of attacks targeting government and military organizations in Poland and Ukraine. Active since at least March 2026, the campaign showcases an...
Massive Phishing Blitz Targets 2026 FIFA World Cup Fans with 79+ Fake Sites
Security researchers are warning of a massive phishing campaign targeting fans of the upcoming 2026 FIFA World Cup. Attackers have registered at least 79 fraudulent websites that are near-perfect clones of the official FIFA site. These scams aim to steal crede...
New 'Rex' Ransomware Emerges, Using Double Extortion and .rex48 Extension
A new ransomware strain named "Rex" has been discovered by researchers at CYFIRMA. Targeting Windows enterprise environments, the malware encrypts files, appends a ".rex48" extension, and drops an HTML ransom note. Rex employs a double extortion strategy, thre...
Chinese APT FamousSparrow Hits Azerbaijan Energy Sector with Deed RAT
The China-linked APT group FamousSparrow has expanded its targeting to include the energy sector in Azerbaijan, likely driven by the country's growing importance as an energy supplier to Europe. A campaign running until February 2026 saw the group exploit Micr...
UK Announces Major Cyber Law Overhaul, Including Reforms to Computer Misuse Act
The UK government has announced a significant legislative agenda to reform its digital and cyber regulatory framework. The plan includes a new Cyber Security and Resilience Bill, which will align the UK more closely with the EU's NIS 2 directive, and crucial r...
Gremlin Stealer Hides in Plain Sight, Using .NET Resources to Steal Crypto and Sessions
Unit 42 has analyzed a new, highly evolved variant of the Gremlin information stealer. This version marks a significant upgrade in stealth and capability, now embedding its malicious payload within the .NET resource section and using XOR encoding to bypass det...
Article Updates
Chinese APT Mustang Panda Targets Indian Banks, Korean Policy Experts in Espionage Campaign
Update:The new report details Mustang Panda's (aka Twill Typhoon) continued espionage, now using fake CDN sites impersonating Apple and Yahoo for initial access. This campaign, active since September 2025, targets organizations in the Asia-Pacific and Japan, includin...
Industrial Sector Most Targeted by Ransomware, NCC Group Report Warns
Update:This update reinforces the NCC Group's findings on the industrial sector being the primary target for ransomware. It expands on the technical analysis of IT-to-OT lateral movement, explicitly mentioning initial access via VPN vulnerabilities (MITRE T1133) and...
Foxconn North America Hit by Nitrogen Ransomware; 8TB of Data Allegedly Stolen
Update:The Nitrogen ransomware group has provided further evidence of the alleged 8TB data exfiltration from Foxconn's North American operations by posting screenshots of stolen files. These screenshots reportedly include hardware schematics and confidential project...
Update:Further technical details have been released for the YellowKey and GreenPlasma Windows zero-days. YellowKey, a BitLocker bypass, is confirmed to affect Windows 11, Server 2022, and Server 2025, leveraging the Windows Recovery Environment (WinRE) with specially...