CISA KEV Alerts for Check Point VPN & SolarWinds Flaws; Qilin & Nitrogen Ransomware Hit Major Targets

The Nitrogen ransomware attack on Foxconn utilized malvertising as its initial access vector, leading to trojanized installers. Further analysis reveals the stolen 8TB of data includes confidential engineering documents, circuit board layouts, and network topologies. Critically, the ransomware's ESXi encryptor is flawed, corrupting virtual machines beyond repair and making decryption impossible even if a ransom is paid. This significantly escalates the recovery challenge for Foxconn and highlights the destructive nature of the threat.

A new CrowdStrike report reveals China-nexus APTs, such as MURKY PANDA and MUSTANG PANDA, are responsible for over 58% of state-sponsored attacks on the technology sector. These groups are aggressively targeting AI capabilities and intellectual property to support China's goal of global AI supremacy. New TTPs include widespread password spraying. The report also highlights North Korean adversaries using fraudulent IT worker schemes and eCrime actors leveraging AI for attacks, indicating a broader, escalating threat landscape.

The FBI, now joined by Mandiant, has confirmed the ongoing Silent Ransom Group (Luna Moth) campaign, specifically targeting US law firms. The group continues to employ vishing and social engineering to trick employees into installing legitimate Remote Monitoring and Management (RMM) tools such as Atera, AnyDesk, and Splashtop. This update reinforces the group's brazen tactic of physical office intrusions to exfiltrate data via USB devices, highlighting the persistent and evolving hybrid threat. New mitigation advice includes stricter RMM tool control and enhanced physical security awareness.

The latest report on the actively exploited SolarWinds Serv-U DoS flaw (CVE-2026-28318) provides additional context and technical details. It specifies a CVSS score of 7.5, highlighting the high severity. The article also elaborates on how DoS attacks can be used as a distraction for more sophisticated intrusions, referencing historical targeting of file transfer solutions by groups like Cl0p. Furthermore, it offers expanded hunting hints and detection methods, including configuring WAFs for inbound traffic filtering and enhanced log monitoring strategies, reinforcing the urgency for immediate patching and robust defensive measures.

Following concerns about advanced AI models being weaponized for cyberattacks, U.S. state and local governments are bolstering defenses. A new executive order mandates DHS to aid these efforts. AI companies, notably OpenAI with its GPT-5.5-Cyber model, are collaborating to develop defensive AI tools. A 2025 incident involving a suspected Chinese state-sponsored group using an AI tool for a large-scale attack highlights the immediate nature of this evolving threat, shifting the focus to proactive AI-powered defense and resilience.