Gamaredon Evolves, SimpleHelp Flaw Exploited, StegoAd Dismantled
X Composer Copy Block
Use Plain Text first. If your posting workflow supports markdown, use Markdown.
Suggested hashtags (5): #Vulnerability #Malware #CyberSecurity #Phishing #SupplyChainSecurity
Summary
Today's cybersecurity landscape features significant updates and new threats. The Russian APT Gamaredon has enhanced its cyber-espionage against Ukraine, now extensively abusing legitimate cloud services like Dropbox and Amazon S3 for command-and-control (C2) infrastructure, making detection harder. They've also introduced PteroPaste malware, leveraging malicious LNK files for initial access and lateral movement, and continue to collaborate with Turla.
A critical authentication bypass vulnerability (CVE-2026-48558) in SimpleHelp remote support software is being actively exploited, allowing attackers to deploy the new Djinn Stealer. This flaw, rated 10.0 CVSS, enables attackers to bypass MFA and compromise connected endpoints, leading CISA to add it to its Known Exploited Vulnerabilities catalog.
Microsoft has dismantled 'StegoAd,' a malicious Edge extension campaign that operated for over two years. The campaign involved 119 extensions, downloaded by up to 2.6 million users, which used steganography to hide malicious JavaScript. These extensions performed ad fraud and had backdoor capabilities to steal credentials and exfiltrate browser cookies, linked to Chinese actor DarkSpectre.
A new class of vulnerability, 'GuardFall,' affects AI coding agents, allowing old Bash tricks to bypass modern security. This exposes developers to supply chain attacks and credential theft. Additionally, a critical pre-authentication RCE flaw (CVE-2026-55200) in the widely used libssh2 library poses a widespread risk due to its embedding in numerous software products.
In regulatory news, the EDPB has adopted a common template for GDPR data breach notifications to simplify compliance. Meanwhile, new email attacks are using real Microsoft login pages to bypass MFA through adversary-in-the-middle techniques. Finally, TUANZ in New Zealand is calling for 'security by design' in the nation's digital future, advocating for stronger accountability from technology providers.
Today New Articles
SimpleHelp RMM Flaw Actively Exploited to Deploy Novel Djinn Stealer
A critical authentication bypass vulnerability, CVE-2026-48558, in SimpleHelp remote support software is being actively exploited to gain administrative access to servers. Attackers are leveraging this 10.0 CVSS flaw to deploy a new, cross-platform information...
Microsoft Dismantles "StegoAd," a Malicious Edge Extension Campaign Using Steganography
Microsoft has disrupted a major malicious browser extension campaign named 'StegoAd' that affected its Edge Add-ons store for over two years. The operation involved 119 extensions, downloaded by up to 2.6 million users, which used steganography to hide malicio...
"GuardFall" Flaw Lets Old Bash Tricks Bypass Modern AI Agent Security
A new class of vulnerability named 'GuardFall' has been discovered, affecting ten out of eleven popular open-source AI coding agents. The flaw allows attackers to bypass the agents' security guards using decades-old Bash shell obfuscation tricks. By crafting m...
Critical Pre-Auth RCE Flaw in libssh2 Library Poses Widespread Risk
A critical remote code execution (RCE) vulnerability, CVE-2026-55200, has been disclosed in libssh2, a widely used open-source SSH client library. The flaw, rated 9.8 on the CVSS scale, is a pre-authentication heap buffer overflow that can be triggered by a ma...
EDPB Adopts Common Template for GDPR Data Breach Notifications
The European Data Protection Board (EDPB) has adopted a common, standardized template for organizations to use when notifying supervisory authorities of a personal data breach under the GDPR. This initiative aims to simplify the compliance process and harmoniz...
New Email Attacks Use Real Microsoft Login Pages to Bypass MFA
Security researchers are warning about increasingly sophisticated email attacks, including the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform. This adversary-in-the-middle (AiTM) attack uses a reverse proxy to present the victim with a real Microsoft login...
TUANZ Calls for "Security by Design" in New Zealand's Digital Future
The Tech Users Association of New Zealand (TUANZ) has published a new position paper urging a fundamental shift in the nation's cybersecurity strategy. The group is calling for a move away from the current 'user beware' model, which places a heavy burden on in...
Article Updates
Russian APT Gamaredon Enhances Malware and Evasion Techniques in Ukraine War
Update:The Russian APT Gamaredon has further evolved its cyber-espionage campaign against Ukraine. Beyond Cloudflare, the group now extensively abuses legitimate cloud services like Dropbox and Amazon S3 for command-and-control (C2) infrastructure, making its malicio...