The ongoing Middle East conflict has led to a surge in opportunistic cyber attacks. Threat actors are exploiting the situation through phishing, malware distribution, and scams, with notable malware including LOTUSLITE and StealC.

A phishing attack disguised as a Google Meet update is exploiting a legitimate Windows feature to gain control over victims' devices. This attack highlights a growing trend of using legitimate OS features and cloud platforms for malicious purposes.

A new phishing campaign is targeting individuals in the US by impersonating the Social Security Administration. The emails use urgent language such as "Important Disclosures" or "Important Regulatory Information" to prompt immediate action.

Velvet Tempest, also known as DEV-0504, is a threat group involved in ransomware attacks for over five years. They have been linked to ransomware strains such as Ryuk, REvil, Conti, BlackMatter, BlackCat/ALPHV, LockBit, and RansomHub.

A critical vulnerability in Nginx UI, identified as CVE-2026-27944, allows attackers to download and decrypt server backups without authentication. This flaw poses a significant risk by exposing sensitive data.

A critical vulnerability in the User Registration & Membership plugin for WordPress is being actively exploited. This flaw allows attackers to create administrator accounts without authentication, affecting over 60,000 sites.

A Chinese state-sponsored threat actor, UAT-9244, has been identified targeting telecommunications providers in South America with a sophisticated malware toolkit. This group is associated with the FamousSparrow and Tropic Trooper groups.

APT36, a Pakistan-linked hacking group, is targeting Indian government networks with AI-generated malware known as "Vibeware." This strategy involves overwhelming security systems with numerous low-quality malware samples.

Passaic County, New Jersey, is dealing with a significant malware attack that has disrupted its phone lines and IT systems. This incident is part of a broader trend of cyberattacks targeting smaller municipalities and healthcare institutions.

A self-propagating JavaScript worm has impacted Wikipedia, vandalizing pages and modifying user scripts. Wikimedia engineers responded by temporarily restricting editing to investigate and mitigate the attack.