The global threat landscape is witnessing a convergence of sophisticated state-sponsored espionage, deceptive social engineering, and a critical push for enterprise-wide patching. In South America, the China-linked actor UAT-9244 has been observed targeting telecommunications providers. Simultaneously, a new ClickFix campaign has evolved to weaponize the Windows Terminal app, to deploy Lumma Stealer. Furthermore, Cisco has issued an urgent call for defense-in-depth by releasing security patches for 48 vulnerabilities across its flagship enterprise networking products. Read on for more.
01
Microsoft revealed a new ClickFix campaign that uses Windows Terminal instead of the Run dialog to execute malicious commands. It deploys Lumma Stealer.
02
China-linked UAT-9244 has been targeting South American telecommunications providers. It uses three new malware implants: TernDoor, PeerTime, and BruteEntry.
03
A threat actor, Dust Specter, suspected to have ties to Iran, is targeting Iraqi government officials by impersonating Iraq's Ministry of Foreign Affairs to deploy novel malware such as SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM.
04
Hackers are exploiting a critical vulnerability (CVE-2026-1492) in the User Registration & Membership plugin, installed on over 60,000 WordPress sites, to create unauthorized administrator accounts.
05
A critical vulnerability, named ContextCrush, was discovered in the Context7 MCP Server. The flaw allows attackers to inject malicious instructions into AI development tools through trusted documentation channels.
06
Cisco has released security patches for 48 vulnerabilities in its enterprise networking products, including Secure Firewall Adaptive Security Appliance, Secure Firewall Management Center, and Secure Firewall Threat Defense software.
07
The CISA added two critical vulnerabilities, CVE-2017-7921 (Hikvision products) and CVE-2021-22681 (Rockwell Automation products), to its KEV catalog due to active exploitation evidence.
08
In 2025, 90 zero-day vulnerabilities were exploited, a 15% increase from 2024, with 47 targeting end-user platforms and 43 targeting enterprise products.
09
Cisco has confirmed the active exploitation of two vulnerabilities in its Catalyst SD-WAN Manager software, identified as CVE-2026-20122 and CVE-2026-20128.
10
A coalition of seven countries, including Australia, Canada, Japan, the U.K, the U.S., Finland, and Sweden, has launched voluntary cybersecurity and resilience principles for 6G networks through the Global Coalition on Telecoms (GCOT).
