Critical Alerts

• Sangoma FreePBX Compromise: Over 900 instances have been compromised through web shell attacks. Immediate action is required to secure these systems and remove unauthorized access.
• RESURGE Malware on Ivanti Devices: CISA has issued a warning regarding the RESURGE malware, which can remain dormant on Ivanti devices. Organizations should conduct thorough scans and apply necessary patches.

CVE Analysis

• CVE-2026-21718: A critical authentication bypass in Copeland XWEB Pro version 1.12.1 and prior. Immediate patching is advised.
• CVE-2026-28409: A critical RCE vulnerability in WeGIA prior to version 3.6.5. Update to the latest version to mitigate risk.

Trends & Patterns

• APT37 Activity: The group is using new malware to breach air-gapped networks, indicating a trend towards more sophisticated attacks on isolated systems.
• Crypto Scams and Law Enforcement: The DoJ's seizure of $61 million in Tether linked to scams highlights ongoing efforts to combat cryptocurrency-related fraud.

Notable Articles

• Europol's Crackdown on The Com Hackers: A significant operation leading to 30 arrests, showcasing international cooperation in cybercrime prevention.
• Meta's Legal Actions: Lawsuits filed against advertisers in Brazil, China, and Vietnam over celebrity-bait scams, emphasizing the need for vigilance in digital advertising.

Recommendations

• Patch Management: Prioritize patching systems affected by critical CVEs, particularly those with high CVSS scores.
• Network Monitoring: Enhance monitoring to detect unauthorized access and potential malware activity, especially on Ivanti devices.
• User Education: Conduct training sessions to raise awareness about phishing and social engineering tactics, particularly in relation to cryptocurrency scams.
• Incident Response Preparedness: Review and update incident response plans to ensure quick action in the event of a breach.