Episode 49 — 07 May 2026
1. New Cisco DoS flaw requires manual reboot to revive devices
Source: Bleeping Computer
Cisco released security updates to fix a Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) denial-of-service (DoS) vulnerability that requires manually rebooting targeted systems for recovery. Large enterprises and service providers leverage the CNC...
2. Critical vm2 sandbox bug lets attackers execute code on hosts
Source: Bleeping Computer
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases...
3. Hackers abuse Google ads for GoDaddy ManageWP login phishing
Source: Bleeping Computer
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites. The threat actor is using an adversary-in-the-middle (AitM) approach where the fake login page acts as a...
4. MuddyWater hackers use Chaos ransomware as a decoy in attacks
Source: Bleeping Computer
The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and establish persistence. Although the attack involved credential theft, persistence, remote access, data exfiltration,...
5. MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Source: The Hacker News
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to...
6. Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
Source: The Hacker News
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks....
7. ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
Source: The Hacker News
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions...
8. China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
Source: The Hacker News
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under...
