Threat Alerts

A critical vulnerability in Cisco’s SD-WAN platform, CVE-2026-20127 (CVSS Score 10.0), has been actively exploited since at least 2023, allowing remote, unauthenticated attackers to bypass authentication and gain full administrative control over affected systems. The flaw impacts all deployment types — on-premises and cloud-hosted environments alike — making its reach exceptionally broad and the risk to network infrastructure severe.

The vulnerability stems from a broken peering authentication mechanism, which attackers exploit by sending specially crafted requests to exposed systems. Once inside, they gain access to a high-privileged internal account, which they then use to manipulate network configurations across the SD-WAN fabric via NETCONF. The threat actor behind the campaign, did not stop at initial access — evidence was found that the attacker deliberately downgraded the software version to escalate privileges to root, leveraging a separate known vulnerability, CVE-2022-20775 (CVSS Score 7.8), before restoring the original version to maintain stealthy, persistent root access.

This multi-stage infection chain — initial authentication bypass, privilege escalation through version manipulation, and silent restoration of the environment — reflects a level of operational sophistication designed to evade detection over extended periods.

A newly identified malware, RESURGE, targets Ivanti Connect Secure appliances by exploiting a critical unauthenticated remote code execution vulnerability, CVE-2025-0282(CVSS Score 9.0). Because Ivanti’s affected products serve as internet-facing VPN gateways, this flaw provides attackers with a direct entry point into enterprise networks without requiring valid credentials. The combination of a highly accessible attack surface and a sophisticated, multi-functional implant makes this threat particularly severe for organizations relying on these appliances for remote access.
The vulnerability itself stems from improper bounds checking when the appliance processes certain protocol packets from unauthenticated clients, allowing a specially crafted request to overflow stack memory and redirect execution flow. Attackers typically identify exposed appliances and send malformed requests, often routing their activity through anonymizing infrastructure to obscure their origin. Once remote code execution is achieved, RESURGE is deployed directly onto the compromised device. The malware operates simultaneously as a backdoor, dropper, rootkit, and trojan, and distinguishes itself through a fully passive command and control architecture — it never initiates outbound connections, instead embedding itself into the appliance’s native web server process and silently monitoring inbound traffic for specially crafted operator commands. Authentication is handled covertly within the TLS handshake itself, making all sessions appear legitimate to outside observers.
Beyond initial access, the malware establishes deep persistence through multiple mechanisms: it hooks into system startup processes, tampers with the device’s built-in integrity checker by replacing file hashes, modifies integrity scanning scripts to suppress detection, and even injects malicious components into the boot image in a way that can survive reboots and potentially factory resets. An embedded log-manipulation module further suppresses forensic evidence by intercepting and altering log entries at runtime. Bundled utilities give operators broad capabilities for file manipulation and system modification once inside. The layered nature of this implant — combining covert communication, anti-forensic capabilities, and boot-level persistence — makes it exceptionally difficult to detect and fully eradicate from a compromised environment.

A highly critical vulnerability has been disclosed in Angular Server-Side Rendering (SSR), tracked as CVE-2026-27739 (CVSS 9.2). The flaw enables Server-Side Request Forgery (SSRF) by exploiting weaknesses in how the framework constructs and processes URLs during server-side request handling. Successful exploitation allows attackers to coerce vulnerable applications into issuing unauthorized internal requests, potentially exposing sensitive credentials, internal services and cloud metadata endpoints that are not accessible from the public internet.

The root cause stems from insufficient validation of HTTP headers used to determine request origin and routing. Attackers can manipulate these headers to spoof domains, inject malformed port values and alter path components, which are then incorporated into URL construction logic without sanitization. Because Angular’s internal HTTP client resolves relative URLs using this attacker-controlled base, subsequent server-side requests can be redirected to malicious endpoints, leaking authorization tokens and session cookies. The vulnerability affects deployments where SSR is enabled, the application server is directly reachable and upstream infrastructure fails to normalize or filter incoming headers. Patched versions are available, along with interim mitigations, but the high severity and potential for internal network exposure make this one of the most serious SSR-related flaws disclosed in recent years.

A newly identified supply chain campaign has introduced 26 malicious npm packages into the developer ecosystem, designed to steal credentials, secrets, and sensitive data from developer environments. The campaign is attributed to a North Korean-aligned threat actor with a documented history of targeting software developers, particularly those working in cryptocurrency and Web3 development.
The infection begins at install time, where a built-in hook automatically triggers a loader that uses character-level steganography to decode command-and-control infrastructure hidden inside seemingly ordinary text hosted on a public paste service. Characters at evenly spaced positions within what appears to be a benign computer science essay are systematically substituted to spell out a list of C2 domains distributed across dozens of cloud deployments. The loader then fetches platform-specific shell payloads for macOS, Linux, and Windows, which in turn install a Remote Access Trojan that connects to attacker-controlled infrastructure and awaits commands. The malicious packages also declare the legitimate libraries they imitate as dependencies, allowing compromised projects to continue functioning normally and delaying victim awareness.
Once the RAT establishes a connection, the C2 automatically deploys a nine-module infostealer toolkit targeting virtually every sensitive asset in a developer’s workspace. The modules collectively perform keylogging and clipboard monitoring, browser credential and cookie theft, cryptocurrency wallet extension harvesting, SSH key collection, Git repository and credential exfiltration, and broad filesystem sweeps for private keys, seed phrases, password files, and environment variables containing API keys. One module abuses a legitimate open-source secret scanning tool to sweep the victim’s home directory. Another establishes persistent re-infection by embedding hidden shell commands in the developer’s code editor configuration, ensuring the malware reinstalls itself on every new session.

A coordinated campaign has emerged targeting software developers through malicious code repositories disguised as legitimate project frameworks and technical assessment materials. By abusing routine developer workflows such as opening a project, launching a development server, or initializing backend services the attackers achieve remote code execution with minimal user suspicion. Given that developer environments often store source code, API keys, cloud credentials, and CI/CD access tokens, a single compromised workstation can rapidly escalate into broader supply chain or cloud infrastructure exposure.

The campaign leverages recruiting-themed social engineering, presenting trojanized repositories as interview assignments to lower defenses. Malicious loader logic is embedded across multiple execution paths, including IDE workspace automation files that trigger upon project open, compromised front-end assets activated during development server startup and backend modules executed during initialization. Each vector follows a fetch-and-execute model, retrieving attacker-controlled JavaScript from staging infrastructure and executing it in memory without writing additional artifacts to disk. Post-execution, a two-stage infection process begins: the first stage fingerprints the host, registers with a bootstrap endpoint, and executes instructions in memory; the second stage connects to a dedicated command-and-control server, receiving JavaScript-based tasking through a detached interpreter process. Supported capabilities include directory enumeration, file harvesting and structured data exfiltration. The operation is deliberately engineered to blend into standard development activity, creating a stealthy pathway from a single cloned repository to persistent operator control over development environments.

A growing trend has emerged involving the active exploitation of Model Context Protocol (MCP) servers, introduced by Anthropic to standardize AI assistant integrations with external tools and platforms. Threat actors are increasingly abusing MCP’s intermediary architecture to enable arbitrary code execution, data exfiltration, and context manipulation, including cases where malicious MCP servers harvested sensitive emails and triggered unintended system commands through legitimate integrations. The dynamic installation of MCP packages further expands the attack surface, introducing supply-chain risk via compromised or typosquatted repositories, positioning MCP-enabled AI environments as an escalating target for sophisticated threat activity.