Wave of Exploited Cisco Network Flaws Raises Alarm for Organizations
Cisco customers have recently faced a surge of security flaws in key networking products, especially firewalls and SD-WAN systems that sit at the edge of company networks. Many of these vulnerabilities are already being actively exploited by attackers, including some that had gone unnoticed for years before being disclosed. This means hackers may have had long-term access to certain systems before organizations even knew there was a problem.
The risks are particularly serious because these systems control critical network functions like traffic routing, security policies, and administrative access. In one case, a ransomware group called Interlock used a previously unknown flaw in firewall management software to break into organizations weeks before the issue became public. Their attacks can involve spying on systems, installing malicious tools, and threatening victims with data loss or operational disruption, especially in sectors like healthcare, government, and manufacturing.
Experts warn that organizations may be underestimating the danger, especially for vulnerabilities that don’t appear severe on paper. Even lower-rated flaws can be combined or exploited in real-world attacks. While Cisco has responded with patches and guidance, the situation highlights a broader issue: attackers are increasingly targeting network edge systems because breaking into them can provide deep, lasting control over entire organizations.
CISA Flags Actively Exploited SharePoint and Zimbra Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) have added two newly discovered software flaws to its list of known, actively exploited vulnerabilities. These include a serious issue in Microsoft SharePoint that could allow attackers to run malicious code on a server, as well as a flaw in Zimbra Collaboration Suite that could let attackers inject harmful content into emails.
Because these vulnerabilities are already being used in real-world attacks, CISA has ordered federal agencies to fix them with deadlines in late March and early April 2026. Security experts also urge private companies to take the same precautions, as leaving these flaws unpatched could expose systems to hacking, data theft, or other disruptions.
Critical ScreenConnect Flaw Could Allow Unauthorized Access
ConnectWise is warning users of its remote access tool ScreenConnect about a critical security flaw that could allow attackers to break into systems and gain elevated access. The issue affects versions before 26.1 and involves how the software verifies secure data. If exploited, attackers could bypass protections and impersonate legitimate users.
The vulnerability centers on sensitive cryptographic “machine keys,” which help the system trust user sessions. If these keys are exposed, attackers could forge valid access and perform unauthorized actions inside affected systems. While there is no confirmed evidence that this exact flaw is being actively exploited right now, researchers have observed related attempts to misuse similar data, and there are concerns that hackers may have used comparable techniques in past attacks.
To address the issue, ConnectWise has strengthened how these keys are stored and protected in version 26.1. Cloud users have already been updated automatically, but organizations running the software on their own servers must upgrade manually. The company also advises reviewing access controls, monitoring for suspicious activity, and securing backups to reduce the risk of compromise.
Defensible Strategies
Learn from those who have been attacked
Simple Mistake by South Korean Government Agency Exposes Crypto Wallet, Leads to $4.4M Theft
A costly mistake by South Korea’s tax authorities shows how simple human errors can lead to major cybersecurity losses. After seizing millions in cryptocurrency stored on a Ledger hardware wallet, officials proudly shared photos of the device, but accidentally included a handwritten recovery phrase. This phrase acts like a master password, and anyone who sees it can access and move the funds.
Because the sensitive information wasn’t hidden, someone quickly used it to steal about $4.4 million in crypto assets. The incident highlights a common pattern in security breaches: it’s often not advanced hacking, but basic mistakes. like exposing confidential information, that cause the most damage. Even highly secure technology can fail if people handling it overlook simple precautions.
Aura Confirms Data Breach Exposing Nearly 900,000 Customer Records
Aura confirmed a data breach affecting nearly 900,000 records after an unauthorized party gained access to a system containing customer information. The exposed data includes names, email addresses, and in some cases home addresses and phone numbers. The affected information came from a marketing tool tied to a company Aura acquired in 2021, and the breach impacted both current and former customers.
The hacking group ShinyHunters claimed responsibility for the attack, stating they stole 12GB of files containing personally identifiable information and corporate data. While some customer service comments and IP addresses were also exposed, Aura emphasized that Social Security numbers, account passwords, and financial information were not compromised. Independent analysis noted that many of the email addresses were already known from previous breaches.
Aura is conducting an internal review with external cybersecurity experts and has notified law enforcement authorities. The company plans to send personalized notifications to all affected individuals and continues to investigate the scope of the breach, while declining to comment on certain claims made by the threat group.
Russian Cyber Campaign Targets Ukraine with New Malware Strains
Cybersecurity researchers from ClearSky Team have uncovered a targeted Russian cyber campaign against Ukraine using two new malware strains called BadPaw and MeowMeow. The attack starts with a phishing email containing a ZIP file, which includes a lure document about border crossing appeals in Ukrainian. Once opened, the malware installs BadPaw, which then downloads MeowMeow, a sophisticated backdoor that allows attackers to control infected systems remotely. Both strains use advanced techniques to hide from security tools and remain persistent on victims’ devices.
The malware is designed to avoid detection by only activating under specific conditions and by checking if it’s running in a virtual environment or under analysis tools. ClearSky believes the campaign is linked to Russian state-aligned actors, with similarities to past Russian operations in terms of tactics, coding style, and targeting of Ukrainian entities. The use of Russian-language code and multi-stage infection techniques further supports the connection, although attribution to a specific group like APT28 (Fancy Bear) is less certain.