Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

New Security Landscape: Threats Emerge from Unpatched Devices, Exploited Flaws



A new wave of threats has emerged from the lack of patches on millions of devices and exploited flaws in widely used software. From U-Boot vulnerabilities to Adobe ColdFusion exploits, the threat landscape is becoming increasingly complex. Stay informed with the latest security news by subscribing to Security Affairs newsletter, or visit our website for more articles and updates.


  • Millions of devices have a critical U-Boot bug that undermines secure boot, but many haven't been updated yet.
  • A vulnerability in Zimbra Classic Web Client could expose mailboxes and sensitive information if exploited.
  • Over 9,000 confirmed ransomware attacks have taken place since 2018, highlighting the need for robust cybersecurity measures.
  • New malware targets Windows, macOS, and Linux operating systems, including QuimaRAT and GodDamn Ransomware.
  • The U.S. Cybersecurity and Infrastructure Security Agency has added several new vulnerabilities to its Known Exploited Vulnerabilities catalog.
  • INTERPOL Operation First Light resulted in 5,811 arrests and the seizure of $293 million in cash.
  • GodDamn Ransomware uses PoisonX to blind security software defenses, making it a formidable threat.
  • Social engineering tactics like fake VPNs and 7-Zip apps are being used to turn victims into residential proxy nodes.
  • The CIA is using Anthropic’s Mythos AI to hunt vulnerabilities in U.S. Government Code.
  • Adobe ColdFusion flaw CVE-2026-48282 has been exploited in the wild, emphasizing the importance of timely patching and vulnerability management.
  • A new APT campaign called Armored Likho uses AI-generated malware.



  • Security Affairs Round 585 has just been released, and it brings a new wave of security threats that are pushing cybersecurity professionals to their limits. From unpatched devices to exploited flaws, the threat landscape is more complex than ever.

    One such example is the critical U-Boot bug that undermines secure boot on millions of devices. This vulnerability was recently discovered by researchers who found that the U-Boot firmware contained a flaw that could allow attackers to gain access to sensitive information. The good news is that the U-Boot team has already released patches for this issue, but it's essential to note that many devices still haven't been updated.

    Another critical flaw discovered in this round of Security Affairs is the one in Zimbra Classic Web Client. This vulnerability could expose mailboxes and other sensitive information if exploited. Fortunately, a patch is now available, so users should update their systems as soon as possible.

    The threat landscape also includes more traditional attacks such as ransomware. In fact, over 9,000 confirmed ransomware attacks have taken place since 2018 alone. This highlights the need for robust cybersecurity measures and employee training to prevent these types of incidents.

    Ransomware is not the only type of malware that's causing problems. Novel Java-based QuimaRAT targets Windows, macOS, and Linux operating systems. Vibe Coded Extortion takes users down a path from legal lures to malicious capabilities. GodDamn Ransomware, meanwhile, utilizes a malicious driver to disable security software defenses.

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also added several new vulnerabilities to its Known Exploited Vulnerabilities catalog, including iCagenda and Balbooa Forms flaws. It's essential for organizations to check these listings regularly and apply patches to prevent potential breaches.

    Furthermore, INTERPOL Operation First Light has resulted in 5,811 arrests and the seizure of $293 million in cash. This operation highlights the importance of international cooperation in combating cybercrime.

    Another example is GodDamn Ransomware, which utilizes PoisonX to blind security software defenses. Additionally, the GigaWiper malware family has merged three different malware families into one destructive backdoor, making it a formidable threat for organizations worldwide.

    In addition to traditional attacks like ransomware and malware, social engineering tactics such as fake VPNs and 7-Zip apps are being used to turn victims into residential proxy nodes. Meanwhile, Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation.

    A hacker has claimed 35 GB of Accenture source code, which the company has publicly disclosed. This highlights the importance of incident response and breach notification policies in an increasingly complex threat landscape.

    The CIA's latest operation aims to utilize Anthropic’s Mythos AI to hunt vulnerabilities in U.S. Government Code. Meanwhile, Spanish police arrested a suspected collaborator of the pro-Russian hacktivist group CyberArmy of Russia Reborn (CARR) and Z-Pentest.

    In other news, Tenda firmware contains a hidden authentication backdoor, and US cyber agency is using Anthropic’s Mythos to audit government code, sources say. Moreover, Adobe ColdFusion flaw CVE-2026-48282 has been exploited in the wild, demonstrating the importance of timely patching and vulnerability management.

    Last but not least, AI-generated malware powers a new APT campaign called Armored Likho, while seven bugs in FatFs put IoT and embedded devices at risk. The EU takes member states to court over unimplemented cybersecurity law, and npm install-time security and GAT bypass2fa deprecation are also highlighted as issues.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/New-Security-Landscape-Threats-Emerge-from-Unpatched-Devices-Exploited-Flaws-ehn.shtml

  • https://securityaffairs.com/195175/breaking-news/security-affairs-newsletter-round-585-by-pierluigi-paganini-international-edition.html

  • https://nvd.nist.gov/vuln/detail/CVE-2026-48282

  • https://www.cvedetails.com/cve/CVE-2026-48282/


  • Published: Sun Jul 12 00:58:03 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us