Cyber Dispatch™️
378 subscribers
21 photos
1 video
49 links
The definitive source for critical cybersecurity news. When a major threat breaks, we dispatch.

#CyberDispatch #CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #DataBreach #SecurityNews
Download Telegram
CISA confirms active exploitation of CVE-2025-68613 in the #n8n automation platform.

The expression-injection flaw allows authenticated attackers to run code with n8n process privileges—exposing data, altering workflows, or taking full control of the instance.
A new Wi-Fi attack called AirSnitch shows client isolation may not protect users on shared networks.

Researchers found every tested router vulnerable to at least one technique that lets attackers intercept traffic from nearby devices connected to the same Wi-Fi.
New vulnerabilities show up every week, and the window between disclosure and exploitation keeps getting shorter. The flaws below are this week's most critical — high-severity, widely used software, or already drawing attention from the security community.

Check these first, patch what applies, and don't wait on the ones marked urgent — CVE-2026-2796 (Mozilla Firefox), CVE-2026-21385 (Qualcomm), CVE-2026-2256 (MS-Agent), CVE-2026-26198 (Ormar), CVE-2026-27966 (langflow), CVE-2025–64712 (Unstructured.io), CVE-2026-24009 (Docling), CVE-2026-23600 (HPE AutoPass License Server), CVE-2026-27636, CVE-2026-28289 (aka Mail2Shell) (FreeScout), CVE-2025-67736 (FreePBX), CVE-2025-34288 (Nagios XI), CVE-2025-14500 (IceWarp), CVE-2026-20079 (Cisco Secure Firewall Management Center), CVE-2025-13476 (Viber app for Android), CVE-2026-3336, CVE-2026-3337, CVE-2026-3338 (Amazon AWS-LC), CVE-2026-25611 (MongoDB), CVE-2026-3536, CVE-2026-3537, CVE-2026-3538 (Google Chrome), CVE-2026-27970 (Angular), CVE-2026-29058 (AVideo) a privilege escalation flaw in IPVanish VPN for macOS (no CVE), and and a remote code execution vulnerability in Ghost CMS (no CVE).
Two critical flaws in #n8n enable remote code execution.

One bug lets attackers inject shell commands via public form inputs. Another escapes the expression sandbox.

Chained together, attackers could decrypt stored credentials including API keys, tokens, and passwords.
Meta disabled 150,000+ scam accounts tied to fraud compounds across Southeast Asia.

The coordinated action with authorities in 11 countries led to 21 arrests by Thai police. Meta also added scam warnings on Facebook and AI chat-review tools on Messenger and WhatsApp.
Security patches rolled out across 50+ vendors this cycle.

SAP fixed critical Log4j and NetWeaver flaws. Microsoft patched 84 bugs. Adobe resolved 80. HPE closed a CVSS 9.8 Aruba authentication bypass.

Cisco, GitLab, Linux distros, and many others also issued fixes.
Microsoft patched 84 vulnerabilities in March Patch Tuesday, including 8 critical flaws and two publicly known zero-days in .NET and SQL Server.

Researchers say 55% are privilege-escalation bugs. Fixes also address Azure MCP token-theft risk and an Excel flaw that could enable data exfiltration.
Attackers turned the nx npm supply-chain compromise into full AWS admin access in under 72 hours.

Google says UNC6426 stole a developer’s GitHub token via QUIETVAULT, abused GitHub-to-AWS OIDC trust, created a new admin role, then accessed S3 data and destroyed production systems.
DeepSeek AI is now accessible without the need for a VPN (tested with Irancell internet)

https://www.deepseek.com
The Israeli company Hudson Rock analyzed infostealer logs from a computer infected with malware since August 2024.
Hacker infiltrated as a senior employee into the American crypto exchange Gate.us. Also, what is the connection to the mass infection through the open-source code library Polyfill.
A significant cyberattack against Israeli government servers and the gov.il system was thwarted early on March 11. The attack, a DDoS (Denial of Service) type, aimed to disable websites by flooding them with excessive traffic and crashing them.

@TheGhostITM
תקיפת סייבר משמעותית נגד שרתי ממשלת ישראל ומערכת gov.il חוסמה מוקדם ב-11 במרץ.
התקיפה, מסוג DDoS (Denial of Service), נועדה להשבית אתרים על ידי הצפתם בתעבורה מופרזת וגרימת קריסתם.


@TheGhostITM
מרכבת ישראל נמסר לתקשורת:
"נרשמו שיבושים בפעילות שלטי הפרסום והמידע באולמות הנוסעים בתחנות רכבת בודדות, הופסקה זמנית פעילות השלטים.

@TheGhostITM
International media outlets, including NBC News, have reported on a cyberattack carried out by the Handala group against U.S.-based medical technology company Stryker.

The attackers gained access to Microsoft Intune, a platform used by organizations to manage and secure corporate devices. After compromising the system, the hackers triggered the platform’s remote wipe capability, resetting a large number of employee mobile devices to factory settings.

The incident disrupted internal communications across the company and significantly impacted day‑to‑day operations.

The attackers appear to have abused Intune’s legitimate device management features—particularly the remote wipe function—to erase data from affected devices and force system resets.

@TheGhostITM
A Distributed Denial of Service (DDoS) attack has disrupted access to Qatar University's online portal.
CISA confirms active exploitation of CVE-2025-68613 in the #n8n automation platform.

The expression-injection flaw allows authenticated attackers to run code with n8n process privileges—exposing data, altering workflows, or taking full control of the instance.
Apple backports CVE-2023-43010 fix after the WebKit flaw was used in the Coruna #iPhone exploit kit.

It allows memory corruption via malicious web content. Fix now covers iOS 15.8.7 & 16.7.15 devices, including iPhone 6s, 7, 8 & X.
Attackers now weaponize phishing volume.

Research shows 66% of SOC teams can’t keep up with alerts, letting attackers hide targeted spear-phish inside thousands of decoys. The flood isn’t random. It’s meant to exhaust analysts and slow investigation.
Modern phishing now hides behind HTTPS and trusted services, so attacks look like normal logins.

Sandbox analysis executes suspicious links safely and exposes credential-stealing flows in under 60 seconds.
IBM X-Force found AI-generated #malware Slopoly used by Hive0163.

The PowerShell backdoor persists for days, beacons every 30s, and runs commands from a remote C2. AI didn’t make it advanced — it made malware faster to build.