FISA

  A high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as  CVE-2026-3888  (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible system. "This flaw (CVE-2026-3888) allows an unprivileged local attacker to escalate privileges to full root access through the interaction of two standard system components:  snap-confine  and systemd-tmpfiles," the Qualys Threat Research Unit (TRU)  said . "While the exploit requires a specific time-based window (10–30 days), the resulting impact is a complete compromise of the host system."  The problem, Qualys noted, stems from the unintended interaction of snap-confine, which manages execution environments for snap applications by creating a sandbox, and systemd-tmpfiles, which automatically cleans up temporary files and directories (e.g.,/tmp, /run, and /var/tmp) older ...

  Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign,  observed  in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware family known as PLUGGYAPE. The attack activity "employs various judicial and charity themed lures to deploy a JavaScript‑based backdoor that runs through the Edge browser," the cybersecurity company said. Codenamed  DRILLAPP , the malware is capable of uploading and downloading files, leveraging the microphone, and capturing images through the webcam by taking advantage of the web browser's features. Two different versions of the campaign have been identified, with the first iteration detected in early February. The attack makes use of a Windows shortcut (LNK) file to...

  A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as  CVE-2023-38831 , allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or text files. It was addressed in version 6.23 released on August 2, 2023, alongside CVE-2023-40477. In attacks discovered by the Singapore-based firm in July 2023, specially crafted ZIP or RAR archive files distributed via trading-related forums such as Forex Station have been used to deliver a variety of malware families such as DarkMe, GuLoader, and Remcos RAT. "After infecting devices, the cybercriminals withdraw money from broker accounts," Group-IB malware analyst Andrey Polovinkin said, adding as many as 130 traders' devices have been compromised as part of the ca...

Splunk Observability recently announced several new enhancements to reduce noise and provide more visibility when isolating problems in your environments. Specific to applications and services, whether you operate monolithic or microservices architectures these releases help you easily investigate problems in complex environments. Here’s a roundup of the recent Splunk APM capability releases. Easily Identify Problems From Billions of Traces Trace Analyzer helps to confidently detect patterns across billions of transactions and find specific issues for any tag, user, or service. Now you can identify unknown unknowns by running ad-hoc aggregations for all your trace data to find specific issues in any tag. Troubleshoot specific user issues by visualizing when patterns from errors and latency began and ended, and receiving the exact traces experienced during a problem. Understand the radius of an issue across customer groups by easily grouping and filtering high cardinality tags...