The cybersecurity landscape continues to demonstrate persistent vulnerabilities and active exploitation across critical infrastructure. Today's briefing covers multiple active threats ranging from long-standing supply-chain compromises to high-profile law enforcement actions against ransomware operators, alongside emerging exploitation campaigns targeting widely-deployed platforms.
Attackers have been actively exploiting a critical remote code execution vulnerability in Weaver E-cology office automation software since mid-March 2026. The vulnerability, tracked as CVE-2026-22679, has been leveraged by threat actors to execute discovery commands and gain initial access to affected systems. Security researchers have identified the malware sample fanwei0324.msi associated with these attacks, which employ network reconnaissance and process enumeration techniques consistent with MITRE ATT&CK framework classifications T1016, T1057, and T1087. The extended exploitation window—spanning nearly two months before public disclosure—indicates that organizations running Weaver E-cology should prioritize immediate patching and forensic review of their systems. Source: Weaver E-cology critical bug exploited in attacks since March
Law enforcement has successfully prosecuted Deniss Zolotarjovs, a Latvian national, sentencing him to 102 months (8.5 years) imprisonment for his role in a Russia-based ransomware organization. The criminal group operated multiple ransomware variants including Conti, Karakurt, Royal, and Akira, targeting over 50 companies across various sectors. The case is particularly notable for the targeting of a pediatric healthcare facility, where stolen children's health data was weaponized as part of extortion efforts. This prosecution represents significant progress in international law enforcement cooperation against organized ransomware operations. Source: Latvian national Deniss Zolotarjovs sentenced to 102 months for his role in Russia-based ransomware org
A critical authentication-bypass vulnerability in cPanel has sparked a cyber-frenzy of exploitation activity affecting millions of users. Multiple proof-of-concept exploits appeared rapidly following public disclosure, and security researchers have documented evidence of zero-day exploitation activity occurring for at least one month prior to the vulnerability being made public. The widespread availability of working exploits and the critical nature of the vulnerability create an urgent patching requirement for all organizations operating cPanel infrastructure. Source: Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
A sophisticated attack against DigiCert, a major certificate authority, exploited a screensaver vulnerability to compromise the organization's infrastructure and crack the Internet's trust layer. The attack methodology demonstrates how threat actors continue to identify and weaponize seemingly minor system components to gain access to highly sensitive environments. This incident underscores the critical importance of securing every component within trusted infrastructure, particularly organizations responsible for digital certificates and cryptographic trust. Source: When a Screensaver Cracked the Internet's Trust Layer: Inside the DigiCert Hack
Today's threat landscape reflects both the persistent exploitation of known vulnerabilities and the discovery of novel attack vectors against critical infrastructure. Organizations should prioritize immediate patching of disclosed vulnerabilities while simultaneously conducting comprehensive audits of their security posture and trust infrastructure.
Source articles and extracted indicators (defanged where appropriate).
