Search

APT28 Exploits Routers for DNS Hijacking Attacks

The NCSC published an advisory exposing how Russian state cyber group APT28 compromised vulnerable internet routers to conduct DNS hijacking operations, enabling traffic interception and credential harvesting. The advisory provides mitigation guidance including protecting management interfaces, maintaining updated devices, and implementing two-step verification.

APT28 Exploits Routers to Enable DNS Hijacking Operations

The UK NCSC issued an advisory detailing how Russian state-sponsored actor APT28 exploits vulnerable routers by overwriting DHCP/DNS settings to redirect traffic through attacker-controlled DNS servers. These operations enable adversary-in-the-middle attacks that harvest passwords, OAuth tokens, and authentication credentials. The NCSC attributes APT28 to Russia's GRU military intelligence and provides indicators of compromise and mitigation guidance.

Secure Software Supply Chain and Development Workflows Advisory

The Cyber Security Agency of Singapore (CSA) issued an advisory on securing software supply chains and development workflows against cyber threats. The advisory highlights specific attack vectors including compromised package maintainer accounts, malicious dependency injection, and shadow IT adoption. CSA references the March 2026 Axios npm compromise and September 2025 @ctrl/tinycolor supply chain attack as examples of active threats targeting the software supply chain.

FortiClient EMS Critical Vulnerability Active Exploitation Hotfix Urged

The Cyber Security Agency of Singapore issued an urgent alert about CVE-2026-35616, a critical improper access control vulnerability in FortiClient EMS versions 7.4.5 through 7.4.6. The vulnerability is being actively exploited in the wild and allows unauthenticated attackers to execute unauthorized code, potentially compromising the entire server. Fortinet has released a hotfix that users must install immediately.

F5 BIG-IP Critical Vulnerability Actively Exploited

The Cyber Security Agency of Singapore issued an urgent advisory warning of active exploitation of a critical vulnerability (CVE-2025-53521) in F5 BIG-IP Access Policy Manager with a CVSS v3.1 score of 9.8 out of 10. The vulnerability allows unauthenticated remote code execution and full system compromise. Affected versions include BIG-IP APM 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, and 15.1.0-15.1.10.

Critical Vulnerabilities in Cisco Products

CSA Singapore issued an alert about critical CVSS 9.8 vulnerabilities in Cisco products affecting IMC and SSM On-Prem systems. CVE-2026-20093 allows authentication bypass enabling password alteration, while CVE-2026-20160 permits remote root command execution. Organizations using affected Cisco products must update immediately.

Fortinet FortiClient EMS Improper Access Control Vulnerability Added to KEV Catalog

CISA added CVE-2026-35616 (Fortinet FortiClient EMS Improper Access Control) to the Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. The vulnerability poses significant risk as a frequent attack vector for malicious cyber actors. FCEB agencies face binding remediation requirements under BOD 22-01, while CISA urges all organizations to prioritize timely remediation as part of their vulnerability management practice.

Fortinet FortiClientEMS Improper Access Control Vulnerability

CISA published a critical cybersecurity advisory for CVE-2026-35616, an improper access control vulnerability in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6. The vulnerability carries a CVSS score of 9.1 and is being actively exploited, allowing unauthenticated attackers to execute unauthorized code or commands via crafted requests. CISA has marked this vulnerability in its SSVC and KEV catalogs with active exploitation and total technical impact.

Advisory protecting websites from cyber-attacks

Advisory protecting websites from cyber-attacks

Synology Mail Station Vulnerability Advisory

CERT-FR issued a security advisory warning of a vulnerability in Synology Mail Station (versions prior to 30000001.3.19-20332 for DSM). The vulnerability, tracked as CVE-2026-5129, allows attackers to compromise data confidentiality and integrity. Users are advised to apply the vendor patch referenced in Synology security advisory Synology_SA_26_04.