Paid Promotion
Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
Apr 16, 2026
Security & Infrastructure Tools
AgingFly Malware Used in Attacks on Ukraine's Government and Hospitals
Ukraine’s CERT-UA has identified a new malware family, AgingFly, used in attacks against local governments and hospitals to steal Chromium-based browser data and WhatsApp messages, with potential targeting of Defense Forces. The campaign, attributed to cluster UAC-0247, begins with a phishing email offering humanitarian aid, leading to a LNK that launches an HTA to fetch and execute a staged payload and establish a C2-enabled TCP reverse shell. AgingFly is notable for compiling command handlers on the host from code received from the C2 at runtime, enabling on‑demand capabilities but increasing complexity and detection risk. It exfiltrates browser data via ChromElevator and WhatsApp data via ZAPiDESK, conducts reconnaissance and lateral movement, and communicates with its C2 over WebSockets with AES-CBC encryption; CERT-UA recommends blocking LNK, HTA, and JS files to disrupt the attack chain.
By TechLogHub
Apr 16, 2026
Security & Infrastructure Tools
Critical Nginx UI Authentication Bypass Flaw Now Actively Exploited in the Wild
Researchers warn of a critical Nginx UI vulnerability (CVE-2026-33032) in MCP mode that leaves the /mcp_message endpoint unprotected, allowing unauthenticated attackers to perform privileged MCP actions—including writing and reloading nginx configuration and taking over the server. The flaw is under active exploitation, with roughly 2,600 publicly exposed instances identified (US, China, Indonesia, Germany, Hong Kong). Exploitation uses an SSE connection to establish an MCP session, then uses the returned sessionID to call /mcp_message to access 12 MCP tools (7 destructive), enabling config exfiltration, injection of malicious blocks, and forced reloads. Nginx released a fix in version 2.3.4 on March 15; the recommended safe version is 2.3.6—patch immediately.
By TechLogHub
Apr 16, 2026
Security & Infrastructure Tools
US nationals behind DPRK IT worker 'laptop farm' sent to prison
Two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced for aiding North Korean IT workers to pose as American residents and gain employment at more than 100 U.S. firms, including Fortune 500 companies. The pair helped generate over $5 million in illicit revenue for the DPRK and caused about $3 million in damages by using stolen identities of more than 80 U.S. citizens, aided by fake companies and shell entities. Zhenxing Wang also hosted company laptops in U.S. homes to give DPRK workers access to corporate networks. Nine other defendants remain at large with rewards up to $5 million; the case underscores ongoing U.S. efforts to disrupt North Korea’s money-laundering and cyber operations that fund its weapons program.
By TechLogHub
Apr 16, 2026
Security & Infrastructure Tools
Cisco says critical Webex Services flaw requires customer action
Cisco issues security updates patching four critical flaws in Webex Services, including CVE-2026-20184 in the SSO integration with Control Hub that could allow remote impersonation; affected customers must upload a new SAML certificate to their IdP in Control Hub to prevent service disruption. The release also fixes three critical ISE vulnerabilities (CVE-2026-20147, 20180, 20186) that could enable arbitrary code execution, though exploitation requires admin credentials. Cisco’s PSIRT found no evidence of active exploitation; the advisory follows a prior CISA directive to patch a max-severity FMC flaw (CVE-2026-20131) used in zero-day Interlock attacks. The update bundle also covers ten additional medium-severity flaws that could bypass authentication, escalate privileges, or cause DoS.
By TechLogHub