TrueConf and F5: Storm-1175 - Security Affairs

CISA Adds TrueConf Client Flaw to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in TrueConf Client to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation risks. The move underscores the urgency for organizations using the video conferencing software to apply patches or mitigations promptly.

In other recent cybersecurity developments:

UAC-0255, a threat actor, impersonated Ukraine’s CERT-UA in phishing campaigns to distribute the AGEWHEEZE malware, targeting unsuspecting users.
The pro-Iran Handala group breached Israeli defense contractor PSK Wind Technologies, highlighting ongoing geopolitical cyber threats.
Storm-1175, a fast-moving threat group, deployed new exploits to infiltrate networks and deploy Medusa ransomware, demonstrating evolving attack techniques.
Researchers uncovered GPUBreach, an exploit leveraging GPU memory bit-flips to achieve full system compromise, posing a novel risk to hardware-based security.
Over 14,000 F5 BIG-IP APM instances remain exposed to a remote code execution (RCE) flaw, despite available patches, leaving organizations vulnerable to exploitation.
The Qilin ransomware group claimed responsibility for hacking Germany’s Die Linke political party, adding to the growing trend of cyberattacks on political entities.
North Korea-linked hackers stole $285 million from cryptocurrency platform Drift in a sophisticated attack, further fueling concerns over state-sponsored cybercrime.
A major outage disrupted Russian banking apps and metro payment systems nationwide, though the cause whether cyberattack or technical failure remains unclear.
A European Commission breach exposed data from 30 EU entities, with CERT-EU investigating the incident’s scope and impact.
German authorities (BKA) identified two REvil ransomware operators linked to 130+ attacks in Germany, marking progress in dismantling the notorious group.
An Italian spyware vendor created a fake WhatsApp app, targeting 200 users in a surveillance campaign.
Fortinet patched CVE-2026-35616, a high-severity flaw actively exploited in the wild, urging immediate updates.
Google addressed the fourth actively exploited Chrome zero-day of 2026, reinforcing the need for rapid browser security updates.
North Korean hackers leveraged phishing LNK files and GitHub command-and-control (C2) infrastructure in new cyberattacks, showcasing persistent threat tactics.

These incidents reflect the escalating sophistication of cyber threats, from ransomware and espionage to supply chain and hardware-based attacks. Organizations are advised to monitor advisories and prioritize vulnerability remediation.

Source: https://securityaffairs.com/190440/cyber-crime/fast-moving-storm-1175-uses-new-exploits-to-breach-networks-and-drop-medusa.html/attachment/image-1226

F5 cybersecurity rating report: https://www.rankiteo.com/company/f5

TrueConf cybersecurity rating report: https://www.rankiteo.com/company/trueconf

"id": "F5TRU1775587606",
"linkid": "f5, trueconf",
"type": "Vulnerability",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Video Conferencing',
                        'name': 'TrueConf',
                        'type': 'Software Vendor'}],
 'attack_vector': 'Software Vulnerability',
 'description': 'The U.S. Cybersecurity and Infrastructure Security Agency '
                '(CISA) has added a vulnerability in TrueConf Client to its '
                'Known Exploited Vulnerabilities (KEV) catalog, signaling '
                'active exploitation risks. Organizations using the video '
                'conferencing software are urged to apply patches or '
                'mitigations promptly.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage for '
                                       'TrueConf and affected organizations',
            'operational_impact': 'Potential unauthorized access to systems '
                                  'using TrueConf Client',
            'systems_affected': 'TrueConf Client'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Organizations must prioritize vulnerability remediation '
                    'and monitor advisories from authorities like CISA.',
 'post_incident_analysis': {'corrective_actions': 'Patch management and '
                                                  'vulnerability monitoring',
                            'root_causes': 'Unpatched vulnerability in '
                                           'TrueConf Client'},
 'recommendations': 'Apply patches for TrueConf Client immediately and monitor '
                    'systems for signs of exploitation.',
 'references': [{'source': 'CISA Known Exploited Vulnerabilities Catalog'}],
 'regulatory_compliance': {'regulatory_notifications': 'Added to CISA KEV '
                                                       'catalog'},
 'response': {'containment_measures': 'Patch application or mitigations '
                                      'recommended',
              'remediation_measures': 'Apply available patches'},
 'stakeholder_advisories': 'CISA urges organizations to apply patches or '
                           'mitigations for TrueConf Client.',
 'title': 'CISA Adds TrueConf Client Flaw to Known Exploited Vulnerabilities '
          'Catalog',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'TrueConf Client Flaw'}

TrueConf and F5: Storm-1175 - Security Affairs

Tristar Insurance Group: Tristar Insurance Group Data Breach Class Action Settlement

Yadea and Zero Motorcycles: Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety

Kettering Health: US Healthcare Data Breach Crisis Impacts Millions -- Security Today