CyberNews: 14/03/2026 Edition

Published by Dunateo on 2026-03-14

Today’s roundup

  • Ransomware incident responder gave info to BlackCat cybercriminals during negotiations, DOJ alleges
  • RIP RegPwn
  • Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
  • Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
  • Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
  • Hackers targeted Poland’s National Centre for Nuclear Research
  • Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
  • A Hacker Accidentally Broke Into the FBI’s Epstein Files
  • FBI seeks victims of Steam games used to spread malware
  • Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026

    • Summary

    A U.S. Department of Justice investigation alleges that a ransomware incident responder colluded with the BlackCat (ALPHV) ransomware group, conducting cyberattacks and assisting in negotiating higher payouts from victim organizations they were supposed to be helping.

    MDSec disclosed "RegPwn" (CVE-2026-24291), an Elevation of Privilege vulnerability in Windows 10, 11, and Server versions. The flaw, fixed in a recent Patch Tuesday, was actively exploited in red team engagements since January 2025, leveraging Windows Accessibility features to achieve SYSTEM privileges via arbitrary registry key writes.

    Microsoft Defender Experts uncovered the Storm-2561 campaign, which uses SEO-poisoning to direct victims to fake Ivanti, Cisco, and Fortinet VPN sites. These spoofed pages distribute the Hyrax infostealer to harvest corporate login credentials, with the campaign active since May 2025.

    Suspected China-based cyber espionage operation, tracked as CL-STA-1087, has been targeting Southeast Asian military organizations since at least 2020. The state-sponsored campaign utilizes AppleChris and MemFun malware for intelligence gathering.

    INTERPOL's "Operation Synergia III," conducted from July 2025 to January 2026 across 72 countries, resulted in the dismantling of 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The global cybercrime sweep led to 94 arrests, 110 ongoing investigations, and the seizure of 212 electronic devices.

    Poland's National Centre for Nuclear Research (NCBJ) thwarted a cyberattack on its IT infrastructure. Security systems detected and blocked the intrusion, preventing operational impact. Investigations are underway into a possible link to Iran, though officials caution against premature attribution.

    The excitement surrounding recent Cisco SD-WAN vulnerabilities has led to the emergence of fake Proof-of-Concepts (PoCs) and a broader misunderstanding of associated risks. This highlights a need for caution among cybersecurity professionals regarding exploit validation.

    A hacker accidentally gained unauthorized access to the FBI’s files concerning Jeffrey Epstein. Separately, a privacy-focused application for quitting pornography inadvertently exposed the masturbation habits of hundreds of thousands of users.

    The FBI is actively seeking information from individuals who installed eight malicious Steam games that were used to spread malware. This investigation aims to identify and assist victims of the gaming platform-based cybercrime.

    Meta announced it will discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. Users with impacted chats are advised to download any media or messages they wish to retain.

    Want to dig deeper?

    Vulnerabilities

    CVE-2026-24291 High

    Malware Families

    Global GLOBAL GROUP