Critical Threat Research : The Iranian Cyber War Intensifies!
Comprehensive Threat Exposure Management Platform
For a detailed threat digest, download the PDF file here
HiveForce Labs has reported a sharp rise in cybersecurity threats, highlighting the growing complexity and frequency of global cyber incidents. Over the past week, one major attack was detected, six vulnerabilities were actively exploited, and three threat actor groups were closely monitored, signaling a concerning escalation in malicious activity worldwide.
Among the most significant incidents, Microsoft confirmed the active exploitation of CVE-2026-42897, a newly disclosed spoofing flaw impacting on-premises Exchange Server deployments. The vulnerability stems from a cross-site scripting (XSS) issue in Outlook Web Access (OWA), enabling attackers to inject malicious JavaScript through specially crafted emails and hijack authenticated user sessions. At the same time, F5 issued emergency patches for six NGINX vulnerabilities, including CVE-2026-42945, a critical heap-based buffer overflow hidden in the ngx_http_rewrite_module for nearly 18 years since 2008. Adding to the growing threat landscape, Storm-2949 executed a sophisticated cloud intrusion campaign by abusing Microsoft’s Self-Service Password Reset (SSPR) process through targeted social engineering attacks aimed at privileged users, including IT administrators and senior executives.
Meanwhile, financially motivated threat groups are becoming increasingly aggressive and innovative. TeamPCP intensified its supply chain attacks throughout May 2026, evolving from package poisoning to ecosystem-wide worm propagation, ultimately culminating in a breach of GitHub itself. The group allegedly exfiltrated nearly 3,800 internal GitHub repositories through a poisoned VS Code extension and later open-sourced the worm with a $1,000 underground bounty, rapidly fueling copycat campaigns. In parallel, Fox Tempest continued operating its SignSpace malware-signing-as-a-service platform, abusing Microsoft Artifact Signing to generate fraudulent short-lived certificates that made malware appear as trusted software such as AnyDesk, Microsoft Teams, PuTTY, and Webex. Together, these incidents highlight a dangerous shift toward hybrid cyberattacks that blend technical exploitation with psychological manipulation, reinforcing the urgent need for timely patching, continuous monitoring, and layered security defenses.
Subscribe to receive our weekly threat digests and alerts directly in your inbox.
