Critical Infrastructure Under Fire: PAN-OS, Ivanti EPMM, and ICS Zero-Days
Security teams are racing to patch a series of actively exploited vulnerabilities across enterprise and operational technology environments. A high-severity remote code execution flaw in Palo Alto Networks PAN-OS, tracked as [CVE-2026-6973](https://cve.org/CVE-2026-6973), is under active exploitation, granting attackers full root access for espionage campaigns. The same CVE also impacts Ivanti Endpoint Manager Mobile (EPMM), where it allows unauthenticated attackers to gain admin-level control over mobile device management infrastructure. Meanwhile, multiple zero-day vulnerabilities in industrial control systems (ICS) have been disclosed with urgent patch-or-die alerts, putting critical manufacturing and energy sectors at risk of operational disruption.
Worm-Like Propagation and Supply Chain Attacks Hit Cloud and IoT Ecosystems
A new credential stealer named PCPJack is exploiting five CVEs to spread worm-like across cloud environments, stealing secrets and lateral movement tokens from cloud management consoles. Simultaneously, a Mirai-based botnet variant called xlabs_v1 is hijacking IoT devices by exploiting open Android Debug Bridge (ADB) ports, recruiting them into a DDoS swarm. On the software supply chain front, malicious PyPI packages have been discovered delivering the ZiChatBot malware via Zulip APIs, targeting both Windows and Linux systems to establish persistent backdoor access. These attacks highlight the growing convergence of IoT, cloud, and open-source ecosystem threats.
Social Engineering and Stealth Breach Tactics Escalate
Iranian state-sponsored group MuddyWater has been observed using Microsoft Teams voice calls to impersonate IT support and trick employees into revealing credentials, staging a false-flag ransomware attack to misattribute their activity. Separately, two sandbox escape vulnerabilities were disclosed in the widely used Node.js library vm2, enabling arbitrary code execution outside the sandbox. Security researchers have also identified that Microsoft Edge stores some user passwords in plaintext under certain configurations, prompting new credential hygiene warnings. These developments underscore the need for organizations to address both technical vulnerabilities and human factors in incident response planning, especially as AI agents increasingly operate inside network perimeters with minimal oversight.
Source: The Hacker News
