Dragon Bytes: The "Trust Nothing" Update

This week on Dragon Bytes, we break down the operational fires you need to fight now and the emerging threats you’ll be fighting tomorrow. We cover the critical "Ni8mare" RCE in n8n automation tools, the new "ClickFix" social engineering waves hitting hospitality, and the "Zombie" D-Link routers building massive botnets. Plus, we dive into China-linked UAT-7290 targeting telcos and why Black Cat ransomware is poisoning your Google search results.

Topics & References:

Part 1: Emerging Threats

• The "Ni8mare" RCE (CVE-2026-21858): Critical unauthenticated remote code execution in n8n workflow automation tools.

• Read more: Horizon3.ai Analysis

• "ClickFix" Phishing Campaign: Fake "Blue Screen of Death" pages forcing users to run malicious PowerShell scripts. Currently targeting the European hospitality sector.

• Read more: Computing.co.uk Report

• "MongoBleed" (CVE-2025-14847): Unauthenticated memory leak in MongoDB exposing sensitive RAM data.

• Read more: Rapid7 Advisory

• "Ghost Tap" NFC Fraud: Android malware bridging the gap between cyber and physical payment terminal fraud.

• Read more: Inetco Research

• "ZombieAgent" AI Flaw: Embedding hidden text in documents to hijack AI agents via indirect prompt injection.

• Read more: SecurityBrief Asia

• GoBruteforcer Botnet: Golang-based malware targeting Linux servers to reach Web3/Crypto assets.

• Read more: BleepingComputer

Part 2: Operational Fires

• D-Link "Zombie" RCE (CVE-2026-0625): Active exploitation of legacy D-Link DSL routers to build residential botnets.

• Read more: SC Media Report

• APT Alert: UAT-7290: China-linked espionage group using "Operational Relay Boxes" (ORBs) to target Telecommunications and Defense sectors.

• Read more: Infosecurity Magazine

• Black Cat Ransomware SEO Poisoning: The ransomware gang is now poisoning search results for IT tools like "WinSCP" and "Notepad++".

• Read more: News4Hackers

• Supply Chain & Breaches:

• Fake WinRAR Installers: Malwarebytes

• Ledger / Global-e Breach: Ledger Support

• NordVPN Breach Claim (Denied): NordVPN Blog

Connect with Us:

• Subscribe to the Dragon News Bytes feed: Team Cymru

• Disclaimer: The views expressed in this podcast are those of the hosts and do not necessarily reflect the official policy or position of our employers.