< Back
Episode #
1

The "Trust Nothing" Update

Show Notes

This week on Dragon Bytes, we break down the operational fires you need to fight now and the emerging threats you’ll be fighting tomorrow. We cover the critical "Ni8mare" RCE in n8n automation tools, the new "ClickFix" social engineering waves hitting hospitality, and the "Zombie" D-Link routers building massive botnets. Plus, we dive into China-linked UAT-7290 targeting telcos and why Black Cat ransomware is poisoning your Google search results.

Topics & References:

🔥 Part 1: Emerging Threats

  • The "Ni8mare" RCE (CVE-2026-21858): Critical unauthenticated remote code execution in n8n workflow automation tools.
  • "ClickFix" Phishing Campaign: Fake "Blue Screen of Death" pages forcing users to run malicious PowerShell scripts. Currently targeting the European hospitality sector.
  • "MongoBleed" (CVE-2025-14847): Unauthenticated memory leak in MongoDB exposing sensitive RAM data.
  • "Ghost Tap" NFC Fraud: Android malware bridging the gap between cyber and physical payment terminal fraud.
  • "ZombieAgent" AI Flaw: Embedding hidden text in documents to hijack AI agents via indirect prompt injection.
  • GoBruteforcer Botnet: Golang-based malware targeting Linux servers to reach Web3/Crypto assets.

🚨 Part 2: Operational Fires

  • D-Link "Zombie" RCE (CVE-2026-0625): Active exploitation of legacy D-Link DSL routers to build residential botnets.
  • APT Alert: UAT-7290: China-linked espionage group using "Operational Relay Boxes" (ORBs) to target Telecommunications and Defense sectors.
  • Black Cat Ransomware SEO Poisoning: The ransomware gang is now poisoning search results for IT tools like "WinSCP" and "Notepad++".
  • Supply Chain & Breaches:

Connect with Us:

  • Subscribe to the Dragon News Bytes feed: Team Cymru
  • Disclaimer: The views expressed in this podcast are those of the hosts and do not necessarily reflect the official policy or position of our employers.

Quotes from Episode