Threats Affecting Vietnam

A malware-as-a-service campaign named Weedhack targets Minecraft users by distributing malicious Java JAR files via SEO poisoning and YouTube videos. The malware steals credentials, system information, and can remotely control infected systems. It is notable for its ease of access, free tier, and appeal to younger users, with infections primarily in the U. S. and several other countries. Additionally, a large CountLoader campaign spreads cryptocurrency clipper malware via cracked software, and a separate campaign distributes cryptocurrency miners through pirated content sites. These campaigns leverage sophisticated persistence and evasion techniques and have been active since early 2026.

MediumSecurity-newsUnited StatesGermanyIndia+9#cybersecurity#reddit

A sophisticated CHM-based malware campaign has been identified targeting Vietnamese victims through a trojanized CV document. The infection chain utilizes a compiled HTML file that deploys a multi-stage payload delivery mechanism involving Python interpreters, C++ DLLs, and layered XOR encryption. The malware establishes persistence through Shell hijacking and scheduled tasks, ultimately delivering a weaponized version of Rebex.Common.dll functioning as a Telegram-based remote access trojan. The RAT communicates via Telegram bot API, supporting commands for file download, token swapping, and arbitrary command execution. The infection demonstrates characteristics typical of targeted state-sponsored activity rather than opportunistic cybercrime, employing techniques historically associated with advanced threat actors operating in the Southeast Asian region.

MediumCampaignVietnam#multi-stage payload#telegram rat#chm infection

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload.

CriticalVulnerabilityChinaTaiwanHong Kong+7#cve#cve-2026-30643

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales transactions. This leads to incorrect financial calculations, corruption of sales reports, and potential financial loss.

HighVulnerabilityUnited StatesIndiaBrazil+7#cve#cve-2026-30573

Key Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf software installed in the targets’ environment. The investigation led to the discovery of a zero-day vulnerability in the TrueConf client, tracked as CVE-2026-3502 with a CVSS score of 7.8. […] The post Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets appeared first on Check Point Research .

MediumExploitIndonesiaMalaysiaThailand+4

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

MediumVulnerabilityUnited StatesIndiaBrazil+7#cve#cve-2026-30564

A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject arbitrary web script or HTML that is stored in the database and executed whenever the store details page is accessed.

MediumVulnerabilityUnited StatesIndiaPhilippines+7#cve#cve-2026-30563

Silver Fox, a threat actor, is exploiting Japan's tax filing and organizational change season with a targeted spearphishing campaign against Japanese businesses. The group sends convincing phishing emails related to tax compliance, salary adjustments, and HR matters, tricking recipients into opening malicious links or attachments. The campaign capitalizes on the high volume of legitimate financial and HR communications during this period, increasing the risk of compromise. Silver Fox has expanded its targets from Chinese-speaking entities to Southeast Asia, Japan, and potentially North America. The group uses ValleyRAT, a remote access trojan, to gain control of compromised machines and steal sensitive information. To protect against this threat, organizations should increase vigilance, reinforce awareness about phishing attempts, and verify the authenticity of tax- and HR-themed requests.

MediumMalwareJapanChinaSingapore+7#targeted attacks#valleyrat#financial lures

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

HighVulnerabilityChinaIndiaBrazil+7#cve#cve-2026-4960

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

HighVulnerabilityChinaIndiaRussia+7#cve#cve-2026-4961