Top stories.
- Five Eyes allies issue advisory on Chinese intelligence operations.
- Researchers track versatile China-based cybercrime group.
- Cisco fixes critical flaw affecting Unified CM.
Five Eyes allies issue advisory on Chinese intelligence operations.
The Five Eyes allies issued a joint warning yesterday outlining Chinese intelligence campaigns that are using LinkedIn and other professional networking sites to target government and military personnel and people with peripheral access to privileged information.
The advisory states, "These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks, or human resources (HR) firms, and place online job advertisements for foreign policy and defence analysts (or similar). Successful candidates are pressured to provide 'non-public' information for unspecified clients who are associated with the Chinese government." The goal of the operation is "to acquire privileged military, political, and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes."
The alert was issued by the US FBI, the UK's MI5, and their counterparts in Australia, Canada, and New Zealand. The Washington Post notes that such joint warnings are rare, and this is the first time the agencies have combined to address threats spreading on job platforms.
Researchers track versatile China-based cybercrime group.
Proofpoint has published a report on a suspected China-based cybercriminal actor tracked as "TA4922" that uses business-themed phishing lures to distribute several families of malware. The researchers note, "This actor is unique due to its wide variety of lure themes, targeting, and objectives. TA4922 distributes malware, credential phishing, and attempts fraud like credit card theft. Cybercriminals will sometimes display multiple objectives (using credential phishing to enable fraud, for example), but TA4922’s consistency with disparate campaigns, payloads, and goals makes it one of the most unique actors tracked by Proofpoint."
The threat actor targets organizations globally, but it primarily focuses on Japanese entities.
Cisco fixes critical flaw affecting Unified CM.
Cisco has released patches for a critical vulnerability (CVE-2026-20230) affecting Unified Communications Manager (Unified CM) that can allow unauthenticated threat actors to obtain root privileges via server-side request forgery (SSRF) attacks, BleepingComputer reports. Cisco explains, "This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root."
The vulnerability has a CVSS score of 8.6, but Cisco says the company "has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root."
