Skip to content
Back to Home
person using laptop computers

Photo by Jefferson Santos on Unsplash

Critical Infrastructure Under Siege

By ProjectZyper AI 4 min read critical
LinkedIn X
critical-infrastructurevulnerabilitiesremote-code-executionmalwareransomwarezero-daywindowslinux
Cyber Threat Briefing — Apr 3, 2026 Part 2 of 4
Previous Zero-Day Exploits Hit Mercor and TrueConf Next EU Commission Hack Exposes Data
Executive Summary

Over 14,000 F5 BIG-IP APM instances remain exposed to remote code execution attacks, posing significant risks to global security. Additionally, critical ShareFile flaws can be chained together to bypass authentication and upload arbitrary files, while Hitachi Energy's Ellipse product is affected by a Jasper Report vulnerability that can be exploited for remote code execution. To mitigate these vulnerabilities, ensure all ShareFile instances are updated to the latest version, apply patches for the F5 BIG-IP APM and Hitachi Energy's Ellipse vulnerabilities, and implement multi-factor authentication across all sensitive systems.

Introduction

A staggering 14,000 F5 BIG-IP APM instances remain exposed to remote code execution (RCE) attacks, posing significant risks to global security. The recent discovery of critical ShareFile flaws, which can be chained together to bypass authentication and upload arbitrary files, highlights the need for vigilance in securing critical infrastructure. As malware and ransomware threats continue to rise, organizations must stay informed about emerging dangers and take proactive measures to protect themselves. These vulnerabilities not only pose a risk to affected organizations but also have the potential to disrupt critical services, causing widespread harm to individuals and communities.

Vulnerabilities in Critical Infrastructure

Critical infrastructure sectors worldwide face significant risks due to vulnerabilities in various products. For instance, ShareFile flaws can be exploited to bypass authentication and upload arbitrary files, as reported by SecurityWeek. This is particularly concerning because ShareFile is a popular file-sharing platform used by many organizations to share sensitive documents and files. An attacker could exploit these flaws to gain unauthorized access to sensitive information, potentially leading to data breaches or other malicious activities.

Hitachi Energy's Ellipse product is affected by a Jasper Report vulnerability (CVE-2025-10492) that can be exploited for remote code execution, according to CISA. The Ellipse product is used in various critical infrastructure sectors, including energy and manufacturing. This vulnerability is particularly concerning as an attacker could exploit it to gain control of the affected system, potentially disrupting critical operations or causing physical harm.

Over 14,000 F5 BIG-IP APM instances are still exposed to RCE attacks due to a critical-severity vulnerability, as reported by BleepingComputer. The F5 BIG-IP APM is a popular application delivery controller used by many organizations to manage and secure their applications. An attacker could exploit this vulnerability to gain control of the affected system, potentially allowing them to steal sensitive information, disrupt critical services, or conduct other malicious activities.

Emerging Threats and Malware

The threat landscape is evolving rapidly, with new malware and trojans emerging every day. A new malware-as-a-service called CrystalRAT offers remote access, data theft, and prankware features, as reported by BleepingComputer. CrystalRAT is being promoted on Telegram, indicating a potential social engineering vector. This malware is particularly concerning because it can be used to gain unauthorized access to sensitive information, steal data, or conduct other malicious activities.

The Casbaneiro bank trojan is targeting Spanish speakers in Latin America, using advanced malware capabilities to evade detection and replicate rapidly, according to DarkReading. This trojan is particularly concerning because it can be used to steal sensitive financial information, potentially leading to financial loss or identity theft.

WhatsApp alerted 200 users who were tricked into installing a fake iOS app infected with spyware, as reported by The Hacker News. This incident highlights the need for individuals to be cautious when installing apps from unknown sources and to verify the authenticity of the apps before installation.

Technical Details and Mitigation Guidance

To mitigate these vulnerabilities and emerging threats, it's essential to understand the technical details and take proactive measures. Key technical details and mitigation guidance include:

  • ShareFile flaws: Ensure ShareFile instances are updated to the latest version, as recommended by SecurityWeek. Implement robust access controls, such as multi-factor authentication, to prevent unauthorized access to sensitive information.
  • Hitachi Energy's Ellipse vulnerability: Apply the recommended patch or mitigation measures, as recommended by CISA. Implement robust network segmentation and isolation to prevent lateral movement in case of a breach.
  • F5 BIG-IP APM vulnerability: Apply the recommended patch or mitigation measures, as recommended by BleepingComputer. Implement robust access controls, such as multi-factor authentication, to prevent unauthorized access to sensitive information.
  • CrystalRAT malware: Be cautious when clicking on links or installing apps from unknown sources. Implement robust antivirus software and ensure systems are updated to the latest version.
  • Casbaneiro bank trojan: Be cautious when conducting online banking activities and verify the authenticity of banking apps before installation. Implement robust access controls, such as multi-factor authentication, to prevent unauthorized access to sensitive financial information.

Recommendations and Takeaways

To protect against these vulnerabilities and emerging threats, follow best practices and take proactive measures:

  • Keep software up to date to prevent exploitation of known vulnerabilities.
  • Use strong passwords and enable two-factor authentication to protect against remote access threats.
  • Be cautious when clicking on links or installing apps from unknown sources.
  • Implement robust access controls, such as Virtual Private Networks (VPNs), to minimize network exposure for all control system devices and/or systems.
  • Perform proper impact analysis and risk assessment prior to deploying defensive measures, as recommended by CISA.
  • Implement robust antivirus software and ensure systems are updated to the latest version.
  • Conduct regular security audits and penetration testing to identify vulnerabilities and weaknesses in systems.

By following these recommendations and staying informed about emerging threats, organizations can reduce the risk of falling victim to these vulnerabilities and protect themselves against the evolving threat landscape. Prioritize immediate action items:

  1. Update all ShareFile instances to the latest version.
  2. Apply patches for Hitachi Energy's Ellipse vulnerability (CVE-2025-10492) and F5 BIG-IP APM vulnerability.
  3. Implement multi-factor authentication across all sensitive systems.
  4. Conduct a thorough security audit within the next 30 days to identify potential vulnerabilities.
  5. Ensure all employees are aware of the risks associated with installing apps from unknown sources and engaging in online activities without proper precautions.
Sources
Critical ShareFile Flaws Lead to Unauthenticated RCE Hitachi Energy Ellipse Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks New CrystalRAT malware adds RAT, stealer and prankware features Bank Trojan 'Casbaneiro' Worms Through Latin America WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
Related Articles
ProjectZyper AI ProjectZyper AI

AI-powered cybersecurity threat intelligence. Aggregated, analyzed, and published daily.

Powered by AI

Status

Monitoring threat feeds — updated hourly

AI-generated content. Verify critical information independently.

© 2026 ProjectZyper AI. All rights reserved.