No recent events yet!
ngCERT alerts organizations and users to an actively exploited zero-day vulnerability in Microsoft Windows Desktop Window Manager (DWM), tracked as CVE-2026-20805. The flaw arises from improper handling of Advanced Local Procedure Call (ALPC) messages, allowing attackers with local access to trigger memory disclosure and obtain internal pointers and heap/base address details. While it does not directly allow remote code execution or privilege escalation, it can be leveraged to bypass exploit mitigations like ASLR, increasing the reliability of subsequent attacks. Users and organizations are advised to apply recommended patches, monitor for suspicious activity, and follow security best practices to mitigate risks.
ngCERT is issuing an urgent advisory on the compromise of critical infrastructure by multiple variants of Remote Access Trojans (RAT). Particularly, variants such as Adwind, AsyncRAT, Firebird, Imminent Monitor, NetWire, Orcus, Remcos, Warzone, and WSH RATs are capable of enabling unauthorised remote control over infected systems. These have implications for data breaches, financial fraud and theft, cyber espionage and operational disruption. ngCERT strongly recommends conducting immediate vulnerability scans and deploying endpoint detection tools to mitigate the threats posed by these RATs.
ngCERT is issuing an alert on the infiltration of Pseudomanuscrypt malware, a sophisticated spyware campaign primarily impacting Windows OS. Notably, this mass-scale operation has infected over 35,000 systems globally, focusing mainly on industrial control systems (ICS) and government entities. Particularly, Pseudomanuscrypt infiltration can lead to theft of sensitive credentials and data, potentially enabling follow-on ransomware attacks, financial fraud, and possible sabotage of critical infrastructure across various sectors. This underscores the need for individuals and organisations to take proactive steps to safeguard against Pseudomanuscrypt infiltration.
ngCERT alerts stakeholders on M0yv malware infection detected in Nigeria’s cyberspace. M0yv is a sophisticated file-infector virus developed by Maze ransomware creators, which spreads by appending malicious code to executable files on infected systems and networks. The malware is often misidentified as Expiro by antivirus software and targets Windows environments, while enabling further attacks like ransomware deployment. The impacts range from file corruption to potential data loss, ransomware encryption, network-wide propagation and disruptions, as well as heightened risks of data exfiltration or persistent threats. Individuals and organisations are advised to take proactive steps to safeguard systems from the threats posed by M0yv malware.
ngCERT is issuing an urgent security alert on increasing Pykspa malware infiltrations targeting critical systems. Pykspa, also identified as (Tigger RAT or HeyHey) is a Remote Access Trojan (RAT) and worm malware family used by threat actors to harvest credentials, deploy additional payloads, and conduct surveillance on infected systems. Evolving through multiple versions, including an updated v2 Domain Generation Algorithm (DGA) in late 2023, Pykspa maintains a global footprint with at least 10,000 infected hosts daily as of early 2024. Its resilience stems from DGA-based command-and-control (C2) evasion and self-propagation tactics, posing ongoing risks to individuals, enterprises, and critical infrastructure reliant on communication tools. Accordingly, users and systems administrators are advised to take proactive steps to guard against Pykspa malware threats
