Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Banking and Finance
Smart Cities
Public Sector
Cybersecurity Weekly Briefing, 21-27 March
CrackArmor: flaws in AppArmor that allow privilege escalation to root on Linux
Qualys has disclosed nine vulnerabilities in AppArmor, the mandatory access control system used by distributions such as Ubuntu, Debian and SUSE, which have been present since version v4.11 (2017) and are estimated to affect more than 12.6 million enterprise systems. These flaws enable ‘confused deputy’ attacks, where privileged processes such as Sudo or Postfix can be tricked into writing to protected pseudo-files, allowing restrictions to be bypassed and root privileges to be obtained.
The research also demonstrates the possibility of container escape, compromising isolated environments without triggering alerts to the administrator. The risks include DoS via memory exhaustion, the loading of restrictive policies and the unprotection of critical services, with potential impact on sectors such as banking, healthcare and telecommunications.
The issue affects Linux kernels from version 4.11 onwards in distributions that include AppArmor, and as yet there are no CVE identifiers or public proof-of-concepts available.
DarkSword: an iOS exploit chain used by multiple actors
DarkSword is a comprehensive iOS exploit kit identified jointly by the Google Threat Intelligence Group, Lookout and iVerify, which has been in use since at least November 2025 by various actors, including UNC6748, clients of PARS Defense and UNC6353, the latter of which has been linked to operations targeting Ukrainian entities.
The framework affects iPhones running iOS 18.4 to 18.6.2, and Google describes it as a chain based on six vulnerabilities that allows full compromise of the device and the deployment of implants such as GHOSTBLADE, GHOSTKNIFE and GHOSTSABER to steal passwords, history, messages, location, WhatsApp and Telegram data, photos, linked accounts and cryptocurrency wallet contents.
Researchers note that Apple already fixed the flaws in recent versions and blocked malicious domains in Safari. It’s recommended to update iOS and enable LockDown mode on high-risk profiles.
Iran is carrying out cyberattacks by misusing legitimate identities and tools without malware
Palo Alto’s Unit42 has identified a significant shift in the Iranian cyber threat landscape, characterised by a gradual move away from traditional attacks based on destructive malware and the adoption of techniques focused on identity theft.
In this context, the Void Manticore (Handala) actors have compromised highly privileged accounts, enabling them to send legitimate remote wipe commands to over 200,000 devices worldwide. Historically, these actors used visible wiper malware such as Shamoon or ZeroCleare, designed to cause direct sabotage in critical sectors. However, between 2020 and 2022, they evolved towards covert campaigns using fake ransomware such as Apostle and Fantasy, including supply chain attacks to gain deniability.
Since 2023, they have combined hacktivism, data exfiltration and multi-platform wipers such as BiBi, Hamsa and Hatef in hybrid operations. In 2026, the ‘identity weapon’ stands out, enabling large-scale destruction via administrative access without the need for malware.
A custom font can fool AI assistants
LayerX demonstrated that a custom font combined with CSS can manipulate what a user sees versus what AI assistants analyse, enabling prompt injection and social engineering attacks. The DOM contains innocuous text, whilst, through glyph mapping in a custom font, the browser displays malicious instructions that trick the user into executing a reverse shell.
AI assistants that analyse only the HTML interpret the content as safe and fail to detect the threat. In tests, ChatGPT, Claude, Gemini, Copilot, Grok, Perplexity and other assistants did not identify the malicious content. The technique exploits the gap between the DOM analysis layer and the browser’s rendering layer.
AWS Bedrock’s Sandbox mode allows data exfiltration via DNS
BeyondTrust Phantom Labs identified that the sandbox mode of the AWS Bedrock AgentCore Code Interpreter allows external DNS queries to be made, despite AWS describing it as an environment with no network access.
This capability enables C2 channels and data exfiltration via DNS, including the ability to establish remote interactive shells. If the IAM role assigned to the interpreter has extensive permissions, such as access to S3 or Secrets Manager, an attacker can list and extract sensitive information.
AWS reproduced the finding following responsible disclosure, deployed and withdrew an initial fix, and ultimately decided not to address it, opting instead to update the documentation to state that full isolation is only achieved by using VPC mode.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
