The Good, the Bad and the Ugly in Cybersecurity – Week 9

This report summarizes three major security developments: (1) authorities arrested members of the Anonymous Fénix hacktivist group while a former L3Harris executive was sentenced for stealing and selling zero-day exploits to a Russian broker, highlighting rising insider-facilitated trade in offensive tools; (2) Iranian-linked MuddyWater launched “Operation Olalampo,” delivering new malware variants (GhostFetch, HTTP_VIP, GhostBackDoor, CHAR) via macro-enabled phishing and Telegram-based C2 across the MENA region; and (3) threat actors are actively exploiting a critical Cisco Catalyst SD‑WAN authentication bypass (CVE-2026-20127), allowing insertion of malicious peers and posing severe risks to network edge and critical national infrastructure.