The Good, the Bad and the Ugly in Cybersecurity – Week 16

This report details three major items: (1) law enforcement dismantled the W3LL phishing marketplace that enabled MFA-bypassing phishing and facilitated tens of thousands of account compromises and millions in fraud, and two defendants were sentenced for enabling DPRK remote-worker fraud; (2) CERT-UA uncovered the AgingFly C# malware campaign targeting Ukrainian local governments, hospitals, and possibly defense personnel, using LNK/PowerShell chains, on-host compilation of handlers, credential theft tools, and C2 via Telegram; and (3) a critical unauthenticated Nginx UI auth-bypass (CVE-2026-33032) is being actively exploited to achieve full server takeover, with thousands of exposed instances remaining—organizations are urged to patch immediately.