A recent security scan by Censys uncovered 5,219 devices vulnerable to attacks by Iranian Advanced Persistent Threats (APTs), with the majority of these devices located in the United States. Meanwhile, the GlassWorm malware has evolved to utilize a Zig dropper, enabling it to infect multiple developer tools. Notably, a Remote Code Execution (RCE) vulnerability, tracked as CVE-2026-39987, was exploited mere hours after its disclosure, sparking concerns about its potential impact1. This vulnerability is currently being discussed in relation to Iranian threat actors, and its exploitation status will determine whether it requires immediate patching or ongoing monitoring. The severity of these threats is further highlighted by a recent ransomware attack on ChipSoft, which knocked electronic health record services offline across hospitals in the Netherlands and Belgium. The active exploitation of CVE-2026-39987 underscores the need for prompt attention from security practitioners to prevent potential attacks.
Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION
⚠️ Critical Alert
Why This Matters
CVE-2026-39987 is in active discussion involving Iran — exploitation status determines whether this is patch-now or monitor.
References
- Paganini, P. (2026, April 12). Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION. *SecurityAffairs*. https://securityaffairs.com/190662/security/security-affairs-newsletter-round-572-by-pierluigi-paganini-international-edition.html
Original Source
SecurityAffairs
Read original →