Weekly Cyber Threat (2–8 Feb 2026) Bulletin
High Severity Cisco, Django & Apache Syncope Flaws, Flickr Breach and SystemBC Botnet Surge
Reading Time: 5 Minutes
The week of 2–8 February 2026 saw a sharp rise in high impact vulnerabilities and large scale attack campaigns targeting enterprises worldwide. From Cisco Meeting Management and Django to Apache Syncope, Flickr and the SystemBC botnet, security teams must prioritise rapid patching and threat hunting to reduce exposure.
High severity Cisco Meeting Management vulnerability (CVE-2026-20098)
Cisco has disclosed a high severity arbitrary file upload and privilege escalation flaw in Cisco Meeting Management 3.12 and earlier, allowing authenticated users with video operator access to upload malicious files, run arbitrary commands and gain root control. Cisco has released a fix in version 3.12.1 MR and confirmed there are no configuration based workarounds, so organisations in the Middle East using Cisco collaboration tools should urgently upgrade, tighten privileged access and monitor for suspicious file uploads.
Refer: Cisco Security Advisory
Django SQL injection and denial of service vulnerabilities
The Django Software Foundation has disclosed several vulnerabilities in supported Django branches, including three high severity SQL injection bugs and two denial of service flaws affecting features like PostGIS, FilteredRelation and dynamic QuerySet ordering. These issues can enable arbitrary SQL execution, database compromise and service outages, so patches in Django 4.2.28, 5.2.11 and 6.0.2 should be applied urgently, especially for internet facing apps in sectors such as banking, fintech and government in Dubai and Abu Dhabi.
Refer:
Django Security Releases
Django February 2026 Advisory
Apache Syncope XML External Entity vulnerability (CVE-2026-23795)
A medium severity XML External Entity (XXE) flaw affects Apache Syncope Console IdRepo client versions 3.0–3.0.15 and 4.0–4.0.3, caused by insufficient validation of XML input when configuring Keymaster parameters. This can allow crafted payloads to exfiltrate sensitive files, internal resources and authentication data, exposing session tokens and configuration details and raising the risk of wider compromise. Fixes are available in Syncope Console 3.0.16 and 4.0.4, and IAM platforms in regulated sectors such as financial services, telecom and government should be prioritised in patch cycles.
Flickr third party email provider breach
Flickr disclosed a potential data breach via a third party email provider, possibly exposing data for its 35 million monthly active users, including usernames, emails, account types, IP addresses, location data and activity metadata—but no passwords or payment details. While this limits direct account takeover risk, the leaked metadata enables targeted phishing and privacy violations. Flickr has notified authorities, contacted affected users and urged phishing vigilance, highlighting persistent third party supply chain risks.
Global SystemBC botnet campaign impacting 10,000+ systems
Threat intelligence researchers uncovered a widespread SystemBC botnet campaign affecting over 10,000 IP addresses globally. SystemBC (aka Coroxy/DroxiDat) transforms compromised hosts into SOCKS5 proxies and backdoors, enabling traffic routing, persistence and follow on attacks like ransomware. Infections cluster in hosting networks with 38-day average dwell times—some exceeding 100 days—and hit government sites plus WordPress exploitation infrastructure. UAE and GCC security teams should boost infrastructure monitoring, inspect outbound proxy traffic and swiftly remediate SystemBC indicators.
Refer: Silent Push Research
Stay secure. Stay informed.
Crowe UAE – Cyber Threat Management
Help desk: [email protected] | +971 553437694