FIN7 has been linked to a Python-based backdoor called Anubis that can grant them remote access to compromised Windows systems. This malware allows attackers to execute remote shell commands and other system operations.

According to a report from Shadowserver, the majority of exploitation attempts originate from IP addresses in Asia, with a small number coming from Europe and North America.

Cybercriminals are leveraging fake CAPTCHA verification pages dubbed ClickFix to distribute malware, including infostealers, ransomware, and the notorious Qakbot banking trojan.

On Monday, Apple rolled out new security updates for the latest generation mobile devices, resolving 60 vulnerabilities with iOS 18.4 and iPadOS 18.4, and 38 flaws with iPadOS 17.7.6.

Researchers at eSentire spotted a new KoiLoader variant using phishing, LNK file abuse, PowerShell, and layered scripts to evade detection, gain persistence, and deliver KoiStealer malware for data theft via encrypted C2 communication.

The attack chains involve the use of provisioning packages (.ppkg), signed Microsoft Windows Installer files (.msi), and .msc files to deliver information stealers and backdoors that are capable of persistence and data theft.

Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.

The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the rise, with threat actors now utilizing the folder to run three distinct types of malicious code.

Blockchain intelligence platform TRM Labs reports that U.S. state investigators, primarily the FBI, uncovered laundering patterns of amounts linked to 'romance baiting' operators, enabling them to file a dual legal forfeiture.

During the outage, the Moscow subway’s website displayed a message purportedly from Ukraine’s national railway operator, Ukrzaliznytsia, which was recently hit by a large-scale cyberattack.