Cybercriminals are exploiting the popularity of AI-powered content creation tools by deploying fake websites that impersonate platforms like CapCut, Adobe Express, and Canva.

North Korea-aligned cybercriminals, known as DeceptiveDevelopment, have been targeting freelance software developers with fake job offers to steal cryptocurrency wallets and login information.

Some employment scams are shifting focus from “hiring” to “firing” staff, creating a new type of scam known as job termination scams. These scams exploit individuals who are currently employed or searching for jobs.

Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks.

The first backdoor, WolfsBane, is a Linux version of Gelsevirine, a Windows backdoor used by Gelsemium. WolfsBane is a Linux equivalent of Gelsemium’s Gelsevirine backdoor and the WolfsBane dropper is analogous to the Gelsemine dropper.

ESET's analysis of RedLine Stealer revealed how the malware has evolved into a Malware-as-a-Service (MaaS) operation. The RedLine panel allows affiliates to manage cybertheft campaigns targeting credentials and financial data with ease.

A toolset called CloudScout developed by the APT group Evasive Panda is targeting Taiwanese institutions to extract cloud-based data. The attacks, discovered by ESET, exploit session cookies stolen by MgBot plugins to access cloud services.

ESET researchers revealed that the Telekopye scam toolkit, previously known for targeting online marketplace users, has now turned its focus towards exploiting tourists via accommodation booking platforms like Booking.com and Airbnb.

The GoldenJackal threat actor has been targeting embassies and government organizations with a focus on infiltrating air-gapped systems. The group has been active since at least 2019.

CosmicBeetle has unleashed a new ransomware called ScRansom, targeting SMBs in Europe, Asia, Africa, and South America, possibly working with RansomHub. The threat actor swapped its Scarab ransomware for ScRansom, showing ongoing enhancements.