Royal Mail Group, the UK’s centuries-old postal institution, has allegedly suffered a massive data breach resulting in the leak of 144GB of internal files, customer information, and marketing data.

In this campaign, cybercriminals deliver the dangerous VenomRAT hidden inside a virtual hard disk image file (.vhd) instead of the usually infected documents or executable files.

The phishing emails, sent under the name “Binance,” urge recipients to claim newly launched Trump-themed cryptocurrency. A link directs users to a counterfeit Binance website that mimics official branding.

According to SlashNext’s research, the Astaroth phishing kit is designed to bypass two-factor authentication (2FA) through a combination of session hijacking and real-time credential interception.

This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.

Cybersecurity researchers at Morphisec Threat Lab discovered a new version of the sophisticated ValleyRAT malware distributed through various channels including phishing emails, instant messaging platforms, and compromised websites.

Interestingly, unlike typical skimmers that target checkout pages, this one targeted the cart page. It intercepted the checkout button click and presented users with a fake, multi-step payment form within a pop-up window.

Researchers revealed a network of malicious repositories offering seemingly legitimate content such as game hacks, cracked software, and free cryptocurrency tools, all designed to lure unsuspecting users into downloading and executing harmful code.

This campaign resulted in compromising over 18,459 devices globally. The stolen data included sensitive information like browser credentials, Discord tokens, Telegram data, and system information from the compromised devices.

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account and replaced the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version.