A new RAT named NodeSnake has been deployed by the Interlock ransomware group in targeted attacks against UK educational institutions. NodeSnake is under active development and is designed for persistent access to compromised networks.

The "Dark Partners" group is conducting a global crypto theft campaign using fake websites mimicking popular AI, VPN, and crypto apps. These sites distribute Poseidon (macOS) and Lumma (Windows) infostealers, along with the PayDay Loader malware.

A novel botnet campaign dubbed AyySSHush has compromised over 9,000 ASUS routers, including models RT-AC3100, RT-AC3200, and RT-AX55. The campaign leverages brute-force attacks, authentication bypass, and exploitation of known vulnerabilities.

Fake Zenmap and WinMRT websites are targeting IT staff with malware through SEO poisoning campaigns. These sites distribute trojanized installers for popular tools like Zenmap and WinMTR.

A series of sophisticated phishing campaigns are targeting macOS users by distributing fake Ledger Live applications designed to steal 24-word seed phrases used to access cryptocurrency wallets.

A critical Signature Wrapping vulnerability (CVE-2025-47949) has been discovered in the Samlify Node.js library, which is widely used for implementing SAML-based Single Sign-On (SSO) and Single Log-Out (SLO).

SK Telecom, South Korea’s largest mobile network operator, has disclosed a major cybersecurity breach that persisted undetected for nearly three years, from June 2022 to April 2025.

Cellcom, a regional wireless provider serving Wisconsin and Upper Michigan, has confirmed that a cyberattack was responsible for a widespread service outage that began on May 14, 2025.

The source code for the VanHelsing ransomware-as-a-service (RaaS) operation has been leaked on the RAMP cybercrime forum. This includes the Windows encryptor builder, affiliate panel, and data leak blog.

Tracked as CVE-2025-22462, the security flaw can let unauthenticated attackers gain administrative access to unpatched systems in low-complexity attacks, depending on system configuration.