Critical authentication bypass vulnerabilities have been discovered in Zscaler, Netskope, and Check Point ZTNA. These vulnerabilities allow to bypass authentication mechanisms, impersonate users across organizations, and access sensitive data.

RondoDox is a new botnet threat that exploits two critical vulnerabilities: CVE-2024-3721 (TBK DVR models) and CVE-2024-12856 (Four-Faith router models). These vulnerabilities allow remote attackers to execute arbitrary commands.

A sophisticated variant of the Havoc Remote Access Trojan (RAT) was deployed in a targeted cyber intrusion against critical national infrastructure in the Middle East. This variant leverages a disguised remote injector to deploy the Havoc payload.

A critical authentication bypass vulnerability (CVE-2025-49825) has been identified in Teleport, an open-source platform used for secure access to infrastructure via SSH, RDP, Kubernetes, and other protocols.

A critical command injection vulnerability, CVE-2024-3721, in TBK DVR devices is being actively exploited by multiple botnet operators. This flaw enables unauthenticated remote code execution via crafted HTTP requests.

A new phishing campaign leveraging the Horabot malware has been observed targeting Spanish-speaking users in Latin America. Delivered via malicious HTML attachments in phishing emails, Horabot enables lateral propagation through Outlook.

FortiGuard Labs recently observed a sophisticated campaign dubbed RolandSkimmer. This threat actor targets users in Bulgaria, leveraging malicious browser extensions across Chrome, Edge, and Firefox.

1,082 packages employed minimal code within a low file count, around 1,052 packages utilized suspicious installation scripts, 1,043 instances lacked repository URLs, and 974 packages contained suspicious URLs for C2 servers communication.

According to a report released in November 2024, Winos4.0 was distributed through gaming-related applications, however, it spread via an email masquerading as from Taiwan's National Taxation Bureau in the campaign in January 2025.

Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.