A critical command injection vulnerability, CVE-2024-3721, in TBK DVR devices is being actively exploited by multiple botnet operators. This flaw enables unauthenticated remote code execution via crafted HTTP requests.

A new phishing campaign leveraging the Horabot malware has been observed targeting Spanish-speaking users in Latin America. Delivered via malicious HTML attachments in phishing emails, Horabot enables lateral propagation through Outlook.

FortiGuard Labs recently observed a sophisticated campaign dubbed RolandSkimmer. This threat actor targets users in Bulgaria, leveraging malicious browser extensions across Chrome, Edge, and Firefox.

1,082 packages employed minimal code within a low file count, around 1,052 packages utilized suspicious installation scripts, 1,043 instances lacked repository URLs, and 974 packages contained suspicious URLs for C2 servers communication.

According to a report released in November 2024, Winos4.0 was distributed through gaming-related applications, however, it spread via an email masquerading as from Taiwan's National Taxation Bureau in the campaign in January 2025.

Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials.

Fortinet flagged two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, exhibiting behaviors like keylogging, data exfiltration, webhook injection, and anti-VM checks while employing obfuscation to evade detection.

Fortinet's FortiGuard Labs uncovered a sophisticated phishing scheme spreading a new version of Remcos RAT. The attack starts with a phishing email with an Excel file exploiting CVE-2017-0199, allowing remote code execution on the victim's device.

The Python-based infostealer collects user information, text files, PDF files, browser data, crypto wallets, game platforms, browser extensions, and cookies. The stolen data is sent via email to the attacker.

The malware masquerades as legitimate applications like Microsoft Office and creates an empty file to lure users. It also checks for virtual machines and uses sleep obfuscation to evade memory scanners.