A joint cybersecurity advisory issued in May 2025 by agencies from the U.S., U.K., EU, NATO, and allied nations has revealed an ongoing cyber-espionage campaign by the Russian GRU’s 85th Main Special Service Centre (GTsSS), also known as APT28.

StealC V2, introduced in March 2025, utilizes a JSON-based network protocol with RC4 encryption implemented in recent variants. StealC V2 supports loader options that can deliver Microsoft Software Installer (MSI) packages, and PowerShell scripts.

Tracked as CVE-2025-46337, the vulnerability resides in the PostgreSQL driver’s pg_insert_id() method, potentially allowing attackers to execute arbitrary SQL commands in vulnerable applications.

Venom Spider continues to use job seekers as a lure targeting HR departments and corporate recruiters in its phishing. The group spreads its infamous More_eggs backdoor with new levels of stealth and obfuscation.

A critical privilege escalation vulnerability, dubbed ConfusedComposer, was discovered in Google Cloud Platform’s (GCP) Cloud Composer service. The vulnerability has been patched by Google, with updates rolled out to new Composer instances.

Zyxel has released patches addressing two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws— CVE-2025-1731 and CVE-2025-1732 —could allow local attackers to escalate privileges under specific conditions.

Tracked as CVE-2025-3616 and carrying a CVSS score of 8.8, this flaw allows authenticated users — even those with mere subscriber-level access — to upload arbitrary files, including malicious PHP scripts, and execute them remotely.

A critical security vulnerability has been identified in Brocade Fabric OS, posing a significant risk to affected systems. The vulnerability could allow a local user with admin privileges to execute arbitrary code with full root privileges.

A proof-of-concept (PoC) has been released for CVE-2024-53104, a high-severity Android kernel vulnerability exploited by Cellebrite in a targeted attack against a student activist.

A critical Remote Code Execution (RCE) vulnerability, CVE-2025-32434, has been discovered in PyTorch, a widely used open-source deep learning framework. Successful exploitation allows attackers to execute arbitrary commands on the host system.