A new attack campaign, dubbed Operation Zero Disco, exploits the Cisco SNMP vulnerability CVE-2025-20352 to deploy Linux rootkits on unprotected Cisco devices. The campaign targets Cisco 9400, 9300, and legacy 3750G series switches.

A supply chain vulnerability was found in the Axis Plugin for Autodesk Revit, where hard-coded Azure Storage Account credentials were embedded in signed DLLs. These credentials enabled unauthorized access to cloud-hosted MSI installers and RFA files.

A new malware campaign named SORVEPOTEL is actively targeting Brazilian users via WhatsApp and email. It spreads through phishing messages containing ZIP files with malicious LNK shortcuts, aiming for rapid propagation rather than data theft.

LockBit 5.0 is the latest evolution of the notorious ransomware family, now featuring cross-platform capabilities targeting Windows, Linux, and VMware ESXi systems. LockBit 5.0 was released in early September to mark the group’s sixth anniversary.

A critical security flaw in Wondershare RepairIt, an AI-powered image and video enhancement application, has exposed sensitive user data and created a high risk of supply chain attacks.

A new wave of phishing campaigns is exploiting AI-native development platforms such as Vercel, Netlify, and Lovable to host fake CAPTCHA pages. These deceptive pages serve as a gateway to credential-harvesting phishing sites.

EvilAI is a sophisticated malware campaign leveraging AI-generated code and social engineering to distribute trojans disguised as legitimate applications. These fake apps feature professional interfaces and valid digital signatures.

A recent campaign involving the AMOS targets macOS users by disguising malware as cracked applications like “CleanMyMac” from sites such as haxmac[.]cc. These redirect to domains like misshon[.]com, which perform OS fingerprinting.

The TAOTH campaign is a targeted cyber-espionage operation exploiting end-of-support software and spear-phishing to deploy multiple malware families - TOSHIS, DESFY, GTELAM, and C6DOOR.

Two critical vulnerabilities—CVE-2025-53770 and CVE-2025-53771—affecting on-premise Microsoft SharePoint Servers are being actively exploited in the wild. These flaws enable unauthenticated RCE through advanced deserialization and ViewState abuse.