Hackers are using weaponized .HTA files to deploy the Epsilon Red ransomware, leveraging ActiveX and Windows Command Shell for stealthy payload delivery. The malware employs social engineering tactics.

Gunra ransomware, active since April 2025, targets Windows systems and uses advanced tactics, including rapid file encryption and shadow copy deletion, to maximize impact. The ransomware shows similarities to Conti ransomware.

Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. The campaign employs a five-stage execution chain.

Researchers identified five critical vulnerabilities in Bloomberg’s Comdb2 version 8.1, an open-source clustered database system. These flaws can be exploited remotely to cause denial-of-service (DoS) conditions via specially crafted TCP packets.

A newly discovered botnet campaign is exploiting VoIP-enabled routers by leveraging default password attacks over Telnet. Initially detected in a small New Mexico community, the operation has since expanded globally, compromising over 500 devices.

Researchers uncovered 13 critical vulnerabilities in the Niagara Framework, developed by Tridium. These flaws, consolidated into 10 CVEs, affect building management, industrial automation, and smart infrastructure systems globally.

A recent supply chain attack compromised Toptal’s GitHub account, resulting in the distribution of malware through its Picasso developer toolbox. The attack affected over 5,000 downloads and involved 10 npm packages.

A sophisticated cyber espionage campaign by Fire Ant has targeted VMware ESXi hosts, vCenter servers, and network appliances. This activity is part of a broader trend of persistent targeting of network edge devices by China-linked threat actors.

Suspected to be developed using large language models (LLMs) or automation frameworks, Koske is a sophisticated threat designed to deploy CPU and GPU-optimized cryptominers for 18 different cryptocurrencies.

A new malware campaign involving the Scavenger Trojan family has been uncovered, targeting crypto wallets and password managers through DLL Search Order Hijacking. The trojans are distributed via game mods and browser-based lures.