FrigidStealer is a Go-based malware built with the WailsIO framework to make the installer appear legitimate during infection. The malware extracts saved cookies, login credentials, and password-related files stored in Safari or Chrome on macOS.

These vulnerabilities have been assigned Common Vulnerability Scoring System (CVSS) numbers ranging from 2.8 to 3.3 representing a Low level of impact. Successful exploitation could lead to limited denial of service and information disclosure.

The malicious MSC file is often disguised as a harmless document, such as a Word file. When the victim opens the file, it downloads and executes a PowerShell script from an external server. This script then decodes and runs the Rhadamanthys Stealer.

The vulnerabilities, tracked as CVE-2022-0778 and CVE-2025-0867, could allow attackers to cause a denial of service or potentially execute arbitrary code on affected devices.

The attackers rely on search engine optimization (SEO) poisoning to direct users to fraudulent download pages for apps like Signal, Line, and Gmail, which deliver ZIP files containing executable malware.

The vulnerability was anonymously disclosed to Microsoft and subsequently, a proof-of-concept exploit was published on GitHub by a security researcher. The exploit leverages a DLL sideloading technique with cleanmgr.exe.

Recently, cybersecurity researchers uncovered a new campaign where sectopRAT disguises itself as a legitimate Google Chrome extension named “Google Docs,” further amplifying its stealth and data-theft capabilities.

An attacker who successfully performs a man-in-the-middle attack on the WLAN or LAN can intercept user credentials. This could grant full control over the router, enabling settings manipulation, data theft, or launch further attacks.

BlackLock actively recruits key players, known as traffers, to support the early stages of ransomware attacks. These individuals drive malicious traffic, steer victims to harmful content, and help establish initial access for campaigns.

The two critical-rated vulnerabilities include CVE-2025-21355 (CVSS score: 8.6), a Microsoft Bing remote code execution vulnerability, and CVE-2025-24989 (CVSS score: 8.2), a Microsoft Power Pages elevation of privilege vulnerability.