A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails.

A recent malware campaign leverages steganography to embed malicious payloads within bitmap resources of 32-bit .NET applications. These payloads are delivered via malspam targeting the financial sector in Türkiye and the logistics sector in Asia.

Ubiquity has disclosed two vulnerabilities in its UniFi Protect platform, including a critical RCE flaw (CVE-2025-23123) with a CVSS score of 10.0 and a medium-severity livestream access issue (CVE-2025-23164) with a CVSS score of 4.4.

A supply chain attack has compromised the npm package rand-user-agent, which averaged 45,000 weekly downloads. Although deprecated, the package remained popular, making it an attractive target for attackers.

A critical input validation vulnerability has been discovered in Microsoft Bookings, a scheduling tool integrated with Microsoft 365. The flaw allows attackers to inject arbitrary HTML into appointment fields.

The Agenda ransomware group (also known as Qilin) has intensified its operations in early 2025, targeting critical sectors such as healthcare, finance, technology, and telecommunications across the US, Netherlands, Brazil, India, and the Philippines.

Security researchers have uncovered a supply chain attack involving three malicious npm packages—sw-cur, sw-cur1, and aiide-cur—that target macOS installations of the Cursor AI IDE.

Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.

Multiple critical vulnerabilities have been discovered in the on-premise version of SysAid IT support software, enabling pre-authenticated remote code execution (RCE) with elevated privileges.

Microsoft has confirmed that the April 2025 security update (KB5055523) is causing authentication issues on domain controllers running Windows Server 2016, 2019, 2022, and 2025.