A sophisticated malware campaign has been targeting South Korean Internet cafés since mid-2024, exploiting management software to deploy Gh0st RAT and T-Rex CoinMiner for unauthorized cryptocurrency mining.

Critical vulnerabilities in Consilium Salwico CS5000 fire panels expose maritime vessels to severe operational risks. Hardcoded SSH and VNC credentials allow remote access, potentially disabling fire detection systems.

A newly discovered Remote Access Trojan (RAT) targeting Windows systems employs corrupted DOS and PE headers to evade detection and hinder analysis. The malware was found running undetected for several weeks on a compromised host.

A moderate-severity vulnerability, CVE-2025-27522, has been identified in Apache InLong versions 1.13.0 through 2.1.0. It allows deserialization of untrusted data during JDBC verification, enabling attackers to bypass security mechanisms.

Cybercriminals are distributing malware disguised as AI tool installers, targeting users seeking AI solutions. Cisco Talos has identified three major threats: CyberLock ransomware, Lucky_Gh0$t ransomware, and a destructive malware named Numero.

A critical cross-site scripting (XSS) vulnerability, tracked as CVE-2025-47933 and GHSA-2hj5-g64g-fp6p, has been discovered in Argo CD, a popular open-source GitOps tool for Kubernetes.

Ransomware groups such as BlackSuit, Royal, Akira, Scattered Spider, Medusa, and Hunters International are exploiting Cloudflared, a legitimate tunneling tool by Cloudflare, to conduct stealthy cyberattacks.

Guest users can gain full control over Azure subscriptions within a host tenant, enabling them to disable security monitoring, create persistent backdoors, and manipulate device trust settings.

A new RAT named NodeSnake has been deployed by the Interlock ransomware group in targeted attacks against UK educational institutions. NodeSnake is under active development and is designed for persistent access to compromised networks.

A novel botnet campaign dubbed AyySSHush has compromised over 9,000 ASUS routers, including models RT-AC3100, RT-AC3200, and RT-AX55. The campaign leverages brute-force attacks, authentication bypass, and exploitation of known vulnerabilities.