Trend Micro researchers said the Albabat ransomware version 2.0 not only targets Microsoft Windows but also gathers system and hardware information on Linux and macOS systems.

The vulnerability, tracked as CVE-2025-2538, carries a CVSS score of 9.8, marking it as a critical severity issue. It specifically affects certain deployments of Portal for ArcGIS, a core component in the ArcGIS Enterprise ecosystem.

Valve has removed from its Steam store the game title 'Sniper: Phantom's Resolution' following multiple users reporting that the demo installer infected their systems with information stealing malware.

Researchers at Elastic Security Labs observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS) called HeartCrypt.

The flaw, tracked as CVE-2025-26909, impacts all versions of WP Ghost up to 5.4.01 and stems from insufficient input validation in the 'showFile()' function. Exploitation could allow attackers to include arbitrary files via manipulated URL paths.

The two malicious extensions, named "ahban.shiba" and "ahban.cychelloworld," were downloaded seven and eight times, respectively, before they were eventually removed from the store.

SANS Technology Institute's Dean of Research Johannes Ullrich reported that threat actors are now chaining the two security flaws in exploitation attempts targeting Cisco Smart Licensing Utility instances exposed on the Internet.

Researchers reported a cyber intrusion campaign targeting South Korean entities, where attackers deployed a Rust-compiled loader to deliver a modified Cobalt Strike Cat (version 4.5) via a briefly exposed web server.

The vulnerability, identified as CVE-2024-10442, is an off-by-one error in the transmission component of the Synology Replication Service. It affects Synology Unified Controller (DSMUC) and Replication Service for various versions of Synology DSM.

This security flaw allows unauthenticated attackers to include and execute arbitrary PHP files on the server. The risk associated with this vulnerability is particularly severe, as it could lead to full server compromise.