Ukrainian systems have come under fire in a series of coordinated cyberattacks. CERT-UA linked the incidents to WRECKSTEEL, a malware strain deployed against state agencies and critical infrastructure. Along with the tax season, have come tax-related email attacks. Microsoft warned about multiple such phishing campaigns. What Coquettte lacks in sophistication, it makes up for in persistence. This low-skilled threat actor is distributing malware disguised as legitimate software, relying on Russian bulletproof hosting. Read on for more.
01
CERT-UA reported three cyberattacks against state administration bodies and critical infrastructure facilities in Ukraine, which dropped the WRECKSTEEL malware.
02
Microsoft has warned of multiple phishing campaigns that use tax-related themes to distribute malware and steal credentials. The phishing pages are delivered via a PhaaS platform known as RaccoonO365.
03
In the wake of the Bybit heist, researchers identified 596 dubious domains from at least 13 countries within three weeks of the largest crypto theft in history.
04
A maximum severity vulnerability (CVE-2025-30065) has been discovered in Apache Parquet's Java Library, which could potentially allow remote attackers to execute arbitrary code on vulnerable systems.
05
A low-skilled threat actor, known as Coquettte, has been discovered using a Russian bulletproof hosting provider, Proton66, to distribute malware, including the Rugmi malware loader, under the guise of legitimate software.
06
The CISA warned about the increasing threat of fast flux attacks, a technique used by malicious actors to obscure the locations of malicious servers by rapidly altering their DNS records.
07
The supply chain attack on GitHub that targeted Coinbase in March was traced back to a single token stolen from a SpotBugs workflow, which led to the compromise of multiple projects and the exposure of secrets in 218 repositories.
08
OpenVPN recently addressed a security vulnerability, CVE-2025-2704, that could potentially allow attackers to crash servers and execute remote code under certain conditions.
09
The Hunters International RaaS operation is rebranding and shifting its focus from ransomware to data theft and extortion-only attacks, launching a new operation called World Leaks.
10
Adaptive Security raised $43 million in a Series A funding round led by Andreessen Horowitz and the OpenAI Startup Fund, with participation from others.
