Not all ad traffic is created equal—especially when it’s part of a large-scale fraud scheme like Scallywag, which is exploiting WordPress plugins to inject malicious code, generating up to 1.4 billion fake ad requests daily. In parallel, researchers have uncovered RustoBot, a new Rust-based botnet targeting TOTOLINK and DrayTek routers. Meanwhile, phishers are abusing Google OAuth to send DKIM-authenticated emails, luring users to fake support pages on Google Sites to steal credentials. Continue reading for the top cybersecurity highlights from the last 24 hours.
01
A massive ad fraud campaign dubbed Scallywag has been found compromising WordPress plugins to generate up to 1.4 billion fraudulent ad requests daily, monetizing pirated and URL-shortening sites.
02
Researchers identified RustoBot, a new botnet written in Rust that exploits vulnerabilities in TOTOLINK and DrayTek routers to gain remote control over devices.
03
Threat actors are exploiting weakly secured MS-SQL servers to install outdated Ammyy Admin software, enabling unauthorized remote access and control of compromised systems.
04
An attack campaign involving malicious npm and PyPI packages was found mimicking Google Analytics and Telegram to steal cryptocurrency wallet credentials from developers.
05
A critical vulnerability (CVE-2025-1863) in Yokogawa’s industrial recorders, stemming from disabled authentication by default, exposed critical systems to unauthorized access and allowed attackers to manipulate operational controls and settings.
06
North Korean IT operatives are using deepfake technology to create convincing synthetic identities and infiltrate organizations via remote job interviews to facilitate cyberespionage, data theft, and financial fraud.
07
A high-severity vulnerability in the Greenshift WordPress plugin, affecting over 50,000 websites, could allow unauthenticated attackers to upload arbitrary files, leading to RCE and full server control.
08
Phishers were found leveraging Google OAuth to send DKIM-authenticated emails, tricking users into visiting fake support pages hosted on Google Sites to steal credentials.
09
A critical vulnerability in WinZip up to version 29.0, tracked as CVE-2025-33028, could allow attackers to bypass Windows’ Mark-of-the-Web (MotW) security feature, enabling silent execution of malicious code from extracted files without triggering security warnings.
10
Kenzo Security, an agentic AI security operations platform, secured $4.5 million in funding from The General Partnership and Michael Coates, former CISO of Mozilla and Twitter.
