Go to listing page

Daily Cybersecurity Roundup, April 30, 2025

A wave of targeted cyberattacks is sweeping across the APAC region, with APT groups and cybercriminals increasingly focusing their sophisticated tactics on government and public sector entities. Earth Kasha has launched a spear-phishing campaign against government and public sector entities in Taiwan and Japan, leveraging a modified version of the ANEL backdoor to infiltrate sensitive systems. In parallel, Wordfence has identified a new malware strain masquerading as a WordPress plugin called ‘WP-antymalwary-bot.php’. Meanwhile, cybercriminals are monetizing stolen data, trading over 31,000 Australian banking credentials online. Here’s a quick roundup of cybersecurity news from the past 24 hours.

01

Earth Kasha APT group has been launching a spear-phishing campaign with modified ANEL backdoor, targeting government and public institutions in Taiwan and Japan.

02

Wordfence discovered a malware variant disguised as a WordPress plugin named ‘WP-antymalwary-bot.php’, which allows attackers to maintain site access, hide from the dashboard, and execute remote code.

03

Gremlin Stealer, a new C#-based infostealer malware, is being sold on Telegram. It targets browser cookies, cryptocurrency wallets, and FTP/VPN credentials and exfiltrates them to a dedicated server for malicious use.

04

Pakistan-linked APT group Transparent Tribe (APT36) has been using Pahalgam Terror Attack-themed phishing documents and fake domains impersonating Indian government websites to deliver malicious payloads, including Crimson RAT.

05

Cybercriminals are trading over 31,000 stolen Australian banking passwords online, captured by infostealer malware targeting Windows devices.

06

Law enforcement agencies from the U.K and the Netherlands have dismantled the JokerOTP phishing operation, responsible for over 28,000 attacks across 13 countries and £7.5 million (~ $10 million) in fraud.

07

Researchers have uncovered AirBorne, a set of critical vulnerabilities in Apple’s AirPlay protocol and SDK, which enable zero-click, wormable RCE, allowing attackers to fully compromise billions of Apple and third-party devices via wireless or peer-to-peer connections.

08

Google and Mozilla have released Chrome 136 and Firefox 138 updates, addressing multiple high-severity vulnerabilities, with Chrome 136 fixing eight issues and Firefox 138 patching 11 flaws that could enable privilege escalation and code execution.

09

A critical vulnerability in Avast Free Antivirus, tracked as CVE-2025-3500, could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access.

10

Pistachio, an automated cybersecurity training platform, raised $7 million in a Series A funding round led by Walter Ventures, with Angel Invest, Idékapital, J12 Ventures, and MP Pensjon.

Get the Daily Cybersecurity Roundup delivered to your email!