Spear-phishing uses carefully crafted, highly targeted messages to trick specific victims into giving up sensitive information—tactics now seen in APT Sidewinder’s campaigns across South Asia, where government and military entities are being spoofed through fake login pages to steal credentials. Meanwhile, researchers have uncovered large-scale distribution of SmartLoader malware, posing as legitimate GitHub repositories. Adding to the evolving threat landscape, the newly discovered Charon ransomware is targeting the Middle East’s public sector and aviation industry, deploying APT-style techniques. Continue reading for more cybersecurity news from the past 24 hours.
01
APT Sidewinder is targeting Bangladesh, Sri Lanka, Nepal, Pakistan, and Turkey via spear-phishing, spoofing government and military entities with fake login pages on platforms like Netlify and Pages.dev to steal credentials.
02
Researchers identified widespread distribution of SmartLoader malware disguised as legitimate GitHub repositories targeting game cheats, software cracks, and automation tools.
03
A targeted PowerShell-based malware campaign impacted Israeli organizations, exploiting phishing emails and obfuscated scripts to deliver a RAT. The campaign used spoofed Microsoft Teams pages and layered obfuscation to evade detection.
04
A cybercriminal group named DarkBit targeted VMware ESXi servers with ransomware, encrypting critical virtual machine files and raising concerns about potential state-sponsored cyber warfare.
05
The new Charon ransomware has been targeting Middle East public sector and aviation organizations using APT-style tactics, including DLL sideloading and process injection via legitimate binaries like Edge.exe.
06
Xerox Corporation has issued an urgent security bulletin addressing two critical vulnerabilities (CVE-2025-8355 and CVE-2025-8356) in its FreeFlow Core software that could allow unauthorized access to the system and remote code execution.
07
A vulnerability (CVE-2025-55188) has been discovered in the 7-Zip file compression utility that allows attackers to write arbitrary files and execute malicious code by exploiting improper handling of symbolic links during archive extraction.
08
Critical flaws have been uncovered in the Terrestrial Trunked Radio (TETRA) communications protocol’s end-to-end encryption, exposing it to replay and brute-force attacks that could allow adversaries to decrypt protected traffic.
09
The NCSC-NL confirmed active exploitation of CVE-2025-6543 in Citrix NetScaler ADC, a CVSS 9.2 flaw enabling control flow hijacking and DoS on Gateway or AAA virtual server configurations.
10
Identity verification startup, 1Kosmos, secured $57 million in a Series B funding round led by Bridge Bank, Forgepoint Capital, Oquirrh Ventures, and Origami Capital.
