High-profile organizations worldwide are facing a surge in sophisticated cyber threats, with attackers leveraging custom malware, evasive scripts, and convincing scams to infiltrate targets. The Crypto24 ransomware group has been striking large corporations and enterprise-level entities across Asia, Europe, and the U.S. with tailored malware attacks. Meanwhile, a WordPress campaign is exploiting the WPCode plugin to inject full-screen iframes from malicious domains, using advanced evasion techniques such as anti-debugging and console overrides to remain undetected. Moreover, scammers posing as Netflix HR are deceiving job seekers with fake marketing roles, redirecting them to spoofed sites designed to steal Facebook credentials through live interception. Keep reading for more cybersecurity news.
01
Crypto24 ransomware group has been targeting high-profile entities within large corporations and enterprise-level organizations across Asia, Europe, and the U.S. with custom malware.
02
A malware campaign is targeting WordPress sites via the WPCode plugin, injecting a full-screen iframe from malicious domains and using anti-debugging and console overrides to evade detection.
03
PhantomCard, a new Android NFC-based Trojan, is targeting banking customers in Brazil, relaying NFC data from victims’ cards to fraudsters’ devices.
04
A malvertising campaign is spreading PS1Bot, a modular PowerShell and C# malware capable of info-stealing, keylogging, and maintaining persistent access.
05
Researchers discovered a FIDO downgrade attack targeting Microsoft Entra ID, forcing users to authenticate with weaker methods, thus exposing them to phishing and session hijacking risks.
06
CrossC2, an unofficial extension of Cobalt Strike Beacon, has been used in cross-platform attack campaigns targeting Linux and macOS systems.
07
Scammers impersonating Netflix HR are targeting job seekers with phishing emails for fake marketing roles, directing them to a spoofed site to steal Facebook credentials through live interception.
08
Fortinet has issued a warning about a critical FortiSIEM flaw (CVE-2025-25256) with active exploit code that enables remote unauthenticated command injection via crafted CLI requests across multiple versions.
09
A critical vulnerability has been discovered in the Android rooting tool KernelSU v0.5.7 that allows attackers to gain full root access and compromise devices.
10
The CISA added two actively exploited N-able N-central flaws—CVE-2025-8875 (insecure deserialization enabling command execution) and CVE-2025-8876 (command injection via poor input sanitization)—to its KEV catalog.
