APTs move stealthily and strategically to outlast defenses like UAT-7237, a Chinese-speaking group recently caught targeting Taiwan’s web infrastructure to deploy shellcodes, including Cobalt Strike. Meanwhile, Blue Locker ransomware operators are striking Pakistan’s government agencies and the oil and gas sector via phishing emails and PowerShell-based loaders. Adding to the threat landscape, scammers are capitalizing on the back-to-school rush using social media ads and AI tools to defraud families hunting for school supply deals. Keep reading for more cybersecurity news from the weekend.
01
UAT-7237, a Chinese-speaking APT, was found targeting Taiwan’s web infrastructure using open-source and custom tools along with its SoundBill loader to deploy shellcodes, including Cobalt Strike.
02
Blue Locker ransomware is targeting Pakistan’s government institutions and the oil and gas sector using PowerShell-based loaders and phishing emails to deliver its payload, encrypt files, and extort ransom.
03
Researchers uncovered malicious PyPI and npm packages, including termncolor and colorinal, that use DLL side-loading to deploy malware, steal data, communicate via Zulip, infect Linux systems, and persist through Windows registry entries.
04
A Pakistan-based network used pirated software, SEO poisoning, forum spam, and PPI networks to spread Lumma, AMOS, and Meta stealers, stealing sensitive data from 10M+ victims worldwide, generating $4.67M, and ultimately exposing themselves through their own malware.
05
Scammers are exploiting the back-to-school season with fake websites, counterfeit products, and fraudulent delivery notices, using social media ads and AI tools to steal money and personal information from families seeking deals.
06
A critical flaw (CVE-2025-20217) in Cisco’s Secure Firewall Threat Defense Software allows remote attackers to trigger DoS attacks by exploiting improper traffic processing in the Snort 3 Detection Engine, causing infinite loops and temporary service disruptions despite automatic recovery.
07
A critical 0-day in Elastic’s EDR kernel driver lets attackers turn the trusted security tool into a weapon, exploiting the system it is meant to protect by enabling malware-like behavior.
08
Rockwell Automation disclosed a critical flaw (CVE-2025-7353) in its ControlLogix Ethernet modules, where an insecurely configured web-based debugger agent allows remote attackers to gain unauthorized access, manipulate memory, and execute malicious code on industrial control systems.
09
Researchers disclosed "MadeYouReset" (CVE-2025-8671), a critical HTTP/2 flaw that enables massive DDoS attacks by bypassing concurrency limits and evading prior mitigations, forcing servers to automatically cancel requests with minimal attacker resources.
10
Accenture announced the acquisition of Australian cybersecurity services provider, CyberCX, in a deal valued at around $660 million (over A$1 billion).
