Cybercriminals are ramping up their tactics with increasingly sophisticated campaigns, and Cookie Spider seems to have a sweet tooth for your data. In a recent malvertising campaign, over 300 entities were targeted as the group leveraged the Atomic macOS Stealer (AMOS) to trick victims into executing a Bash script that installed its SHAMOS variant. Meanwhile, the backdoor CORNFLAKE.V3, linked to threat groups UNC5518 and UNC5774, has been exploiting compromised websites and employing deceptive techniques to lure users. Adding to the evolving threat landscape, a new attack technique called RingReaper abuses the Linux io_uring feature to execute malicious operations directly within the kernel, allowing attackers to bypass and remain hidden from traditional EDR security solutions. Stay updated with the latest cybersecurity news from the past day.
01
Over 300 entities were targeted in a malvertising campaign by Cookie Spider, which used Atomic macOS Stealer (AMOS) to trick victims into running a Bash script that installed its SHAMOS variant.
02
CORNFLAKE.V3, a sophisticated backdoor linked to UNC5518 and UNC5774, has been using compromised websites and deceptive tactics like fake CAPTCHA pages to trick users into running downloader scripts that install the malware.
03
A newly discovered Phishing-as-a-Service (PhaaS) framework, Salty 2FA, is targeting industries across the US and EU, using advanced techniques to bypass multi-factor authentication and steal credentials, with a primary focus on Microsoft 365 accounts.
04
Cybercriminals are abusing the AI-powered website builder Lovable to generate fraudulent sites for phishing, malware delivery, and data theft, impersonating brands to distribute phishing kits and steal credentials, financial information, and cryptocurrency assets.
05
A novel attack technique named RingReaper exploits the Linux io_uring feature to execute malicious operations directly within the kernel, effectively bypassing and hiding from EDR security solutions.
06
Threat actors are exploiting the critical Apache ActiveMQ flaw (CVE-2023-46604) to gain persistent access to cloud Linux systems and deploy DripDropper malware, which requires a password to execute and covertly communicates with an attacker-controlled Dropbox account for C2.
07
Russian state-sponsored group Static Tundra, tied to the FSB’s Center 16, has been exploiting unpatched and end-of-life Cisco devices using CVE-2018-0171, SNMP abuse, and the SYNful Knock firmware implant to maintain persistent access for long-term intelligence gathering.
08
Microsoft released emergency out-of-band updates to fix issues introduced by the August 2025 security patches that caused failures in reset and recovery processes on Windows 10 and older Windows 11 versions.
09
A new exploit targeting SAP NetWeaver vulnerabilities (CVE-2025-31324 and CVE-2025-42999) enables authentication bypass through malicious file uploads and remote code execution via insecure deserialization by privileged users.
10
Seemplicity, an exposure management solutions provider, secured $50 million in a Series B funding round led by Sienna Venture Capital, with support from Essentia Venture Capital, Glilot Capital Partners, NTTVC, and S Capital.
