Cybercriminal activity is escalating on multiple fronts, with a large-scale campaign dubbed ShadowCaptcha hijacking over 100 WordPress sites to funnel visitors into fake CAPTCHA pages that deliver ransomware, infostealers, and cryptominers. At the same time, the China-linked UNC6384 group is intensifying its focus on diplomats in Southeast Asia and beyond to stealthily deliver PlugX malware. Adding to the threat landscape, researchers have uncovered how image scaling flaws in AI systems can be abused to conceal prompt injections that only emerge during downscaling. Catch up on today’s top cybersecurity developments.
01
A large-scale cybercrime campaign named ShadowCaptcha exploits over 100 WordPress sites to redirect visitors to fake CAPTCHA pages, delivering ransomware, information stealers, and cryptocurrency miners.
02
China-nexus group UNC6384 is targeting diplomats in Southeast Asia and beyond with advanced social engineering and AitM attacks, using signed certificates and a fake Adobe Plugin update (STATICPLUGIN) to deliver PlugX malware.
03
Researchers have discovered Hook v3, an advanced Android banking trojan with 107 remote commands, overlays, lock screen bypass, screen streaming, and Telegram/RabbitMQ C2, abusing Accessibility Services for data theft and device control.
04
A phishing campaign is distributing the UpCrypter malware loader via fake voicemail and purchase order emails with malicious URLs, targeting manufacturing, technology, healthcare, and retail sectors.
05
Attackers are exploiting image scaling flaws in AI systems to hide prompt injections that surface during downscaling, enabling data exfiltration across platforms like Google Gemini CLI, Vertex AI Studio, Google Assistant, and Genspark.
06
A critical vulnerability in Docker Desktop for Windows and macOS, identified as CVE-2025-9074, allows attackers to hijack host systems by running malicious containers, even with Enhanced Container Isolation (ECI) enabled.
07
A zero-day vulnerability in Google Chrome (CVE-2025-5419) has been publicly exploited, targeting versions before 137.0.7151.68. A PoC exploit has been published on GitHub, allowing attackers to reproduce and weaponize the flaw.
08
CISA added three actively exploited flaws to its KEV catalog—two in Citrix Session Recording (CVE-2024-8068, CVE-2024-8069), enabling privilege escalation and limited RCE, and one in Git (CVE-2025-48384), allowing arbitrary code execution via config file handling.
09
Ontic, a connected security intelligence software platform, secured $230 million in a Series C funding round led by KKR, with participation from JMI Equity, Silverton Partners, Ridge Ventures, and Ten Eleven Ventures.
10
RedMimicry, a startup focused on realistic cyberattack simulations, secured undisclosed seed funding led by HTGF with backing from Capital Square, Superangels, and other business angels.
