The Underground ransomware gang is picking locks on global companies with a masterful encryption blend since July 2023. Blind Eagle is casting a wide net over Colombian government entities with five cunning activity clusters from May 2024 to July 2025. Citrix is slamming the door on a zero-day nightmare with patches for three NetScaler vulnerabilities, including a critical remote code execution flaw. Catch up on today’s top cybersecurity developments.
01
MixShell malware is being distributed through U.S. supply chain manufacturers' website contact forms, using social engineering tactics to build trust before delivering malicious ZIP files.
02
Blind Eagle conducted five distinct activity clusters targeting Colombian government entities from May 2024 to July 2025, using RATs, phishing lures, and dynamic DNS infrastructure.
03
ESET has discovered PromptLock, the first AI-driven ransomware that utilizes OpenAI’s gpt-oss:20b model to generate and execute malicious Lua scripts for scanning, stealing, and encrypting files on multiple platforms.
04
The Underground ransomware gang has been actively targeting companies worldwide, including South Korea, across various industries since July 2023.
05
China-linked Silk Typhoon APT group targeted diplomats globally by hijacking web traffic to deliver malware using advanced adversary-in-the-middle (AitM) techniques.
06
Citrix patched three vulnerabilities in NetScaler ADC and Gateway, including CVE-2025-7775, a critical remote code execution flaw actively exploited as a zero-day vulnerability.
07
A new malware campaign is exploiting Indonesia's state pension fund, TASPEN, by deploying a malicious Android application disguised as an official portal.
08
A novel phishing campaign exploits ConnectWise ScreenConnect, a legitimate remote monitoring and management (RMM) tool, to take control of end-user devices.
09
A new attack named Sni5Gect has been developed by researchers at the Singapore University of Technology and Design, allowing hackers to downgrade 5G connections to 4G without needing a rogue base station.
10
ENISA will manage a €36 million ($42 million) EU-wide incident response initiative to address major cyberattacks under the EU Cybersecurity Reserve, established by the Cyber Solidarity Act.
