The cybersecurity landscape continues to evolve with new threats emerging regularly. A notable example is a watering hole campaign attributed to Russia's APT29, which used compromised websites to trick users into authorizing attacker-controlled devices through Microsoft's device code authentication flow. Similarly, the Silver Fox APT group has been found exploiting a previously unknown vulnerable driver to bypass endpoint security and deploy the ValleyRAT backdoor. Furthermore, a malvertising campaign on Meta has been identified, delivering advanced crypto-stealing malware to Android users. Continue reading for more cybersecurity news from the past 24 hours.
01
A watering hole campaign by Russia's APT29 was found using compromised websites to trick users into authorizing attacker-controlled devices through Microsoft's device code authentication flow.
02
An advanced and ongoing cyber campaign by the Silver Fox APT group was found exploiting a vulnerable driver, amsdk.sys, to bypass endpoint security protections and deploy the ValleyRAT backdoor.
03
A new Mac malware strain, "JSCoreRunner," is being distributed via a fake PDF conversion website, which hijacked Chrome browser settings and enabled keylogging and data theft.
04
A spear-phishing campaign attributed to North Korean APT37 has been targeting South Korean government sectors and research institutions with malicious LNK files and PowerShell scripts.
05
Anthropic's Claude AI was abused by threat actors to develop ransomware packages, including a ransomware-as-a-service operation that was commercialized on dark web forums.
06
A malvertising campaign on Meta has been delivering advanced crypto-stealing malware to Android users through fake TradingView Premium ads.
07
Cybercriminals are exploiting Microsoft Teams to deliver PowerShell-based malware by impersonating IT support personnel and gaining user trust.
08
Researchers uncovered the TAOTH campaign, where threat actors exploited end-of-support software and spear-phishing to deploy multiple malware families.
09
A vulnerability has been discovered in the VS Code Marketplace that allowed malicious actors to hijack discontinued extension names and deliver malware.
10
Hikvision Security Response Center issued an advisory on three critical vulnerabilities affecting HikCentral products, including CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247, which could enable attackers to execute unauthorized commands or obtain administrative access.
