Threat actors are stepping up their operations with persistent browser compromises, sophisticated RAT packages, and MaaS-driven ransomware campaigns. The ShadyPanda group spent seven years deploying malicious browser extensions to compromise 4.3 million Chrome and Edge users with spyware and backdoor malware. Meanwhile, a new “K.G.B RAT + Crypter + HVNC” toolkit is being marketed on dark web forums as a high-end Windows RAT with strong evasion and persistence. And threat actors are leveraging the Matanbuchus MaaS downloader to deliver ransomware and sustain access on infected systems. Keep reading further for more news.
01
A seven-year campaign by the ShadyPanda group used browser extensions to infect 4.3 million Chrome and Edge users with malware, including spyware and backdoors.
02
A new malware toolkit, "K.G.B RAT + Crypter + HVNC," is being promoted on dark web forums as a premium Windows RAT with advanced evasion and persistence features.
03
MuddyWater has been targeting critical infrastructure in Israel and Egypt using a custom loader, Fooder, which masquerades as the Snake game and executes the MuddyViper backdoor.
04
Researchers discovered a malicious Rust package named "evm-units," uploaded to crates[.]io, targeting Windows, macOS, and Linux systems. It masquerades as an Ethereum Virtual Machine helper tool.
05
Glassworm malware has returned in its third wave, with 24 new malicious packages targeting OpenVSX and Microsoft Visual Studio marketplaces.
06
The Justice Department announced the seizure of the domain tickmilleas[.]com, which was associated with cryptocurrency investment fraud (CIF) scams operated by the Tai Chang scam compound in Burma.
07
Threat actors are exploiting the Matanbuchus downloader, a Malware-as-a-Service (MaaS) tool, to deliver ransomware and maintain persistence on compromised systems.
08
Google released a security update for Android in December 2025, addressing 107 vulnerabilities, including two critical ones actively exploited in the wild. These include an information disclosure flaw (CVE-2025-48633) and an elevation of privilege vulnerability (CVE-2025-48572).
09
A new vulnerability (CVE-2025-64775) in Apache Struts can enable attackers to launch disk exhaustion attacks, causing servers to malfunction. The flaw stems from improper handling of multipart requests, leading to the creation of large temporary files that fill up disk space.
10
Three critical vulnerabilities (CVE-2025-10155, CVE-2025-10156, CVE-2025-10157) in the Picklescan utility were disclosed, allowing malicious actors to execute arbitrary code by bypassing protections when loading untrusted PyTorch models.
