Remote work has opened unprecedented doors for global talent, but it has also created new entry points for threat actors, as evidenced by North Korean operatives linked to the Lazarus group using stolen identities and deepfake tools to infiltrate Western companies through fraudulent IT job schemes. Meanwhile, Storm-0900 launched a massive phishing wave over Thanksgiving, exploiting distraction with fake parking ticket and medical test alerts. In parallel, researchers reported a spike in “ClickFix” attacks that trick users with bogus ChatGPT Atlas installers designed to deliver password-stealing malware. Continue reading for more news.
01
North Korean IT recruiters tied to the Lazarus group are using stolen identities, AI-driven deepfakes, and covert hiring schemes to infiltrate Western companies by paying engineers to rent out their identities for remote tech jobs.
02
A large-scale phishing campaign by Storm-0900 targeted users during Thanksgiving, using parking ticket and medical test themes to exploit urgency and distractions.
03
The Water Saci malware campaign in Brazil is using AI-enhanced, multi-format infection chains delivered through WhatsApp and leveraging malicious HTA, ZIP, and PDF files to propagate malware while evading detection.
04
BPFDoor and Symbiote Linux rootkits that utilize stealthy techniques, encompassing protocol and port expansion, IPv6 capabilities, and DNS traffic concealment to evade detection by sophisticated threat actors.
05
A sophisticated “Executive Award” phishing scam is targeting company leaders with emails impersonating recognition notices that direct victims to a malicious HTML page for credential theft and malware deployment.
06
Cybersecurity researchers uncovered a surge in the ClickFix attack, a social engineering tactic using fake ChatGPT Atlas installers to deploy password-stealing malware.
07
A critical privilege escalation vulnerability (CVE-2025-8489) in the King Addons for Elementor WordPress plugin is being exploited, allowing attackers to gain administrative permissions during user registration.
08
A critical security flaw (CVE-2025-55182) has been discovered in React Server Components that allows unauthenticated remote code execution due to unsafe deserialization of payloads.
09
A newly discovered Windows LNK 0-day vulnerability is being exploited by hackers, particularly targeting diplomatic organizations. The flaw allows attackers to hide malicious commands within shortcut files, making them appear harmless.
10
A vulnerability has been discovered in Claude Skills that allows malicious actors to weaponize legitimate Skills for ransomware attacks.
