A recent wave of cyber incidents highlights growing threats across consumer devices, mobile platforms, and ransomware ecosystems. In South Korea, attackers infiltrated close to 120,000 home and business security cameras, later selling the captured footage on dark web marketplaces. Meanwhile, a newly identified Android malware strain known as FvncBot is targeting Polish users. Compounding these risks, a new “packer-as-a-service” tool called Shanya has surfaced, providing ransomware operators with a turnkey method for obfuscating payloads. Keep reading further for more news.
01
A large-scale hacking campaign in South Korea compromised nearly 120,000 home and business security cameras by exploiting default passwords, outdated firmware, and misconfigured remote-access settings, with stolen footage later sold on the dark web.
02
A new Android malware, FvncBot, has been targeting Polish users and abuses Android’s accessibility services for keylogging, screen streaming, and hidden virtual network computing (HVNC).
03
Warp Panda, a China-linked cyber-espionage group, has been found targeting North American legal, technology, and manufacturing firms to support Chinese government priorities.
04
A sophisticated new cybercriminal tool called Shanya has emerged as a "packer-as-a-service" solution, enabling ransomware operators to bypass endpoint defenses and deploy malware.
05
LockBit 5.0 ransomware group's infrastructure has been exposed, revealing an IP address (205.185.116.233) and a domain (karma0.xyz) linked to their latest leak site. The server is hosted under AS53667 (PONYNET) and displays a DDoS protection page branded with "LOCKBITS.5.0."
06
Two malicious Go packages, github[.]com/bpoorman/uuid and github[.]com/bpoorman/uid, impersonate Google’s UUID library, exfiltrating data to a paste site.
07
"IDEsaster" vulnerability impacts nearly all AI IDEs and coding assistants using the same base IDE, affecting millions of users. Over 30 security vulnerabilities were identified, with 24 CVEs assigned, affecting market-leading products like GitHub Copilot, Cursor, and Claude Code.
08
A critical security vulnerability in the Sneeit Framework plugin for WordPress (CVE-2025-6389) is being actively exploited, allowing unauthenticated attackers to execute remote code, create malicious admin accounts, and inject backdoors.
09
Hackers are exploiting a command injection vulnerability in Array Networks AG Series VPN devices to plant webshells and create unauthorized user accounts.
10
A critical flaw (CVE-2025-66489) in Cal[.]com allows attackers to bypass authentication using fake TOTP codes. The vulnerability stems from incorrect conditional logic in the authorize() function, skipping password verification when a TOTP code is provided.
