Researchers are tracking multiple active campaigns, including Operation FrostBeacon, a coordinated set of intrusions targeting Russian finance and legal organizations. Another ongoing threat, JS#SMUGGLER, relies on layers of obfuscated JavaScript, hidden iframes, and silent redirect mechanisms to drop NetSupport RAT onto compromised systems. At the same time, investigators have identified malicious supply-chain activity in the development ecosystem, uncovering two harmful VS Code extensions that masquerade as legitimate tools while stealing credentials, capturing screens, exfiltrating Wi-Fi passwords, hijacking browser sessions, and mining cryptocurrency. Continue reading for more news.
01
Operation FrostBeacon, a multi-cluster campaign, is targeting Russian finance and legal sectors using Cobalt Strike Beacon delivered through phishing lures exploiting CVE-2017-0199 and CVE-2017-11882.
02
The JS#SMUGGLER campaign is using obfuscated JavaScript, hidden iframes, and silent redirect chains to ultimately deploy the NetSupport RAT on victim systems.
03
A series of coordinated attacks against U.S. organizations is leveraging diverse malware and large-scale phishing as part of a broader organized cyber campaign.
04
The STAC6565 campaign, attributed to the GOLD BLADE threat actor, has targeted Canadian entities in roughly 80% of observed intrusions across multiple sectors.
05
Recent analyses highlight how attackers continue to weaponize QuasarRAT, a modular .NET remote-access trojan with spying, credential theft, and persistence capabilities.
06
The newly discovered Broadside Botnet, a Mirai variant, exploits maritime DVR vulnerabilities such as CVE-2024-3721 to compromise shipping and logistics IoT devices.
07
Researchers uncovered two malicious VS Code extensions—“Bitcoin Black” and “Codo AI”—used to steal credentials, capture screens, hijack browser sessions, exfiltrate WiFi passwords, and mine crypto.
08
Two critical Ruby SAML vulnerabilities (CVE-2025-66567 and CVE-2025-66568) affect versions up to 1.12.4, enabling Signature Wrapping, Digest Bypass, and Signature Replay attacks through parser inconsistencies in ReXML/Nokogiri and a Libxml2 canonicalization flaw.
09
A critical Apache Tika vulnerability, CVE-2025-66516, exposes servers to XXE-based data exfiltration and potential remote code execution.
10
The FBI warns that virtual kidnapping scams are using manipulated social media photos to create fake proof-of-life images, enabling criminals to extort ransom payments without carrying out any real abduction.
