Cyber agencies across the United States and Canada have warned that PRC state-sponsored operators are actively deploying BRICKSTORM, a stealthy Go-based backdoor designed for prolonged espionage within Government and IT environments. At the same time, financially motivated actors continue to escalate their tactics, as seen in the Russia-origin Operation MoneyMount-ISO campaign, which relies on malicious ISO-mounted executables to deliver Phantom stealer. Adding to this expanding threat landscape, a new cross-platform Rust-based ransomware, 01flip, has emerged in active attacks against APAC critical infrastructure. Continue reading for more.
01
CISA, NSA, and the Canadian Cyber Centre have issued an advisory that PRC state-sponsored threat actors are deploying BRICKSTORM, a stealthy Go-based backdoor, to support long-term espionage operations across Government and IT networks.
02
A Russia-based phishing campaign, Operation MoneyMount-ISO, is distributing Phantom stealer via malicious ISO-mounted executables that harvest browser credentials, crypto wallets, and system data.
03
The CyberVolk ransomware gang has resurfaced with a Telegram-automated RaaS model but left a hardcoded master decryption key that may allow victims to recover files.
04
Attackers are actively exploiting insecure cryptography in Gladinet’s CentreStack/Triofox platforms to decrypt or manipulate sensitive enterprise file data.
05
A new Rust-based ransomware called 01flip is attacking APAC critical infrastructure and using Sliver C2 for cross-platform command and control.
06
Researchers uncovered the builder mechanics and kernel-level rootkit capabilities behind ValleyRAT, revealing its advanced modular espionage toolkit.
07
A sophisticated phishing campaign is bypassing MFA to steal Okta session tokens using salary-review-themed lures and real-time adversary-in-the-middle tactics.
08
A Hamas-associated threat group is using sophisticated phishing and DLL sideloading to deploy the AshTag malware suite against Middle Eastern diplomatic entities.
09
Notepad++ patched a vulnerability in its update mechanism that allowed attackers to push malicious update files and execute reconnaissance and data-exfiltration commands.
10
A high-risk IDOR flaw in Apache Fineract’s core banking APIs allows attackers to bypass authorization and access other customers’ financial records.
