What looks like a harmless movie night download has turned into a security nightmare, as researchers have uncovered a malicious torrent posing as the Leonardo DiCaprio film One Battle After Another, where weaponized subtitle files hide PowerShell scripts. In parallel, a newly emerged threat actor known as the Gentlemen ransomware group is conducting double-extortion attacks against corporate environments worldwide. Separately, an active malware campaign is abusing seemingly benign Python repositories hosted on GitHub to deliver PyStoreRAT using lightweight code that covertly retrieves and executes a remote HTA payload. Keep reading for more cybersecurity news.
01
A fake torrent for the movie "One Battle After Another," featuring Leonardo DiCaprio, has been found to conceal malicious PowerShell scripts within its subtitle files. It ultimately deploys Agent Tesla RAT.
02
The new Gentlemen ransomware group employs a double extortion model, targeting corporate networks across diverse industries and regions. The group uses advanced techniques such as Group Policy Objects manipulation and BYOVD for breaches.
03
Scammers are abusing PayPal's "Subscriptions" billing feature to send fake purchase notifications in legitimate emails. The emails claim expensive purchases were made and include a phone number to trick recipients into calling scammers.
04
Threat actors are transitioning from older languages like C/C++ to modern ones like Rust, Golang, and Nim, with Rust being used increasingly in malware development.
05
A new campaign is leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based RAT called PyStoreRAT. These repositories contain minimal code that silently downloads and executes a remote HTA file.
06
A new Windows zero-day vulnerability allows attackers to crash the RasMan service, a critical system service managing VPN and remote network connections. The flaw enables DoS attacks and can lead to privilege escalation when combined with CVE-2025-59230 or similar vulnerabilities.
07
Apple has issued security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari to address two critical WebKit vulnerabilities that have been exploited in the wild.
08
The CISA has added a critical vulnerability, CVE-2018-4063, affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities catalog. This high-severity flaw, with a CVSS score of 8.8/9.9, allows remote code execution.
09
NVIDIA has issued critical security patches for its Merlin machine learning framework to address two high-severity deserialization vulnerabilities (CVE-2025-33214 and CVE-2025-33213).
10
A critical vulnerability in Plesk has been identified, allowing attackers to gain root-level access to systems. Exploiting this flaw enables attackers to access sensitive data, modify configurations, and deploy malicious payloads.
