This Christmas, cybercriminals are delivering scams instead of gifts, with AI-powered phishing campaigns flooding inboxes and social media with fake deals, charity lures, and UPS and FedEx alerts that lead to realistic fake e-commerce sites stealing user data. Alongside festive fraud, NexusRoute is abusing GitHub repositories and pages to distribute malicious Android APKs impersonating Indian government services like mParivahan and e-Challan, while the xHunt APT continues cyber-espionage against Kuwaiti critical infrastructure by exploiting Microsoft Exchange and IIS servers to deploy custom backdoors. Continue reading further for more cybersecurity updates.
01
AI-powered festive phishing has surged, with 33,500 Christmas-themed phishing emails and 10,000+ fake social ads in two weeks, using fake deals, charity lures, and UPS and FedEx delivery alerts to drive victims to convincing fake e-commerce sites that steal sensitive data.
02
NexusRoute, an Android malware and phishing campaign, is targeting Indian government platforms like mParivahan and e-Challan, using GitHub repositories and pages to distribute malicious APKs and evade app-store security.
03
A new MaaS called SantaStealer is being promoted on Telegram and hacker forums, operating in memory to avoid detection. This malware is a rebranding of BluelineStealer and is offered in two subscription tiers.
04
The xHunt APT is targeting Kuwaiti organizations across critical sectors, exploiting Microsoft Exchange and IIS servers to deploy custom backdoors such as BumbleBee and PowerShell-based tools for cyber-espionage.
05
Scammers executed a large-scale phishing campaign targeting over 6,000 organizations in two weeks by sending 40,000 spoofed emails mimicking trusted digital platforms like SharePoint and DocuSign.
06
Multiple critical vulnerabilities have been identified in FreePBX, an open-source private branch exchange platform, including an authentication bypass flaw that could allow unauthorized access to the Administrator Control Panel.
07
A critical local privilege escalation vulnerability, tracked as CVE-2025-34352, has been discovered in JumpCloud Remote Assist for Windows, affecting versions prior to 0.317.0.
08
The React2Shell vulnerability (CVE-2025-55182) is being actively exploited by threat actors to deploy malware like KSwapDoor and ZnDoor. These malware tools enable remote access, lateral movement, and data exfiltration while evading detection.
09
The PCPcat campaign targets Next.js vulnerabilities (CVE-2025-29927, CVE-2025-66478) to execute RCE and steal sensitive credentials.
10
ClickFix social engineering attacks have been exploiting the finger protocol with campaigns like KongTuke and SmartApeSG using commands involving finger.exe to retrieve malicious content.
