Building on the surge in sophisticated, multi-vector cyber campaigns, China-linked threat activity continues to evolve in both scale and deception. The state-aligned group Ink Dragon, also tracked as Jewelbug, has been conducting targeted intrusions against government and enterprise networks across Europe, Asia, and Africa. In parallel, threat actors are leveraging refined social engineering tactics, with the “ClickFix” campaign luring victims into installing DarkGate malware via fraudulent “Word Online” error prompts. Separately, researchers have uncovered the GhostPoster campaign, which stealthily embeds malicious JavaScript within Firefox extension logos. Keep reading further.
01
China-linked hacking group Ink Dragon, also known as Jewelbug, has been targeting governments and organizations across Europe, Asia, and Africa to drop advanced malware like ShadowPad and FINALDRAFT.
02
A sophisticated social engineering campaign called “ClickFix” is tricking users into installing the DarkGate malware through deceptive “Word Online” error messages.
03
Cellik, a newly discovered Android RAT, enables advanced device control, surveillance, and data theft by stealthily embedding itself within legitimate Google Play Store applications for malware distribution.
04
A new campaign named GhostPoster has been discovered, which conceals malicious JavaScript within the logos of Firefox extensions, affecting over 50,000 downloads.
05
Researchers uncovered a sophisticated BlindEagle phishing campaign targeting a Colombian government agency, using compromised email accounts, steganography, and malware such as Caminho and DCRAT to execute a multi-layered attack chain.
06
Russian GRU hackers now exploit misconfigured devices instead of software vulnerabilities, targeting critical infrastructure globally. The attackers focus on enterprise routers, VPN gateways, and cloud-hosted appliances, often due to customer misconfiguration.
07
Parked domains have become major malware and phishing vectors, with over 90% serving harmful content as attackers exploit lookalike domains, typos, and traffic distribution systems to create a false sense of security.
08
Threat actors are actively exploiting two critical security flaws in Fortinet FortiGate devices, identified as CVE-2025-59718 and CVE-2025-59719, that allow for unauthenticated SSO login bypass.
09
CISA has identified a critical zero-day vulnerability (CVE-2025-43529) in Apple’s WebKit rendering engine, which affects multiple Apple platforms, including iOS, iPadOS, and macOS, as well as third-party applications that utilize WebKit for HTML processing.
10
A critical flaw (CVE-2025-34352) in JumpCloud Remote Assist for Windows enables local privilege escalation and DoS by abusing unsafe SYSTEM-level file operations during uninstallation.
