Threat actors continue to exploit trust and access across both software supply chains and human networks, as seen in multiple recent campaigns. A malicious npm package named “lotusbail,” downloaded more than 56,000 times, masquerades as a legitimate WhatsApp API while covertly harvesting credentials. In parallel, the SideWinder APT group is actively targeting Indian organizations by posing as the Income Tax Department. Compounding these technical attacks, insider recruitment has emerged as a growing risk, with employees in banks, telecoms, and technology firms being solicited on darknet forums. Continue reading for more cybersecurity news.
01
The "lotusbail" npm package, downloaded over 56,000 times, pretends to be a legitimate WhatsApp API but contains malware that steals credentials, messages, and contact lists.
02
SideWinder APT is targeting Indian entities by impersonating the Income Tax Department in a phishing campaign using DLL side-loading with legitimate Microsoft Defender binaries to evade detection.
03
MacSync Stealer has evolved from basic drag-to-terminal tricks into a sophisticated, code-signed Swift application delivered via disk images that fetches and executes encoded scripts from remote servers with minimal user interaction.
04
DIG AI, an uncensored darknet AI assistant accessible via the TOR network, is being leveraged by cybercriminals to automate fraud, malware development, and illegal content creation by bypassing standard safety and content moderation controls.
05
Hackers are abusing the open-source Nezha server monitoring tool as a stealthy RAT to bypass security controls and remotely manage compromised systems worldwide due to its low antivirus detection and easy deployment.
06
Insider recruitment is an escalating cyber threat against banks, telecoms, and technology firms, where employees are recruited via darknet forums to sell access or sensitive data for $3,000–$15,000, making such attacks difficult to detect and prevent.
07
Microsoft’s Windows Imaging Component has a critical flaw (CVE-2025-50165) that allows RCE via specially crafted JPG images using 12-bit or 16-bit color depth, caused by an uninitialized function pointer in the jpeg_finish_compress function.
08
Microsoft has fixed a critical Windows Brokering File System vulnerability (CVE-2025-29970) that could enable local privilege escalation due to a use-after-free flaw caused by improper memory handling in the BfsCloseStorage function.
09
A proof-of-concept exploit has been released for a critical Linux kernel use-after-free flaw (CVE-2025-38352) in POSIX CPU timers that exploits a race condition during task transition to the zombie state, leading to kernel memory corruption on 32-bit Android devices.
10
A critical n8n workflow automation vulnerability (CVE-2025-68613) could allow authenticated users to execute arbitrary code on affected versions (0.211.0 to <1.120.4), exposing over 103,000 instances globally before being patched.
