Cybercriminals continue to blur the lines between trusted and malicious infrastructure. A stealthy AsyncRAT campaign has been leveraging Python scripting and TryCloudflare tunnels to evade detection. The attack unfolds through a chain of phishing emails, Dropbox links, and multi-layered scripts. A single flaw can be the key to widespread compromise. Russian threat actors took advantage of a zero-day in 7-Zip, to distribute SmokeLoader in targeted attacks on Ukrainian entities. Mac users are no longer safe from the growing wave of info-stealers. Three malware strains are actively targeting victims across industries, harvesting everything from credentials to intellectual property. Read on for more.
01
Forcepoint’s X-Labs research team discovered a new malware campaign using AsyncRAT with Python scripting and TryCloudflare tunnels to stealthily deliver malicious payloads.
02
Russian threat actors exploited the CVE-2025-0411 bug in 7-Zip in a SmokeLoader malware campaign targeting Ukrainian entities in September 2024.
03
A malicious typosquat package impersonating the popular BoltDB database module was discovered in the Go ecosystem, containing a backdoor for remote code execution.
04
Vietnamese cybercrime group XE Group has expanded beyond credit card skimming to exploiting at least two zero-day vulnerabilities in VeraCore, an enterprise software used by fulfillment companies and e-retailers.
05
Threat actors are exploiting the popularity of DeepSeek to promote two malicious info-stealer packages on PyPI, named deepseeek and deepseekai.
06
Three prevalent macOS info-stealers—Atomic, Poseidon, and Cthulhu—are targeting users across multiple regions and industries, stealing sensitive information like credentials, financial data, and intellectual property.
07
The February 2025 Android security updates fix 48 vulnerabilities, including a high-severity zero-day flaw (CVE-2024-53104) in the Android Kernel's USB Video Class driver.
08
Check Point observed a 58% surge in info-stealer attacks targeting organizations in the EMEA region, over the past year, with over 10 million stolen credentials available for sale in underground markets.
09
As per VulnCheck, 768 CVE-identified vulnerabilities were exploited in 2024, a 20% increase from 2023. Moreover, 23.6% of known exploited vulnerabilities were weaponized on or before their public disclosure.
10
Employee security posture management platform Riot raised $30 million in a Series B round led by Left Lane Capital, with participation from existing investors.
