When deception becomes the delivery mechanism, even routine troubleshooting and meeting invites can turn into attack vectors. The Matryoshka ClickFix campaign is targeting macOS users by convincing them to execute malicious terminal commands under the pretext of resolving browser issues. In a similar vein, attackers are distributing malware through fraudulent meeting invitations impersonating platforms like Zoom, Microsoft Teams, and Google Meet, prompting victims to download what appear to be mandatory updates that are actually malicious installers. Meanwhile, the LockBit ransomware group has escalated its operations with LockBit 5.0, expanding its reach across Windows, Linux, and VMware ESXi environments. Continue reading for more cybersecurity updates.
01
The Matryoshka ClickFix campaign is delivering a macOS information stealer by tricking users into running malicious terminal commands under the guise of fixing browser issues.
02
Attackers leverage fake meeting invites impersonating popular video conferencing platforms such as Zoom, Microsoft Teams, and Google Meet to lure victims into downloading malicious payloads disguised as mandatory software updates.
03
Threat actors abused Google Ads to impersonate Claude AI, redirecting macOS users to fake download sites that deploy MacSync malware through the ClickFix social engineering technique.
04
The LockBit ransomware group has launched LockBit 5.0, targeting Windows, Linux, and VMware ESXi systems, reinforcing its multi-platform double-extortion operations.
05
A spike in phishing campaigns has been linked to abuse of the DreamFlow app ecosystem, where attackers impersonate services and leverage convincing lures to harvest user credentials.
06
Google addressed CVE-2026-2441, a high-severity Google Chrome zero-day vulnerability actively exploited in the wild, which allowed attackers to execute arbitrary code via a browser flaw.
07
A severe vulnerability (CVE-2026-25108) in FileZen file-sharing software enables attackers to execute arbitrary system commands remotely if the service is improperly secured.
08
Researchers uncovered ZeroDayRAT, a new cross-platform spyware capable of targeting both Android and iOS devices, enabling surveillance, data theft, and remote command execution.
09
The Notepad++ update server was compromised by the Lotus Blossom group to redirect traffic and target government, telecom, energy, financial, and manufacturing sectors across multiple regions.
10
A critical flaw in Airleader wireless management systems could allow unauthenticated attackers to gain administrative control and execute arbitrary commands on affected devices.
