Threat actors are sharpening stealth and precision across financial and espionage operations. The Contagious Interview campaign is covertly compromising MetaMask browser wallets by injecting malicious code that alters transaction data and redirects cryptocurrency funds unnoticed. At the same time, the CrescentHarvest campaign, linked to an Iranian threat actor, is targeting protestors and dissidents with phishing and surveillance malware to capture sensitive communications. According to Unit 42’s 2025 findings, identity weaknesses were involved in nearly 90% of investigations, with phishing and vulnerability exploitation remaining the top initial access vectors at 22% each. Keep reading further.
01
The Contagious Interview campaign is surgically manipulating MetaMask browser wallets by injecting malicious code that alters transaction data and redirects cryptocurrency funds without the victims noticing.
02
The CRESCENTHARVEST cyber-espionage campaign, attributed to an Iranian threat actor, is targeting protestors and dissidents through phishing and surveillance malware to harvest sensitive communications.
03
Researchers demonstrated advanced reverse-engineering techniques to “pwn” sophisticated malware, exposing how attackers use layered obfuscation and evasive payload delivery mechanisms to avoid detection.
04
Chinese state-linked threat actors have been exploiting a zero-day vulnerability in Dell enterprise software since mid-2024 to gain unauthorized access and maintain persistence in targeted networks.
05
A surge in ClickFix social-engineering attacks is tricking users into running malicious DNS lookup commands that ultimately deploy the MODELRAT remote access trojan for persistent compromise.
06
Ongoing global spam campaigns are distributing a variety of malware families through phishing emails, malicious attachments, and weaponized URLs to compromise corporate and individual systems.
07
According to Unit 42, in 2025, identity vulnerabilities were implicated in nearly 90% of investigations, while nation-state actors escalated to persona-driven infiltration and AI-enabled persistence, and phishing and vulnerability exploitation remained the top initial access vectors at 22% each.
08
Security researchers analyzing ClickFix activity uncovered its use in delivering Matanbuchus loader and AstarionRAT, highlighting a growing ecosystem of malware operators leveraging social engineering for initial access.
09
A large-scale spam campaign is abusing Atlassian Jira infrastructure to distribute malicious links and payloads, exploiting trusted collaboration platforms to increase infection success rates.
10
Multiple high-risk vulnerabilities have been discovered in popular Visual Studio Code (VSCode) extensions, potentially allowing attackers to execute malicious code and compromise developer environments via poisoned updates and dependency abuse.
