Cybercriminals are finding new ways to infiltrate systems, from stealthy Android malware to rapidly weaponized exploits. CYFIRMA researchers uncovered SpyLend, an Android spyware masquerading as a financial tool on Google Play, with 100,000 downloads targeting Indian users. Meanwhile, GhostSocks, a Golang-based SOCKS5 backconnect proxy, is fueling cybercrime through a MaaS model, tightly integrated with LummaC2. In a high-speed ransomware assault, LockBit operators leveraged a critical Atlassian Confluence flaw, deploying ransomware within just two hours of exploitation. Read on for more.
01
CYFIRMA researchers discovered an Android malware, SpyLend, disguised as a financial tool on Google Play, which has been downloaded 100,000 times, primarily targeting Indian users.
02
GhostSocks, a Golang-based SOCKS5 backconnect proxy malware, is being sold under a MaaS model, making it easily accessible to cybercriminals, with deep integration with LummaC2.
03
LockBit ransomware operators exploited a critical vulnerability in Atlassian Confluence servers, leading to a swift and highly coordinated attack that resulted in the deployment of ransomware within two hours.
04
A critical SQL injection vulnerability (CVE-2025-26794) has been discovered in the Exim mail transfer agent, specifically in version 4.98 installations that use SQLite for hints databases.
05
A new malware campaign was found using Null-AMSI to bypass Windows security defenses and deploy AsyncRAT, effectively evading traditional security tools and establishing persistent access to compromised systems.
06
The WEF annual meeting in Davos-Klosters, Switzerland, witnessed a significant rise in DDoS attacks, with over 1,400 incidents recorded, a near doubling of activity compared to the previous month.
07
Lazarus targeted crypto exchange Bybit in a sophisticated attack, resulting in the theft of $1.5 billion worth of cryptocurrency from one of its offline wallets.
08
The CISA warned about a high-severity remote code execution flaw (CVE-2025-23209) in Craft CMS versions 4 and 5, which is being exploited in attacks.
09
Threat actors are impersonating professional Counter-Strike 2 players on YouTube livestreams, promoting fake skin and cryptocurrency giveaways to steal gamers' Steam accounts and cryptocurrency.
10
Scammers are exploiting PayPal's address settings to send fake purchase notifications, tricking users into granting remote access to their devices.
