GitHub users are walking into a trap. A new malware campaign called GitVenom is flooding the platform with fake repositories, luring in gamers and crypto investors under the guise of open-source projects. China’s Silver Fox APT is hunting in the healthcare sector. A new cyberespionage campaign is exploiting Philips DICOM viewers, deploying ValleyRAT and more. Over two million WordPress sites are exposed, owing to a severe flaw in the Essential Addons for Elementor plugin. Here are the top 10 highlights from the past 24 hours.
01
A malware campaign named GitVenom has been targeting GitHub users, particularly gamers and crypto investors. The campaign involves hundreds of fake GitHub repositories, disguised as open-source projects.
02
The Chinese Silver Fox APT launched a new cyberespionage campaign targeting Philips DICOM viewers in healthcare environments, deploying ValleyRAT, a keylogger, and a crypto miner.
03
A severe RCE vulnerability, CVE-2025-27364, has been discovered in MITRE's Caldera security training platform. This bug affects all versions of Caldera, except for the latest fixed versions 5.1.0+ or those in the master source branch.
04
A new malware delivery framework has evaded detection by security tools for over 48 hours, deploying either XWorm or AsyncRAT.
05
TgToxic is an evolving Android banking trojan, showing signs of geographical expansion to Europe and Latin America, with the potential to steal user credentials, cryptocurrency, and funds from banking and finance apps.
06
A critical security vulnerability, CVE-2025-24752, in the Essential Addons for Elementor plugin, used by over two million WordPress websites, has left sites vulnerable to script injection attacks through malicious URL parameters.
07
The Have I Been Pwned service has added over 284 million compromised accounts to its database, which were stolen by info-stealers and found on a Telegram channel named ALIEN TXTBASE.
08
Cybercriminals are using phishing campaigns with fake viral video links to trick users into downloading malware, relying on social engineering and multiple malicious website redirections.
09
An updated version of the LightSpy spyware has been discovered, which now targets social media platforms like Facebook and Instagram, with enhanced data collection features.
10
A malicious PyPI package called automslc has been downloaded over 100,000 times and is designed to enable unauthorized music downloads from the popular streaming service Deezer.
