Mobile and network-focused threats are evolving rapidly, with adversaries refining stealth and persistence techniques. Researchers identified the Dohdoor malware campaign, which leverages DNS-over-HTTPS tunneling to conceal C2 communications and slip past conventional network monitoring defenses. In parallel, the emergence of Oblivion RAT, a low-cost Android malware marketed for roughly $300, highlights the growing commoditization of mobile threats, advertising capabilities to evade built-in security protections. At the same time, ResidentBat, an Android spyware operation attributed to Belarusian KGB-linked actors, is focusing on covert data collection and intelligence gathering from targeted mobile users. Keep reading further.
01
A new Dohdoor malware campaign is using DNS-over-HTTPS (DoH) tunneling to stealthily communicate with C2 servers and evade traditional network detection controls.
02
The newly identified Oblivion RAT, a $300 Android malware offering, claims to bypass major smartphone manufacturers’ security protections while providing full remote surveillance and device control capabilities.
03
DarkCloud Infostealer, a credential-stealing malware, has been harvesting browser data, cryptocurrency wallets, and system information for underground marketplace distribution.
04
A malicious StripeAPI NuGet package was discovered in the .NET ecosystem, designed to harvest sensitive data and execute unauthorized code within developer environments through a supply chain attack.
05
ResidentBat, an Android spyware campaign attributed to Belarusian KGB-linked actors, has been targeting mobile devices for surveillance and data exfiltration.
06
1Campaign intrusion set leverages credential abuse, lateral movement, and data staging techniques to compromise enterprise cloud and on-prem environments.
07
The Hydra Saiga threat cluster is conducting covert espionage operations against critical utilities, using stealthy infiltration techniques and custom malware implants.
08
Cisco patched a zero-day vulnerability (CVE-2026-20127) in its Catalyst SD-WAN devices that had been actively exploited by highly sophisticated threat actors to gain unauthorized access and execute arbitrary commands.
09
Multiple critical vulnerabilities in Zyxel networking devices could allow unauthenticated attackers to execute arbitrary code or escalate privileges, placing exposed edge devices at significant risk.
10
A vulnerability (CVE-2026-0542) in the ServiceNow AI Platform could enable attackers to manipulate AI-driven workflows or access sensitive enterprise data through improper access controls.
