As the new year begins, threat actors are accelerating sophisticated social engineering and malware campaigns, abusing trusted platforms like Google’s cloud services to deliver phishing emails that bypass security controls. In parallel, credential-focused attacks continue to evolve, with the VVS Stealer malware targeting Discord users through obfuscated Python payloads. A separate phishing campaign is actively targeting Cardano users with fraudulent “Eternl Desktop” wallet update emails. Keep reading for more cybersecurity updates.
01
Attackers are exploiting Google’s cloud infrastructure and applications, like Google Tasks, to deliver phishing emails that authenticate cleanly, bypass traditional email security measures, and appear legitimate.
02
VVS Stealer, a new credential-stealing malware, has been targeting Discord accounts by delivering obfuscated Python payloads through malicious downloads, cracked software, and fake utilities to evade detection and exfiltrate authentication tokens and user data.
03
A new Shai Hulud malware variant was found in the npm package @vietmoney/react-big-calendar, likely a test run with no major infections, and signs that it was created by the original author rather than a copycat.
04
Transparent Tribe (APT36) is targeting Indian government, academic, and strategic entities using spear-phishing emails with malicious LNK files disguised as PDFs to deliver advanced RATs that leverage environment profiling and runtime manipulation.
05
A coordinated attack exploiting Adobe ColdFusion vulnerabilities was observed generating more than 6,000 requests primarily from Japan-based infrastructure linked to CTG Server Limited and targeting servers across the US, Spain, India, and other regions.
06
A new cybercrime tool, ErrTraffic, that automates ClickFix attacks by using fake browser error prompts, is being sold on Russian-speaking forums as an $800 traffic distribution system with real-time campaign analytics.
07
A phishing campaign is targeting Cardano users with fake “Eternl Desktop” wallet update emails that abuse trusted Cardano ecosystem references and social engineering to lure victims with promises of token rewards and enhanced security.
08
A high-severity flaw tracked as CVE-2025-69194 in GNU Wget2 allows attackers to exploit a path traversal issue in Metalink processing to overwrite arbitrary files on a user’s system without authorization.
09
Hackers are exploiting the React2Shell flaw (CVE-2025-55182) in Next.js to power the RondoDox botnet, compromising over 90,000 devices worldwide through a phased attack that evolved from vulnerability testing to large-scale automation.
10
More than 10,000 Fortinet firewalls remain exposed to CVE-2020-12812, a long-exploited two-factor authentication bypass vulnerability that allows attackers to evade 2FA by altering the case of LDAP-based usernames.
