The global threat landscape continues to intensify as both large-scale botnets and highly targeted social engineering campaigns gain momentum. The Kimwolf botnet has infected more than two million devices worldwide by exploiting unsecured Android TV boxes and weaknesses in residential proxy networks, while the PHALT#BLYX malware campaign is targeting the hospitality sector using fake Booking[.]com cancellation emails, deceptive CAPTCHAs, and simulated BSODs to trick users into executing malicious code. At the same time, CISA’s Known Exploited Vulnerabilities catalog expanded by 20% in 2025, with 245 new additions bringing the total to 1,484 actively exploited flaws, including a 45% rise in older vulnerabilities dating back to 2007. Keep reading for more.
01
The"Kimwolf" botnet has infected over 2 million devices globally, primarily targeting unsecured Android TV boxes and exploiting vulnerabilities in residential proxy networks.
02
The PHALT#BLYX malware campaign is targeting the hospitality sector, using fake Booking.com cancellation emails, deceptive CAPTCHAs, and simulated BSODs to socially engineer users into executing malicious code.
03
The threat actor "RedTeam" has launched a versatile brute-force tool named "Brutus" that targets Fortinet services and multiple remote access protocols like SSH, RDP, and VNC, significantly expanding the attack surface for organizations.
04
In its fourth wave, GlassWorm is targeting macOS developers by weaponizing Visual Studio Code extensions to deliver encrypted malware and replace legitimate Ledger and Trezor wallet software with trojanized versions.
05
Russia-aligned hacking group UAC-0184, also known as Hive0156, has been targeting Ukrainian military and government entities using the Viber messaging platform to distribute malicious ZIP archives.
06
The CISA KEV catalog saw a 20% growth in 2025, with 245 vulnerabilities added, totaling 1,484 high-risk flaws. Older vulnerabilities added to the KEV catalog increased by 45%, with the oldest being from 2007.
07
Critical vulnerabilities in two npm packages, "@adonisjs/bodyparser" and "jsPDF," have been disclosed, enabling attackers to exploit path traversal flaws to write arbitrary files on servers or access sensitive local file contents.
08
A critical MongoDB vulnerability, CVE-2025-14847 (MongoBleed), enables unauthenticated attackers to exploit a memory leak to extract sensitive data, including passwords and authentication tokens, directly from server memory.
09
Eaton disclosed two UPS Companion vulnerabilities—CVE-2025-59887, an insecure library loading flaw enabling arbitrary code execution, and CVE-2025-59888, a search path quoting issue that allows high-privilege attackers to execute arbitrary code.
10
QNAP patched two moderate-severity License Center flaws—CVE-2025-52871 (out-of-bounds read enabling standard users to access sensitive data) and CVE-2025-53597 (buffer overflow allowing admins to modify memory or crash processes) affecting NAS devices.
