What starts as a routine download, a trusted message, or a familiar telecom network can quickly turn into a quiet breach. Chinese threat actor UAT-7290 has been targeting telecom providers across South Asia and Southeastern Europe, using modular malware to conduct espionage and maintain persistent access. In parallel, researchers have uncovered a campaign abusing WhatsApp to distribute the Astaroth banking trojan to Windows systems. Moreover, fake WinRAR installers hosted on Chinese websites are delivering malware through multi-layered files that harvest sensitive data and deploy system-specific payloads. Continue reading for more.
01
Chinese UAT-7290 has been targeting telecom providers in South Asia and Southeastern Europe, utilizing modular malware like RushDrop, DriveSwitch, and SilentRaid for espionage and persistent access.
02
Cybersecurity researchers discovered a campaign abusing WhatsApp to distribute the Astaroth banking trojan, targeting Windows systems and leveraging social trust for rapid infections.
03
Guloader malware is being spread through phishing emails posing as October 2025 employee performance reports, with a RAR attachment containing a malicious NSIS executable named “staff record pdf.exe.”
04
A new phishing campaign abuses DocuSign to deliver Vidar malware to Windows systems, using a fake DocuSign site, valid code-signing certificates, access-code checks, and time-based execution delays to evade detection.
05
Fake WinRAR installers distributed via Chinese websites deliver malware through multi-layered files, harvesting sensitive Windows data and deploying system-specific malicious payloads.
06
xRAT (QuasarRAT) is being spread through Korean file-sharing platforms disguised as adult games, alongside njRAT and XwormRAT masquerading as legitimate software or adult content.
07
The FBI warns that the North Korean Kimsuky APT group is running QR code phishing campaigns targeting think tanks, academic institutions, and government entities, using QR codes in emails to evade security controls and lure victims to credential-harvesting sites.
08
New vulnerabilities in ChatGPT, including the “ZombieAgent” technique, exploit prompt injection and pre-constructed URLs to bypass OpenAI safeguards and exfiltrate sensitive data from Gmail, Outlook, and Google Drive without user interaction.
09
HPE's OneView platform has a critical RCE vulnerability (CVE-2025-37164) with a CVSS score of 10. The vulnerability allows attackers to gain centralized control over IT infrastructure, posing catastrophic risks.
10
A flaw in Cursor, Windsurf, and Google Antigravity IDEs allowed attackers to upload malicious extensions under unclaimed names due to reliance on OpenVSX instead of the Microsoft Extension Marketplace because of licensing restrictions.
