From fake charity appeals to poisoned checkout pages, threat actors are casting a wide and creative net. Russian-linked group Void Blizzard is targeting Ukrainian defense forces by spreading bogus charity links over Signal and WhatsApp to deliver the PLUGGYAPE malware. In parallel, a sprawling Magecart campaign is quietly skimming payment details from compromised e-commerce sites worldwide by injecting malicious JavaScript at checkout. Also, Android banking malware deVixor is zeroing in on Iranian users, blending financial theft, device surveillance, and ransomware features through fake automotive websites and Telegram-based command-and-control infrastructure. Keep reading for more cybersecurity updates.
01
Russian hacking group Void Blizzard has been targeting Ukrainian defense forces with fake charity links to deploy PLUGGYAPE malware via Signal and WhatsApp.
02
A large-scale Magecart web-skimming campaign has been targeting global e-commerce platforms, payment providers, and online shoppers by injecting malicious JavaScript into websites to steal sensitive payment information during checkout.
03
Scammers are using fake "reply" comments on LinkedIn posts, impersonating the platform to warn users of fake policy violations and directing them to phishing links.
04
A sophisticated phishing campaign has been abusing Cloudflare and Python to deliver AsyncRAT malware using invoice-related phishing emails to deceive victims into downloading malicious files.
05
BlueDelta (Fancy Bear), a Russian threat group, has been using fake Microsoft and Google login portals to steal credentials, targeting professionals in the energy and nuclear research sectors.
06
The Shadow#Reactor malware campaign delivers the Remcos RAT via text-only files, using phishing lures and a VBScript–PowerShell execution chain to evade traditional security defenses.
07
An Android banking malware deVixor has been combining financial data theft, device surveillance, and ransomware capabilities, targeting Iranian users through fake automotive websites and Telegram-based C2 infrastructure.
08
Threat actors are leveraging the Browser-in-the-Browser (BitB) attack in Facebook phishing scams and exploiting users’ familiarity with login pop-ups and trusted platforms like Netlify and Vercel to steal credentials.
09
Microsoft has disclosed an actively exploited zero-day vulnerability (CVE-2026-20805) in the Desktop Window Manager that allows low-privilege local attackers to access sensitive system data, including credentials and encryption keys, without user interaction.
10
Fortinet disclosed a critical vulnerability (CVE-2025-25249) in FortiOS and FortiSwitchManager that allows remote code execution due to a heap-based buffer overflow in the cw_acd daemon.
