Like a ghost that lingered unseen, GhostPoster malware operated in the shadows for nearly five years, silently infecting more than 840,000 users through malicious browser extensions. In other news, a China-linked APT group UAT-8837 has been actively targeting critical infrastructure across North America by exploiting zero-day vulnerabilities, harvesting credentials, and establishing persistent backdoor access. Meanwhile, the ransomware landscape continues to intensify, with attacks surging 52% YoY to 6,604 incidents in 2025 and supply chain attacks nearly doubling to 297 cases. Keep reading for more cybersecurity updates.
01
GhostPoster malware evaded detection for five years, infecting 840,000+ users through malicious Chrome, Firefox, and Edge extensions by hiding payloads in PNG files, with 17 related extensions uncovered, prioritizing long-term persistence.
02
UAT-8837, a China-linked APT group, is targeting critical infrastructure sectors in North America by exploiting zero-day vulnerabilities, credential harvesting, and creating backdoor access to compromised systems.
03
A phishing campaign is targeting Windows users with a new Remcos RAT variant, using emails impersonating a Vietnamese shipping company to deliver malicious Word documents.
04
Hackers are abusing trusted cloud and CDN platforms such as Google, Microsoft Azure, and AWS CloudFront to host phishing kits, bypass security filters, and steal enterprise credentials through fake login pages that mimic legitimate domains.
05
The Gootloader malware has adopted a stealthy delivery method by leveraging malformed ZIP archives that concatenate up to 1,000 parts, making detection and analysis challenging for most tools.
06
Ransomware attacks rose 52% YoY in 2025 to 6,604 incidents, while supply chain attacks nearly doubled to 297—largely tied to ransomware activity—with Qilin emerging as the top ransomware group.
07
Cisco has patched a critical vulnerability (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager that was actively exploited by the China-linked APT group UAT-9686, enabling unauthenticated attackers to execute arbitrary commands.
08
A critical misconfiguration in AWS CodeBuild allowed attackers to gain control of core AWS GitHub repositories, including the JavaScript SDK that supports the AWS Console, potentially compromising every AWS account relying on it.
09
A new AMD hardware flaw, StackWarp, affects Zen 1–Zen 5 processors and allows attackers to exploit CPU stack engine synchronization failures to achieve RCE and privilege escalation in confidential virtual machines.
10
Researchers have observed active exploitation of a critical HPE OneView vulnerability (CVE-2025-37164), attributed to the RondoDox botnet, enabling RCE via an exposed API endpoint, with over 40,000 attack attempts recorded.
