Threat actors are clearly cooking up trouble, and the TamperedChef malvertising campaign is the latest recipe—serving an infostealer through Google Ads and SEO poisoning while masquerading as a legitimate PDF editor. In other news, a newly identified infostealer campaign that uses malicious ZIP files to spoof popular installers such as Malwarebytes. Moreover, the “Evelyn Stealer” campaign compromises developer environments by weaponizing fake Visual Studio Code extensions to execute malicious PowerShell and batch scripts. Keep reading further.
01
TamperedChef malvertising campaign is distributing an infostealer via Google Ads and SEO poisoning, disguised as a legitimate PDF editor application.
02
A new infostealer campaign has been identified, targeting users through spoofed software installers. The campaign uses malicious ZIP files impersonating trusted software like MalwareBytes.
03
The UK NCSC warns of continued DDoS attacks on critical infrastructure and local government systems by Russia-linked hacktivist groups, urging organizations to strengthen defenses.
04
Pulsar RAT, an advanced version of Quasar RAT, is targeting Windows systems using stealthy techniques like memory-only execution and hidden virtual network computing (HVNC).
05
A malware campaign dubbed “Evelyn Stealer” is compromising developer environments by abusing malicious Visual Studio Code extensions, including fake tools like “Bitcoin Black” and “Codo AI,” to execute PowerShell and batch scripts.
06
CloudSEK has uncovered a cryptocurrency theft operation by a threat actor dubbed “RedLineCyber,” who deploys a clipboard-hijacking malware called Pro.exe via Discord communities to target streamers, gamers, and cryptocurrency enthusiasts.
07
A new malware named SolyxImmortal poses a significant cybersecurity threat, targeting Windows users through Telegram channels.
08
Hacking group Mustang Panda has been found using a new malware called LOTUSLITE to spy on US government officials by exploiting news about Venezuela.
09
A privilege escalation vulnerability in the Advanced Custom Fields: Extended plugin affected 100,000+ WordPress sites, allowing attackers to gain administrative privileges.
10
TP-Link disclosed a high-severity vulnerability (CVE-2026-0629) in its VIGI security camera lineup, enabling attackers on local networks to bypass authentication and reset admin passwords via the password recovery mechanism.
