PlushDaemon, a new player in cyberespionage, slipped into a South Korean VPN provider’s supply chain, replacing trusted installers with its SlowStepper backdoor. In the underbelly of the internet, the Murdoc botnet is building an army of compromised cameras and routers, transforming innocuous devices into unwitting soldiers for devastating DDoS campaigns. Cloudflare’s latest threat report paints a grim picture: a staggering 53% rise in attacks compared to 2023. Read on for more.
01
ESET found a supply chain attack on a South Korean VPN provider by a new China-linked APT group called PlushDaemon. The attackers installed their custom backdoor, SlowStepper.
02
Cybersecurity researchers have reported a large-scale campaign targeting AVTECH IP cameras and Huawei HG532 routers, exploiting bugs to add these devices to a variant of the Mirai botnet known as Murdoc botnet.
03
Sophos spotted campaigns involving two groups of threat actors, STAC5143 and STAC5777, using Microsoft’s Office 365 platform to infiltrate organizations, likely aiming to steal data and install ransomware.
04
A security researcher found over 1,000 vulnerabilities in ABB's building management and control solutions, potentially exposing facilities to remote hacking.
05
Analysis by CloudSEK revealed that Zendesk's platform can be exploited to create phishing links resembling legitimate companies. Since 2023, researchers have identified 1,912 such instances.
06
Attackers can exploit a vulnerability (CVE-2025-0411) in 7-Zip to bypass the MotW security feature in Windows. It allows attackers to execute malicious code on users' computers by extracting specially crafted files from nested archives or visiting malicious websites.
07
The Cloudflare DDoS Threat Report for Q4 2024 revealed a 53% increase in DDoS attacks compared to 2023. The largest one peaked at 5.6Tbps from a Mirai-based botnet with 13,000 compromised devices.
08
Oracle released a Critical Patch Update to address 318 new security vulnerabilities, including a high-severity flaw (CVE-2025-21556) in the Oracle Agile Product Lifecycle Management Framework, which could allow attackers to take control of vulnerable instances.
09
Netwrix reported that 84% of healthcare organizations faced cyberattacks in 2024, primarily involving account hijacking (74% cloud, 44% on-premises) and phishing (62% cloud, 63% on-premises). Cyber incidents impacted finances (69%) and led to leadership changes (21%).
10
Mitiga raised $30 million in a Series B funding round led by SYN Ventures, with participation from ClearSky, Atlantic Bridge, and others.
