From enterprise networks to everyday payment portals, threat actors continue to blur the lines between sophistication and scale. A newly observed Osiris ransomware variant has been actively deployed across Southeast Asia, showing potential links to actors previously associated with Inc ransomware. In parallel, Microsoft Defender uncovered a highly sophisticated, multi-stage adversary-in-the-middle (AiTM) phishing campaign that abuses SharePoint links and malicious inbox rule persistence to execute BEC attacks against energy sector organizations. Rounding out this wave of activity, a fake “PNB MetLife Payment Gateway” phishing operation was identified harvesting customer credentials and redirecting victims into UPI-based payment fraud. Continue reading for more cybersecurity news.
01
A new Osiris ransomware family has been deployed in Southeast Asia, exhibiting typical ransomware capabilities and possibly tied to attackers previously associated with Inc ransomware via shared tools like Mimikatz and Poortry drivers.
02
Microsoft Defender identified a sophisticated multi-stage adversary-in-the-middle (AiTM) phishing campaign leveraging SharePoint links and inbox rule persistence to conduct BEC across energy sector organizations.
03
The Larva-25012 threat group is distributing malware disguised as a legitimate Notepad++ installer to conduct Proxyjacking attacks, covertly hijacking victims’ network bandwidth without consent for illicit financial gain.
04
A North Korea-linked spear-phishing operation uses JSE lure documents to install Visual Studio Code and establish encrypted VS Code tunnels for covert remote access on compromised systems.
05
A fraudulent “PNB MetLife Payment Gateway” phishing page was uncovered, stealing customer credentials and redirecting victims to UPI payment flows, blending financial fraud with credential theft.
06
An open-source Python script is being leveraged in an ongoing social media phishing campaign, illustrating how widely available tooling can scale credential harvesting operations across networks.
07
Attackers are taking over published Snap email domains to host malware, exploiting trust in legitimate publishing infrastructure to distribute malicious content.
08
Akamai SIRT disclosed a critical CVE-2026-22755 command-injection flaw in legacy Vivotek camera firmware (upload_map.cgi), allowing unauthenticated remote arbitrary code execution as root on dozens of models.
09
A deliberate backdoor (CVE-2026-0920) planted by a former developer was found in the WordPress LA-Studio Element Kit, enabling unauthenticated admin creation and active exploitation before a patch was released.
10
A flaw in BIND 9 was reported that allows specially crafted DNS records to crash name servers, posing operational disruption risks for DNS infrastructure.
