Phishing has officially entered its glow-up era, blending AI, deepfakes, and scale into a single playbook. A Vietnam-based cybercrime actor is now using AI-assisted phishing tooling to deliver PureRAT and additional payloads through convincing job-offer lures. At the same time, attackers are rolling out deepfake-powered phishing campaigns that impersonate Zoom and Microsoft Teams meetings to trick Bitcoin users into surrendering sensitive credentials and cryptocurrency assets. In other news, the SLSH phishing “Supergroup” has been linked to large-scale operations targeting over 100 organizations. Continue reading for more.
01
A Vietnam-based cybercrime actor is leveraging AI to build phishing tooling that delivers PureRAT and other payloads via job-offer lures to compromise targets and potentially sell network access.
02
New deepfake phishing campaigns are impersonating Zoom and Teams sessions to deceive Bitcoin users into divulging sensitive credentials and crypto assets.
03
The Vibe-coded Sicarii ransomware strain remains undecryptable, with victims unable to recover files without paying a ransom due to its robust encryption.
04
The SLSH malicious “Supergroup” has been observed targeting over 100 organizations with live phishing panels and credential harvesting campaigns.
05
Security analysts dissected a Python-based Remote Access Trojan (PyRAT) that supports cross-platform persistence, data exfiltration, and remote control features used by cybercriminals.
06
A critical sandbox escape vulnerability was found in the widely used vm2 Node.js library, allowing malicious code to break out of isolated contexts and execute unauthorized actions.
07
Fortinet released an emergency fix for a zero-day authentication bypass (CVE-2026-24858) in its FortiCloud SSO that has been exploited to access other FortiGate devices’ admin accounts and exfiltrate config files.
08
Multiple financially motivated and state-backed threat actors are actively exploiting the critical CVE-2025-8088 path traversal flaw in WinRAR to drop payloads for persistence and initial access across global targets.
09
The PackageGate vulnerabilities comprise six zero-day flaws across JavaScript package managers, including npm, pnpm, vlt, and Bun, allowing attackers to bypass protections such as disabled scripts and lockfiles to execute malicious code despite existing security controls.
10
Multiple adversaries are exploiting the React2Shell vulnerability (CVE-2025-55182) in React Server Components to deploy miners (XMRig), botnets (RustoBot, Kaiji), backdoors (Sliver), and implants like EtherRAT against Russian companies.
