Cybercriminals continue to exploit trust in everyday digital services to quietly monetize access and data, blurring the line between legitimate workflows and malicious activity. In one campaign, attackers are sending spoofed Microsoft Teams billing alert emails to trick users into handing over credentials and payment details. In parallel, the software supply chain is being abused through a malicious npm package, G-Wagon, which delivers a Python-based information stealer capable of siphoning cryptocurrency wallets and sensitive developer data. Moreover, threat actors are ramping up JavaScript-based e-skimming attacks that embed malicious code into payment pages. Keep reading further.
01
A phishing campaign is using spoofed Microsoft Teams billing alert emails to lure victims into credential theft and payment fraud schemes.
02
A malicious npm package named G-Wagon was discovered delivering a Python-based information stealer designed to exfiltrate cryptocurrency wallets and sensitive developer data.
03
GhostChat spyware masquerades as a romance messaging app on Android, enabling surveillance, data exfiltration, and persistent victim tracking once installed.
04
The Tycoon phishing-as-a-service platform is running advanced credential harvesting campaigns that abuse contractor-related domains to bypass Gmail and Microsoft 365 security controls.
05
Researchers uncovered iClickFix, a widespread WordPress targeting exploitation framework that abuses the ClickFix social engineering tactic to trick victims into executing malicious commands via fake error prompts.
06
Threat actors are increasingly deploying JavaScript-based e-skimming malware to compromise payment pages, silently harvesting credit card data during online checkout processes.
07
CloudSEK traced a broader e-crime ecosystem pivoting from Paytool infrastructure to conduct payment fraud, phishing, and financial scams primarily targeting Canadian users.
08
Multiple critical remote code execution flaws in SolarWinds Web Help Desk allow unauthenticated attackers to execute arbitrary commands, posing a significant risk to IT service management environments if left unpatched.
09
A critical vulnerability (CVE-2025-12556) in the IDIS Cloud Manager (ICM) Viewer software allows attackers to execute remote code on Windows systems monitoring IDIS IP cameras with just one click.
10
A newly disclosed sandbox escape flaw in n8n workflow automation instances enables attackers to break isolation controls and achieve remote code execution on the underlying host system.
