Malware campaigns are evolving rapidly, growing more targeted, deceptive, and platform-specific with each wave. In recent news, North Korean threat actors are aiming at Web3 and cryptocurrency platforms with NimDoor, a sophisticated macOS malware that uses AppleScript and Bash scripts to enable backdoor access and data theft. Meanwhile, hacktivist group Keymous+ is making global waves, claiming over 700 DDoS attacks across Europe, North Africa, the Middle East, and Asia—possibly with a little help from DDoS-for-hire platform EliteStress. Unit 42 reports a 50% spike in the abuse of Windows LNK files, with malware samples jumping from 21,000 in 2023 to over 68,000 in 2024. Keep reading for more cybersecurity news.
01
North Korean (DPRK) threat actors are targeting Web3 and cryptocurrency platforms through a sophisticated macOS malware campaign dubbed NimDoor.
02
Keymous+ hacktivist group has launched over 700 DDoS attacks in 2025 across Europe, North Africa, the Middle East, and Asia, and is potentially linked to the DDoS-for-hire service EliteStress.
03
A campaign involving over 40 fake Firefox extensions has been uncovered, designed to steal cryptocurrency wallet credentials by impersonating legitimate tools like Coinbase, MetaMask, and others.
04
Russia-linked Gamaredon ramped up spear-phishing attacks on Ukrainian government targets, using HTML smuggling, stealthy scripts, and Cloudflare-masked C2 infrastructure.
05
Qwizzserial, an Android malware, has been targeting users in Uzbekistan and spreading via Telegram disguised as government aid apps or deceptive files to steal SMS messages and banking data.
06
According to a Unit 42 report, a surge in the weaponization of Windows LNK files for malware distribution has risen by 50%, with malware samples increasing from 21,098 in 2023 to 68,392 in 2024.
07
An Arbitrary File Deletion vulnerability (CVE-2025-6463) was discovered in the Forminator WordPress plugin, affecting over 600,000 sites. It allows unauthenticated attackers to delete critical files, potentially leading to RCE and site compromise.
08
Cisco patched a critical vulnerability (CVE-2025-20309) in its Unified CM that allowed root SSH access via a hardcoded credential.
09
A critical vulnerability (CVE-2025-47812) in Wing FTP Server could allow attackers to achieve full server takeover through unauthenticated RCE.
10
AI-powered cybersecurity platform RevEng.ai raised $4.1 million in a seed funding round led by Sands Capital with backing from In-Q-Tel Capital, IQ Capital, and Episode 1.
