Cybercriminals clearly didn’t get the memo about taking it easy in 2025. A China-based phishing campaign is swarming the internet with thousands of fake e-commerce sites that impersonate top retail and payment brands. Meanwhile, Windows users have a new pest to worry about—NordDragonScan, an infostealer that sneaks in via weaponized HTA scripts, malicious LNK files, and decoy documents to silently harvest system data. Adding to the chaos, task scams are preying on job seekers with gamified fake tasks and earnings, only to demand crypto deposits. Continue reading for more cybersecurity news from the weekend.
01
A China-based phishing campaign is using thousands of fake e-commerce sites to mimic top retail and payment brands, stealing user data during global shopping events like Mexico’s Hot Sale 2025.
02
A new Windows infostealer, NordDragonScan, has been using weaponized HTA scripts, malicious LNK files, and decoy documents to evade detection and steal system data, browser profiles, and local files.
03
XwormRAT malware is being distributed using steganography, starting with VBScript or JavaScript, embedding malicious PowerShell scripts to download and execute the final malware.
04
A phishing campaign has been impersonating the UK DWP, targeting residents via SMS scams about missed Winter Heating Allowance applications, using urgency and shortened URLs to lure victims.
05
The Scattered Spider threat group is widening its attack scope to include the aviation sector and major enterprises, with recent incidents impacting Qantas, Hawaiian Airlines, and WestJet.
06
Task scams have been exploiting job seekers using gamified fake tasks and earnings to lure them into paying crypto deposits, driven by remote work trends, AI scam sites, and stolen personal data.
07
Attackers are abusing the SHELLTER security tool in infostealer campaigns to evade antivirus and EDR systems by hiding malware with junk code and self-modifying techniques.
08
Hackers exploited a remote code execution vulnerability in Call of Duty: WWII for PC to disrupt gameplay and remotely control players’ systems.
09
ScriptCase, a low-code PHP web application platform, has two critical vulnerabilities (CVE-2025-47227 and CVE-2025-47228) in its Production Environment module that allow pre-authenticated remote command execution.
10
CVE-2016-4484 allows attackers to bypass Secure Boot and gain root access on major Linux distros by exploiting the initramfs debug shell with repeated incorrect or blank password entries.
