Cyber threat actors continue to evolve their tactics, launching targeted campaigns driven by both financial and geopolitical motives. Recent activity includes the financially motivated UNC6148 exploiting SonicWall SMA 100 series appliances using stolen credentials to deploy a persistent backdoor called OVERSTEP. Meanwhile, China-aligned espionage actors have ramped up phishing attacks on Taiwan’s semiconductor industry to gather intelligence supporting China’s semiconductor self-sufficiency ambitions amid export restrictions. Additionally, over 607 malicious domains—mostly Chinese-hosted and registered via Gname—have been uncovered distributing fake Telegram APKs tied to phishing and malware campaigns. Read further for more cybersecurity news.
01
An ongoing campaign by the financially motivated threat actor UNC6148 targets SonicWall Secure Mobile Access (SMA) 100 series appliances. It exploits stolen credentials and deploys a persistent backdoor known as OVERSTEP.
02
China-aligned espionage groups have intensified their phishing campaigns targeting Taiwan's semiconductor industry to collect intelligence to bolster China's strategic goals of semiconductor self-sufficiency amidst export controls.
03
A MaaS operation using GitHub repositories to stealthily deliver Amadey and Emmental loaders via phishing campaigns, targeting Ukrainian entities with advanced obfuscation.
04
Hackers are distributing Matanbuchus 3.0, a stealthy MaaS loader, via Microsoft Teams, phishing, malvertising, and IT help desk impersonation.
05
Over 607 malicious domains were identified distributing fake Telegram APK files, linked to phishing and malware campaigns, primarily hosted in Chinese and registered via the Gname registrar.
06
Europol's Operation Eastwood targeted the pro-Russian hacktivist group NoName057(16), responsible for DDoS attacks across Europe, Israel, and Ukraine.
07
Oracle’s July 2025 CPU delivers 309 patches for ~200 CVEs, with 127 remotely exploitable flaws; Oracle Communications tops the list with 84 fixes, none critical.
08
Cisco has disclosed a critical vulnerability (CVE-2025-20337) in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), which allows unauthenticated attackers to execute arbitrary code with root privileges.
09
10
Ekco, a security-first managed service provider, has acquired a Manchester-based cybersecurity consultancy firm, Predatech.
