Spear-phishing remains one of the most effective entry points for cyberattacks, as seen with SquidLoader’s recent campaign targeting Hong Kong financial institutions using fake invoice attachments to deliver malware. Meanwhile, the long-running H2Miner botnet has expanded its arsenal by incorporating AI-generated Lcryx ransomware, which employs system degradation tactics and includes bundled hacking tools. Adding to the threat landscape, retail brands are facing rising fraud facilitated by fake receipt generators like MaisonReceipts, which operate through subscription-based websites and encrypted platforms. Keep reading for more cybersecurity highlights from the last 24 hours.
01
SquidLoader is targeting Hong Kong financial institutions via spear-phishing emails with fake invoice RAR files, using a five-stage infection chain to deploy Cobalt Strike for remote access.
02
The H2Miner botnet has added AI-generated Lcryx ransomware, including a new variant "Lcrypt0rx" with system degradation tactics and bundled hacking tools, to its operations.
03
The LameHug malware uses an LLM to dynamically generate commands for data theft on compromised Windows systems, marking a novel approach in cyberattacks.
04
The Scanception campaign uses QR codes in phishing PDFs to bypass email security and endpoint protection by targeting personal mobile devices outside organizational security perimeters.
05
Fake receipt tools like MaisonReceipts are fueling retail fraud, letting users generate counterfeit receipts for over 21 major brands via subscription sites, social media, and platforms like Discord and Telegram.
06
A critical security vulnerability (CVE-2025-4657) in Lenovo’s Protection Driver software allows local attackers to execute arbitrary code and escalate privileges through a buffer overflow exploit, posing risks to enterprise and consumer systems.
07
VMware patched four zero-days exploited at Pwn2Own Berlin 2025. Three critical flaws (CVE-2025-41236/-41237/-41238) allow guest-to-host code execution; a fourth (CVE-2025-41239) causes data leaks.
08
A vulnerability (CVE-2025-48927) in TeleMessage TM SGNL, a Signal-inspired enterprise messaging system, could expose sensitive data like plaintext usernames and passwords due to an insecure /heapdump endpoint in Spring Boot Actuator.
09
Empirical Security, a cybersecurity startup, raised $12 million in a seed funding round led by Costanoa Ventures, with participation from DNX Ventures, Sixty Degree Capital, HPA, and other angel investors.
10
An Amsterdam-based cybersecurity startup, Whisper, secured approximately $1.75 million in a pre-seed funding round led by Atlas AI^VB Fund I, with support from Antler, D11Z, Tioga Trust, and Volve Capital.
