Sophisticated cyber threats are on the rise, impacting various sectors with their advanced techniques. In one such campaign, Operation CargoTalon, the UNG0901 group is targeting employees in Russia's defense sector, specifically those at VASO. Simultaneously, a separate group of hackers has launched a supply chain attack against Arch Linux users. In a different scheme, fraudsters are executing Request for Quote (RFQ) scams, impersonating legitimate companies with stolen Employer Identification Numbers (EINs) and fake email signatures. Continue reading for further cybersecurity updates from the last 24 hours.
01
Operation CargoTalon, led by UNG0901, targets VASO employees in Russia's defense sector using spear-phishing emails with malicious LNK files and the EAGLET DLL implant to exfiltrate data and mimic logistics documents.
02
Hackers launched a supply chain attack on Arch Linux by uploading three RAT-laced packages—librewolf-fix-bin, firefox-patch-bin, and zen-browser-patched-bin—to the Arch User Repository (AUR).
03
A malicious LNK file disguised as a credit card security email authentication pop-up has been identified, aiming to steal user information.
04
The Mimo cybercrime group has shifted to targeting Magento CMS, exploiting PHP-FPM flaws and using tools like GSocket and disguised scripts for stealth and persistence.
05
Researchers identified a new Coyote malware variant—the first to maliciously use Microsoft’s UI Automation (UIA) framework—targeting Brazilian users to steal credentials from 75 banks and crypto exchanges.
06
Request for Quote (RFQ) scammers impersonate legitimate companies using stolen EINs and fake email signatures to exploit vendor financing terms (Net 15/30/45) and steal high-value goods.
07
Synology has issued a security advisory for critical flaws in its BeeDrive Windows app—tracked as CVE-2025-54158, CVE-2025-54159, and CVE-2025-54160—that could enable code execution and file deletion.
08
Cisco has reported active exploitation of three critical Cisco ISE flaws—CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337—that allow unauthenticated attackers to gain root access via malicious API requests.
09
CISA has flagged active exploitation of two critical SysAid flaws—CVE-2025-2775 and CVE-2025-2776—that allow attackers to hijack admin accounts and access files via improper XML external entity handling.
10
Vanta, an online security and compliance management platform, secured $150 million in a Series D funding round led by Wellington Management, with participation from existing investors, including Goldman Sachs Alternatives, Sequoia, and others.
