Phishing remains one of the most effective tactics for cybercriminals to deliver malware and launch targeted attacks. Recent campaigns highlight this trend, with CastleLoader using Cloudflare-themed phishing pages and fake GitHub repositories to deploy malicious PowerShell commands. Simultaneously, UNC3944 is exploiting social engineering to compromise VMware vSphere environments by targeting industries like retail, airlines, and insurance. Adding to the threat landscape, a new Android malware is impersonating Indian banking apps to steal credentials, intercept SMS, and execute unauthorized transactions. Keep reading for more cybersecurity updates.
01
CastleLoader malware has been using Cloudflare-themed phishing pages and fake GitHub repositories to infect Windows systems via malicious PowerShell commands, with seven identified C2 servers—some targeting U.S. government networks.
02
UNC3944, a financially motivated group, has been using social engineering to target VMware vSphere environments and gain access through IT help desks in various industries, including retail, airlines, and insurance.
03
A new Epsilon Red ransomware campaign uses fake ClickFix verification pages and romance-themed lures to deliver malicious .HTA files via ActiveX, impersonating platforms like Discord, Twitch, and OnlyFans.
04
A new exploit chain, ToolShell, is targeting unpatched and zero-day Microsoft SharePoint flaws, using GhostWebShell, a stealthy web shell, for persistence and covert command execution.
05
SHUYAL, a new malware, has been stealing credentials from 19 browsers, including Chrome, Edge, Tor, and Brave, by disabling Windows Task Manager and self-deletion mechanisms.
06
Hackers exploited the official software for Endgame Gear's OP1w 4k v2 gaming mouse to spread Xred malware, affecting only the product-specific download page.
07
An Android malware is impersonating Indian banking apps to steal credentials, intercept SMS, and enable unauthorized transactions using silent installation, permission abuse, and phishing pages.
08
A vulnerability in the WordPress Post SMTP plugin (CVE-2025-24000) exposes over 200,000 sites to hijacking attacks by allowing low-privileged users to access email logs and reset administrator passwords.
09
Salesforce reported eight critical flaws in Tableau Server (CVSS 8.0–8.5), including Authorization Bypass, Unrestricted File Upload, Path Traversal, and SSRF, which could enable remote code execution and unauthorized database access.
10
A Testing, Inspection, and Certification (TIC) services provider, Bureau Veritas, has signed an agreement to acquire the Institute For Cyber Risk (IFCR), a specialist in GRC, offensive security, and cybersecurity training.
