Cyber threat actors are getting creative. APT28’s latest weapon, LameHug, may sound soft, but this AI-powered malware packs a punch. Used in phishing attacks against Ukraine’s defense sector, it generates commands, spies on systems, and steals sensitive data. In parallel, the JSCEAL campaign flooded the EU with 35,000 malicious ads and fake crypto apps mimicking 50 trading platforms, luring thousands of users. Rounding out the threat landscape, researchers uncovered XWorm 6.0, a stealthier variant with stronger persistence and a clever AMSI bypass that tampers with CLR.DLL in memory to evade detection. Read further for more cybersecurity news.
01
Russian threat group APT28 deployed LameHug, an AI-powered malware, in a phishing campaign targeting Ukraine’s security and defense sector to generate system commands, conduct reconnaissance, and steal data.
02
JSCEAL campaign has targeted crypto app users with around 35,000 malicious ads and fake apps impersonating nearly 50 cryptocurrency trading platforms, generating millions of views across the EU in early 2025.
03
A sophisticated threat group, CL-STA-0969, is targeting telecom networks in Southwest Asia. Linked to state-sponsored actors like Liminal Panda, the group is exploiting mobile roaming network connections.
04
Hackers exploited a critical SAP NetWeaver flaw (CVE-2025-31324) to deploy Auto-Color Linux malware with stealthy rootkit capabilities against a U.S. chemicals company.
05
ToxicPanda, an advanced Android banking trojan that has infected over 4,500 devices, mainly in Portugal and Spain, to steal banking credentials and remain hidden.
06
A fake WordPress plugin named "wp-compat" creates a hidden admin user and conceals its presence using hooks and metadata.
07
Researchers have identified XWorm variant 6.0, which uses enhanced persistence and anti-analysis features, including an AMSI bypass that modifies CLR.DLL in memory to evade detection.
08
Google has released an emergency Chrome update to patch critical vulnerabilities, including a high-priority use-after-free flaw in Media Stream (CVE-2025-8292), which could allow attackers to execute arbitrary code or access sensitive data.
09
Palo Alto Networks is reportedly in advanced talks to acquire Israeli cybersecurity firm CyberArk Software for over $20 billion.
10
Fable Security, a human risk management platform for enterprise cybersecurity, has emerged from stealth with $31 million in funding, comprising a seed round led by Greylock Partners and a Series A led by Redpoint Ventures.
