Cybercriminals are ramping up their attacks by exploiting trusted platforms, software, and infrastructure. They’re redirecting users from gaming and social media sites to fake Booking[.]com pages that drop Backdoor.AsyncRAT. At the same time, hackers are leveraging the popular SSH client PuTTY on Windows to stealthily deliver malware by exploiting OpenSSH’s default behavior. Meanwhile, a major DDoS attack hit Russian ISP ASVT, disrupting internet services for tens of thousands in Moscow and surrounding areas, including government networks. Continue reading for more cybersecurity updates from the weekend.
01
Cybercriminals are redirecting users from gaming sites and social media to fake Booking[.]com pages with malicious Captcha forms that trigger the installation of Backdoor.AsyncRAT, enabling remote control of infected devices and data theft.
02
Hackers are exploiting the popular SSH client PuTTY to deliver malware on Windows systems, abusing OpenSSH’s default behavior.
03
A malicious npm package named xlsx-to-json-lh, mimicking the legitimate xlsx-to-json-lc, was discovered to establish a remote connection, allowing attackers to delete entire project directories on command.
04
A malicious package campaign targeting Python and npm users was discovered, using typo-squatting and name-confusion attacks on packages like Colorama and Colorizr.
05
A major DDoS attack disrupted internet services for tens of thousands in Moscow and nearby areas, targeting the Russian provider ASVT, which serves large residential complexes and government institutions.
06
As part of Operation Endgame, an international law enforcement operation dismantled AVCheck—a platform used by cybercriminals, including ransomware groups, to test and obfuscate malware that helped evade antivirus detection.
07
U.S. authorities, in collaboration with international partners, seized four domains and servers linked to a software crypting syndicate that provided tools to cybercriminals to make malware undetectable.
08
NetSPI researchers have uncovered high-risk local privilege escalation vulnerabilities (CVE-2025-23009 and CVE-2025-23010) in SonicWall’s NetExtender VPN client for Windows, which could let low-privileged users gain SYSTEM-level access or disrupt services via arbitrary file deletion and overwriting.
09
Two vulnerabilities in Linux systems, CVE-2025-5054 and CVE-2025-4598, have been identified in apport and systemd-coredump, allowing local attackers to exploit race conditions to access sensitive data, including password hashes.
10
Hackers are exploiting critical vulnerabilities in the vBulletin forum software, specifically CVE-2025-48827 and CVE-2025-48828, which allow remote code execution.
