When your tools start spying on you, it’s time to check for hidden tricks — and that’s exactly what researchers found. A supply chain attack was discovered involving two malicious Ruby gems stealthily designed to steal Telegram bot tokens, messages, and files. In parallel, threat actor JINX-0132 is orchestrating a widespread cryptojacking campaign by exploiting misconfigurations in popular DevOps platforms to deploy XMRig miners on compromised infrastructure. Adding to global concerns, the Dutch Minister has issued a stark warning about the rising wave of Chinese state-sponsored cyber espionage, particularly aimed at the Netherlands’ critical infrastructure. Read further for more cybersecurity news from the last 24 hours.
01
Researchers have discovered a supply chain attack involving two malicious Ruby gems (fastlane-plugin-telegram-proxy and fastlane-plugin-proxy_teleram) designed to steal Telegram bot tokens, messages, and files.
02
Threat actor JINX-0132 is exploiting misconfigurations in popular DevOps tools like Nomad, Consul, Docker, and Gitea to deploy XMRig and launch a widespread cryptojacking campaign.
03
Attackers have been exploiting a misconfigured AI tool, Open WebUI, to run malicious Python scripts, deploying cryptominers and evading defenses on both Linux and Windows systems.
04
The Android banking trojan Crocodilus has been adding fake contacts to victims’ devices to make malicious calls appear trustworthy, targeting victims globally, with enhanced evasion techniques like code packing, XOR encryption, and data parsing.
05
The Dutch Minister has warned against Chinese state-sponsored groups intensifying espionage activities targeting the Netherlands’ critical infrastructure.
06
Google released emergency fixes for three Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) that allows remote attackers to exploit heap corruption through crafted HTML pages.
07
Qualcomm has released security patches for three zero-day vulnerabilities (CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038) in its Adreno GPU drivers, which could lead to memory corruption and unauthorized access.
08
Two critical, unpatched vulnerabilities (CVE-2025-41438 and b) have been discovered in Consilium Safety’s CS5000 Fire Panel that could allow remote attackers to disable fire safety systems.
09
The ReliaQuest report revealed that infostealer malware, particularly Lumma, responsible for 92% of credential log alerts in late 2024, has fueled a booming underground economy on the Russian market, where stolen credentials were sold en masse for as little as $2.
10
F5 has acquired Fletch, a San Francisco-based threat management startup, to integrate agentic AI into its platform.
