Malware is on a rampage, and leading the charge is ViperSoftX, targeting cryptocurrency users by deploying PowerShell scripts to hijack wallets and deliver secondary payloads. Meanwhile, a phishing campaign dubbed “Operation Phantom Enigma” is hitting users in Brazil, spreading malware via rogue browser extensions and RATs like Mesh Agent. Rapid7’s Q1 2025 report revealed that 56% of cyber compromises were fueled by stolen credentials without MFA, with vulnerability exploits and brute force attacks each responsible for 13% of breaches. Keep reading for more cybersecurity updates from the last 24 hours.
01
ViperSoftX malware is actively targeting cryptocurrency users, distributing PowerShell scripts to execute malicious commands, steal cryptocurrency wallets, and deploy additional payloads like Quasar RAT, PureCrypter, and PureHVNC.
02
A malicious campaign named “Operation Phantom Enigma” has been targeting users in Brazil using phishing emails to distribute malware through browser extensions and RATs like Mesh Agent.
03
Attackers have been using spoofed websites, such as Gitcodes and fake Docusign verification pages, to trick users into running malicious PowerShell scripts that install the NetSupport RAT.
04
Cybercriminals are exploiting the NFT airdrop feature in non-custodial wallets on the Hedera Hashgraph network to deceive users and steal cryptocurrency.
05
According to Rapid7's Q1 2025 incident response report, 56% of cyber compromises in Q1 2025 were caused by stolen credentials without MFA, while vulnerability exploitation (13%) and brute force attacks (13%) were other common initial access methods.
06
Google’s June 2025 Android security update addressed 34 high-severity vulnerabilities, including one critical flaw (CVE-2025-26443) that could lead to local privilege escalation.
07
Hewlett-Packard Enterprise (HPE) addressed eight vulnerabilities in its StoreOnce solution, including a critical authentication bypass flaw (CVE-2025-37093) that can be exploited to bypass authentication.
08
CISA warned against a vulnerability (CVE-2025-3916) in Schneider Electric’s EcoStruxure Power Build Rapsody software that could allow attackers to execute arbitrary code via a stack-based buffer overflow.
09
Zero Networks, a cybersecurity company focused on microsegmentation, raised $55 million in a Series C funding round led by Highland Europe.
10
General Informatics, a managed IT and cybersecurity services provider, has acquired GlobeNet, a fellow MSP. The value of the acquisition was not disclosed.
