Cyber threats continue to evolve across regions, with espionage, phishing, and infrastructure vulnerabilities dominating the landscape. Iran-aligned threat group BladedFeline has been linked to targeted cyberespionage campaigns aimed at Kurdish and Iraqi government officials. Meanwhile, Hive0131 is conducting phishing campaigns in Latin America to spread DCRat malware. On the critical infrastructure front, Forescout’s SUN:DOWN research uncovered 46 vulnerabilities in solar power systems and a staggering 350% spike in exposed devices, most notably in Europe. Continue reading for more cybersecurity news from the past 24 hours.
01
BladedFeline, an Iran-aligned threat group, has been conducting cyberespionage campaigns targeting Kurdish and Iraqi government officials, as well as a telecommunications provider in Uzbekistan.
02
Hive0131 has been targeting users in Latin America with phishing emails imitating official judicial correspondence to deliver DCRat malware.
03
UNC6040 threat group has been leveraging voice phishing (vishing) to impersonate IT support staff and deceive employees into granting access to Salesforce environments, targeting English-speaking branches of multinational companies.
04
A phishing campaign has been exploiting Microsoft Outlook’s unique handling of HTML emails using conditional comments to show different links to different email clients.
05
Researchers uncovered a network of malicious "sleeper" browser extensions, installed by 1.5 million users globally, that masquerade as sound tools but enable remote command execution and encrypted communication with malicious servers.
06
A campaign has been found using typo-squatted Spectrum domains and fake CAPTCHA checks to deliver Atomic macOS Stealer (AMOS), targeting macOS users with dynamic payloads to steal passwords and bypass security.
07
Federal authorities seized 145 domains and crypto assets tied to BidenCash, a cybercrime marketplace that sold over 15 million stolen credit cards to 117,000+ users, generating $17 million in illicit revenue since March 2022.
08
Forescout’s SUN:DOWN research revealed 46 vulnerabilities in solar power systems and a 350% surge in exposed devices, with Europe most affected and some flaws enabling attackers to hijack inverters.
09
Cisco patched CVE-2025-20129, a vulnerability in CCP's web-based chat interface, which could allow attackers to intercept sensitive data through crafted HTTP requests.
10
ThreatSpike, a cybersecurity provider, secured $14 million in a Series A funding round led by Expedition Growth Capital.
