A surge in cybercrime is unfolding across multiple fronts. The GhostVendors scam campaign has leveraged over 4,000 fake domains to impersonate major brands like Amazon, Costco, and Rolex, luring unsuspecting shoppers. Meanwhile, the Rust-based Myth Stealer malware is being distributed via fake gaming sites, targeting Chrome and Firefox users to harvest sensitive data. Adding to the threat landscape, phishing, extortion, and social engineering attacks are escalating, with Malwarebytes reporting that 44% of users face mobile scams daily and 78% weekly. Keep reading further for more cybersecurity news.
01
A large-scale scam campaign, dubbed GhostVendors, involving over 4,000 fraudulent domains has been impersonating major brands like Amazon, Costco, Rolex, and many more to deceive consumers.
02
Myth Stealer, a Rust-based infostealer malware, has been spreading through fake gaming websites, targeting users of Chromium- and Gecko-based browsers like Chrome and Firefox.
03
FIN6, known for financial fraud and ransomware, is now impersonating job seekers on LinkedIn and Indeed to target recruiters with phishing emails and malware-laced resumes.
04
Phishing, extortion, and social engineering scams are on the rise, with 44% of people encountering mobile scams daily and 78% weekly, according to Malwarebytes.
05
Adobe has released security updates addressing 254 vulnerabilities in its software, impacting Adobe Experience Manager (AEM), with 225 flaws classified as XSS vulnerabilities that could lead to arbitrary code execution.
06
Microsoft has addressed 66 security flaws in Patch Tuesday, including two zero-days. CVE-2025-33053, an RCE bug in WebDAV exploited by the Stealth Falcon APT group, and CVE-2025-33073, an elevation of privilege flaw in the Windows SMB client.
07
Google Chrome version 137.0.7151.103 fixes two high-severity flaws—CVE-2025-5958 (use-after-free in Media) and CVE-2025-5959 (type confusion in V8)—that could lead to RCE or DoS.
08
INTERPOL’s Operation Secure dismantled over 20,000 malicious IPs and domains tied to infostealers, seizing 41 servers with support from 26 countries and private partners.
09
Data security company Cyera secured $540 million in a Series E funding round led by Georgian, Greenoaks, and Lightspeed Venture Partners, with support from existing investors.
10
CybaVerse, a cybersecurity company focused on SMEs and MSPs, has acquired SecureAck, an automation platform aimed at simplifying security across IT and OT environments.
