Cybercriminals are ramping up cross-platform attacks with increasingly deceptive tactics. On Discord, attackers are hijacking expired invite links to redirect users to malicious servers, where fake verification bots and phishing sites are used to deliver AsyncRAT and Skuld Stealer. Meanwhile, CyberEye, is using Telegram for C2 while evading detection by disabling Windows Defender and deploying modules like keyloggers, file grabbers, and clipboard hijackers. Developers are also in the crosshairs, with phishing campaigns exploiting GitHub’s OAuth 2.0 Device Code Flow to steal access tokens. Keep reading for more cybersecurity updates.
01
Attackers hijacked expired Discord invite links to redirect users to malicious servers, using fake verification bots and phishing sites to spread malware like AsyncRAT and Skuld Stealer.
02
CyberEye, a .NET-based RAT, has been using Telegram for C2 and evading detection by disabling Windows Defender while deploying modules like keyloggers, file grabbers, and clipboard hijackers.
03
Researchers uncovered new Predator spyware operations, marking its first suspected activity in Mozambique and links to a Czech entity, targeting politicians, activists, and executives with high privacy and security risks.
04
Developers are being targeted by phishing campaigns exploiting GitHub's OAuth 2.0 Device Code Flow to steal access tokens and compromise developers’ repositories and workflows.
05
The CISA issued an advisory regarding ransomware actors exploiting unpatched vulnerabilities in SimpleHelp RMM software, particularly versions 5.5.7 and earlier, which include CVE-2024-57727, a path traversal vulnerability.
06
Apple disclosed a zero-click vulnerability in its Messages app (CVE-2025-43200) that was exploited to target journalists with Paragon's Graphite spyware.
07
Trend Micro patched critical flaws in Apex Central and PolicyServer, including insecure deserialization and broken authentication, allowing RCE and admin bypass.
08
Palo Alto Networks addressed multiple vulnerabilities across its product line, including GlobalProtect App, Cortex XDR, PAN-OS, and Prisma Access Browser.
09
The TokenBreak attack exploits flaws in Byte Pair Encoding (BPE) and WordPiece tokenizers to bypass text classification models by triggering false negatives through token manipulation.
10
The EU Commission has earmarked approximately $170 million to facilitate the adoption of cybersecurity solutions by public administrations and SMEs, and to implement research-driven innovations.
