Recent cyber threat activity highlights an evolving and complex landscape. The Water Curse threat actor has been abusing GitHub by hosting weaponized repositories to deliver multistage malware. In a separate development, Iran-aligned hacktivists have launched coordinated cyberattacks in retaliation for Israeli missile strikes on Iranian nuclear and military targets, focusing on government, defense, and critical infrastructure systems in Israel. Meanwhile, GrayAlpha, a cybercriminal group linked to FIN7, has shifted to new infrastructure to facilitate malware delivery, leveraging custom PowerShell loaders. Find out what happened in the cybersecurity landscape over the weekend.
01
Water Curse threat actor has been using GitHub to spread multistage malware via weaponized repositories, with at least 76 accounts linked to a campaign targeting cybersecurity pros, game developers, and DevOps teams.
02
Iran-aligned hacktivists launched retaliatory cyberattacks following Israel’s missile strikes on Iranian nuclear and military sites, targeting Israeli government agencies, defense systems, and critical infrastructure.
03
Anubis, a new RaaS group, has introduced a destructive "wipe mode" in its ransomware, combining encryption with file erasure to make recovery impossible, even if the ransom is paid.
04
Katz Stealer, a MaaS platform built for credential theft, system fingerprinting, and stealthy persistence, has been targeting browser data, crypto wallets, VPN/Wi-Fi credentials, and game accounts.
05
GrayAlpha, a cybercriminal group associated with FIN7, has been identified using new infrastructure for malware distribution. The group uses custom PowerShell loaders like PowerNet and MaskBat to deploy NetSupport RAT.
06
Over 46,000 internet-facing Grafana instances are exposed to CVE-2025-4123, a client-side open redirect flaw enabling malicious plugin execution and account takeovers.
07
Tenable has fixed three high-severity flaws in Nessus Agent for Windows (CVE-2025-36631, -36632, -36633) that allowed non-admin users to overwrite system files, execute code, and delete files with System privileges.
08
A critical vulnerability (CVE-2025-33108) has been identified in IBM Backup, Recovery, and Media Services for i (BRMS) versions 7.5 and 7.4, allowing attackers to escalate privileges and execute malicious code with system-level access.
09
Circumvent, a cloud security platform, raised $6 million in seed funding from Paladin Capital Group.
10
Steryon, an industrial cybersecurity startup, secured approximately $1.07 million in seed funding, led by 4Founders Capital and Abac Nest Ventures.
