Phishing continues to be a dominant cyber threat, with attackers constantly refining their tactics to exploit human trust—most recently seen in a campaign by the Kimsuky threat group, which disguised emails as research paper review requests to trick recipients into opening malicious HWP files. As part of the evolving threat landscape, researchers have also uncovered two new variants of the KimJongRAT malware—one using PE files and the other leveraging PowerShell scripts. In a separate incident, a deceptive mobile app named RapiPlata was found stealing user data and using blackmail tactics, affecting over 150,000 users before being removed from official app stores. Read further for more cybersecurity updates from the past 24 hours.
01
The Kimsuky group conducted phishing attacks by disguising emails as research paper review requests, prompting recipients to open malicious HWP files containing password-protected OLE objects.
02
Two new KimJongRAT malware variants have been discovered—one using PE files and the other PowerShell scripts—that are delivered via malicious Windows shortcut (LNK) files.
03
Researchers uncovered a phishing campaign using ClickFix droppers that deliver DeerStealer malware capable of hijacking credentials, crypto wallets, and devices via stealthy DLL sideloading and HijackLoader.
04
APT group Team46 (TaxOff) is exploiting a Chrome zero-day vulnerability (CVE-2025-2783) to launch phishing campaigns against Russian organizations, enabling sandbox escapes and malware installation without user interaction.
05
The Scattered Spider threat group is targeting U.S. insurance companies with ransomware, as Google warns of fake help-desk scams and urges stronger authentication.
06
A fake loan app, RapiPlata, on iOS and Android was found stealing user data and using blackmail tactics, affecting over 150,000 users before being removed.
07
Multiple flaws in Apache Tomcat—CVE?2025?48976 (DoS), CVE?2025?48988 (auth bypass), CVE?2025?49124 (security constraint bypass), and CVE?2025?49125 (privilege escalation)—affecting versions 9.x to 11.x have been patched.
08
A critical flaw CVE-2025-3248 has been identified in Langflow versions before 1.3.0, which is being actively exploited to deploy the Flodrix botnet for DDoS attacks, data theft, and system compromise.
09
TDI, a company focused on Cybersecurity Performance Management (CPM), announced its acquisition of Gray Tier Technologies, a Virginia-based cybersecurity firm.
10
A cybersecurity and IT managed services provider, TechMD has been acquired by Integris, another IT managed services provider.
