Cyber espionage continues to evolve as threat actors deploy increasingly sophisticated tools—like the Confucius APT group's newly uncovered modular backdoor, Anondoor—to infiltrate systems, evade detection, and deliver tailored payloads for prolonged surveillance. Another campaign, dubbed LapDogs, is targeting Linux-based SOHO devices across regions like the U.S., Japan, South Korea, Taiwan, and Hong Kong. Meanwhile, attackers infiltrated CoinTelegraph’s front-end infrastructure, embedding malicious JavaScript to launch fake airdrop pop-ups. Read further for more cybersecurity updates from the weekend.
01
The Confucius APT group has unveiled Anondoor, a modular backdoor designed to enhance cyber-espionage by delivering customized payloads while evading traditional sandbox detection.
02
Researchers have identified a backdoor campaign named LapDogs, which targets Linux-based SOHO devices, particularly in the U.S., Japan, South Korea, Taiwan, and Hong Kong.
03
A new malware campaign tracked as EvilConwi is actively abusing ConnectWise’s ScreenConnect software to distribute signed malware.
04
Mocha Manakin, a newly discovered threat, has been using the "paste and run" technique to deliver a custom NodeJS backdoor, NodeInitRAT, allowing attackers to maintain persistence, conduct reconnaissance, and deploy further payloads.
05
Scammers used a wallet-draining toolkit called Inferno Drainer to steal $43,000 in cryptocurrency from 110 CoinMarketCap users via a fake wallet verification prompt embedded on the site.
06
Attackers compromised CoinTelegraph’s front-end infrastructure and injected malicious JavaScript to display fake airdrop pop-ups, tricking users into connecting their crypto wallets and subsequently draining their funds.
07
Citrix has patched a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway, which could allow attackers to steal valid session tokens via malformed requests.
08
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2025-4322) in the WordPress Motors theme to hijack administrator accounts and gain full control of websites.
09
Cybercriminals are allegedly selling a zero-day exploit targeting Intelbras routers on dark web forums, which could enable remote access or full control of affected devices.
10
Viatel, an Irish telecoms and IT company, has acquired UK-based security solutions and consultancy services provider Cybit Cyber for an undisclosed amount.
