Malware can now slide into your DMs. Russian state-backed group APT28 is using Signal chats to deliver stealthy new malware strains, BeardShell and SlimAgent, in targeted attacks on Ukrainian government entities. Meanwhile, researchers have uncovered the Echo Chamber Attack, a novel technique that manipulates LLMs' reasoning abilities to sidestep safety filters. In parallel, APT36 is targeting Indian defense personnel with a phishing campaign that uses emails containing malicious PDFs disguised as official government documents. Keep reading for more cybersecurity news.
01
Russian state-sponsored hacking group APT28 is targeting Ukrainian government entities using Signal chats to deploy two new malware families, BeardShell and SlimAgent.
02
Researchers identified the Echo Chamber Attack, which exploits LLMs’ inferential reasoning to bypass safety mechanisms without using explicit harmful prompts.
03
A Go-based malware named XDigo has been targeting Eastern European governmental entities by exploiting a Windows LNK file vulnerability (ZDI-CAN-25373) to execute malicious code.
04
Cybercriminals have been exploiting misconfigured Docker Remote APIs and using the Tor network to mine cryptocurrency, targeting technology, finance, and healthcare sectors.
05
A China-linked group, Salt Typhoon, is exploiting router vulnerabilities to spy on global telecom networks, as warned by the FBI and Canada’s Cyber Centre.
06
DHS has warned of cyberattacks on U.S. networks by hacktivist groups like Handala, Predatory Sparrow, and Team 313, involving DDoS attacks, OT exploits, and espionage tied to the Iran-Israel conflict.
07
APT36, also known as Transparent Tribe, has launched a phishing campaign targeting Indian defense personnel by sending emails with malicious PDF attachments masquerading as official government documents.
08
A critical vulnerability in WinRAR (CVE-2025-6218) enables remote code execution by exploiting directory traversal flaws in malicious archives.
09
A critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 allows attackers to gain full system control through a supply-chain attack.
10
A critical vulnerability (CVE-2025-49825) has been discovered in the Teleport platform that allows remote attackers to bypass SSH authentication and gain unauthorized access to managed systems.
