Go to listing page

Daily Cybersecurity Roundup, June 26, 2025

Recent threat activity highlights a surge in targeted cyberattacks across sectors. The OneClik APT campaign is phishing energy, oil, and gas companies using Microsoft ClickOnce to deploy a .NET loader and drop the Golang-based RunnerBeacon backdoor. Meanwhile, Iranian state-sponsored group APT42 is conducting spear-phishing attacks on Israeli cybersecurity and computer science professionals. Additionally, ESET reports a 500% spike in the ClickFix attack vector in H1 2025 over H2 2024, now ranking as the second most prevalent threat after phishing. Keep reading for more cybersecurity news.

01

The OneClik APT  campaign targets the energy, oil, and gas sectors via phishing using Microsoft ClickOnce, deploying a .NET loader (OneClikNet) to install the Golang backdoor RunnerBeacon.

02

An Iranian state-backed hacking group, APT42 (Charming Kitten, Manticore), is targeting Israeli cybersecurity and computer science experts using spear-phishing tactics.

03

Blind Eagle (APT-C-36) has been targeting Latin American organizations, particularly in Colombia, employing phishing tactics and RATs to infiltrate networks, exfiltrate data, and execute malicious payloads.

04

Researchers discovered a malicious Python package named "psslib," which was found typosquatting the legitimate "passlib" library.

05

The Dire Wolf ransomware group has been targeting manufacturing and technology sectors globally using double extortion tactics, encrypting files and threatening to leak sensitive data.

06

Skynet, a proof-of-concept malware, has been leveraging prompt injection to target AI models, though its primitive execution and sandbox evasion failed against tested LLMs.

07

According to ESET Threat Report, the ClickFix attack vector surged by 500% in H1 2025 compared to H2 2024, becoming the second most common threat after phishing.

08

CISA alerted about severe vulnerabilities in ControlID iDSecure software, including Improper Authentication (CVE-2025-49851), Server-Side Request Forgery (CVE-2025-49852), and SQL Injection (CVE-2025-49853).

09

Citrix has issued a warning about a critical vulnerability in NetScaler appliances, tracked as CVE-2025-6543, which is being actively exploited in DoS attacks.

10

The CISA added three actively exploited vulnerabilities to its KEV catalog, affecting AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS.

Get the Daily Cybersecurity Roundup delivered to your email!