Phishing remains one of the most prevalent and effective tactics used by cybercriminals to trick users into downloading malware or revealing sensitive information. In one recent campaign, attackers are targeting Chinese-speaking users with fake installers for popular software like WPS Office and Sogou. In a separate incident, threat actors are exploiting Microsoft 365’s Direct Send feature—which allows devices to send emails without authentication—to deliver phishing emails that can evade standard security checks. Meanwhile, the FBI has issued a warning to the public about cybercriminals impersonating health care fraud investigators, using fraudulent emails and messages to trick victims into revealing sensitive personal information. Continue reading for more cybersecurity updates from the weekend.
01
Attackers are using fake installers for software like WPS Office and Sogou in a phishing campaign to deliver malware targeting Chinese speakers. The malware includes Sainbox RAT, a Gh0stRAT variant, and a Hidden rootkit.
02
A phishing campaign has been exploiting Microsoft 365’s Direct Send feature, which allows internal devices to send emails without authentication.
03
Cybercriminals have been exploiting CapCut's popularity by creating phishing emails mimicking CapCut branding to steal Apple ID credentials and financial information.
04
A stealthy malware campaign has been discovered targeting WordPress websites to deliver a Windows-based RAT through a PHP backdoor.
05
The Odyssey Stealer malware, a rebranded version of Poseidon Stealer, has been targeting macOS users using fake software updates (ClickFix tactics) to steal sensitive data.
06
The FBI has issued a warning to Americans about cybercriminals impersonating health fraud investigators to steal sensitive information via fraudulent emails and messages.
07
Three medium-to-high severity vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in Airoha Bluetooth chipsets affect 29 audio devices across major brands, enabling eavesdropping and data theft.
08
The Citrix Bleed 2 vulnerability (CVE-2025-5777) in NetScaler ADC and Gateway is reportedly being exploited in targeted attacks. This critical flaw allows unauthenticated attackers to perform out-of-bounds memory reads.
09
D-Link has reported six critical vulnerabilities in its DIR-816 wireless routers, which are no longer supported since reaching end-of-life status on November 10, 2023.
10
An Israeli cybersecurity startup, Bonfy.AI, secured $9.5 million in a seed funding round led by TLV Partners and Saban Capital Group.
