From the depths of the digital ocean to the tunnels of development, cyber threats are surfacing in new and alarming ways. High-profile organizations in Southeast Asia and South America are being targeted by the stealthy Squidoor backdoor. Meanwhile, a crafty campaign is exploiting Microsoft’s Dev Tunnels service to deploy Njrat malware, with two samples wielding different URLs but an identical Import Hash. A wave of attacks using the sophisticated Winos 4.0 framework is targeting Taiwan, delivered through phishing emails. Stay sharp and dive into the details below!
01
A new backdoor, named Squidoor, has been targeting high-profile organizations in Southeast Asia and South America since March 2023, with links to a suspected Chinese threat actor, CL-STA-0049.
02
A new campaign using Njrat has been exploiting Microsoft's Dev Tunnels service for C2 communication. The campaign identified two Njrat samples using different Dev Tunnel URLs but sharing the same Import Hash.
03
Ransomware actors have been exploiting a zero-day BYOVD flaw (CVE-2025-0289) in Paragon Partition Manager to achieve privilege escalation and execute malicious code.
04
Researchers from Truffle Security found nearly 12,000 valid secrets, including API keys and passwords, in the Common Crawl dataset, which is used for training various AI models.
05
The Space Pirates threat group has been targeting Russian IT organizations with a new malware called LuckyStrike Agent, along with other tools like Deed RAT and a customized version of Stowaway proxy utility.
06
FortiGuard Labs reported a new wave of cyberattacks targeting companies in Taiwan using the sophisticated Winos 4.0 malware framework. The malware is spread through phishing emails impersonating Taiwan’s National Taxation Bureau.
07
MediaTek has released its March 2025 Product Security Bulletin, which outlines 10 newly discovered security vulnerabilities in its chipsets. Three of these vulnerabilities are rated as high severity.
08
The Black Basta and Cactus ransomware groups have added the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines.
09
Arista Networks has issued a security advisory for two vulnerabilities, CVE-2025-1259 and CVE-2025-1260, in its Extensible Operating System (EOS) software.
10
In 2024, there was an 11% increase in global ransomware attacks, with a significant spike in Q4, and the number of active ransomware groups jumped 40% from the previous year.
