The threat landscape is witnessing a rapid diversification of delivery methods, ranging from regional espionage to viral social media lures and search engine exploitation. In South Asia, the threat actor SloppyLemming has escalated its operations against government and critical infrastructure in Pakistan and Bangladesh, utilizing dual malware chains. Simultaneously, the newly emerged AuraStealer is aggressively scaling its reach through 48 C2 domains, leveraging platforms like TikTok and cracked software sites to harvest credentials from over 100 different applications. Furthermore, a large-scale malvertising campaign is currently weaponizing fake Google Ads to redirect macOS users toward malicious text-sharing sites. Keep reading for more.
01
The SloppyLemming threat actor targeted government entities and critical infrastructure in Pakistan and Bangladesh using dual malware chains, BurrowShell and a Rust-based keylogger.
02
AuraStealer is a newly emerged infostealer actively targeting users through 48 C2 domains, primarily utilizing platforms like TikTok and cracked software sites for distribution.
03
North Korean hacking group APT37, also known as ScarCruft, has launched a new malware campaign named "Ruby Jumper," targeting air-gapped networks with five malicious tools.
04
Google has confirmed a critical vulnerability, identified as CVE-2026-21385, affecting an open-source Qualcomm component used in Android devices. This high-severity flaw involves a buffer over-read in the Graphics component.
05
A large-scale malvertising campaign targets macOS users by utilizing fake Google Ads that redirect to malicious text-sharing sites, delivering the AMOS malext infostealer.
06
APT28, a Russian state-sponsored group, exploited CVE-2026-21513, a critical MSHTML Framework vulnerability, as a zero-day. Attackers used malicious HTML or LNK files that manipulated browser and Windows Shell handling.
07
North Korean hackers, under the campaign "Contagious Interview," published 26 malicious npm packages disguised as developer tools to deploy credential stealers and RATs.
08
A recently discovered vulnerability in Google Chrome, tracked as CVE-2026-0628, has raised significant security concerns due to its potential for privilege escalation. This flaw has a CVSS score of 8.8.
09
The UK government reduced critical vulnerabilities by 75% and shortened cyberattack fix times by 87% using a new vulnerability monitoring service.
10
Ransomware payments fell 8% year-on-year in 2025, totaling $820m, despite a 50% increase in victims. Median ransom payments rose by 368%, reaching $59,556, as attackers use more targeted and aggressive tactics.
