Unleashing cyber chaos from its very inception, the new VanHelsing ransomware-as-a-service (RaaS) has roared onto the cybercrime scene with its affiliate program and cross-platform encryptor variants. Meanwhile, the Medusa RaaS crew slithered into the spotlight, as experts its new tool, a malicious driver dubbed ABYSSWORKER, designed to cripple anti-malware defenses in a Bring Your Own Vulnerable Driver (BYOVD) attack. Not to be outdone, a stealthy threat actor named UAT-5918 has been snooping on Taiwan’s critical infrastructure since 2023, intent on pilfering information and harvesting credentials. Read on for more highlights from the past 24 hours.
01
Researchers uncovered VanHelsing, a rapidly growing ransomware-as-a-service (RaaS) with an affiliate program, launched on March 7 and targeting systems running on Windows, Linux, BSD, ARM, and ESXi.
02
The Medusa RaaS operation has been found using a malicious driver, ABYSSWORKER, to disable anti-malware tools in a BYOVD attack.
03
Cybercriminals are misusing Microsoft's Trusted Signing platform to sign malware with short-lived, three-day certificates, allowing them to potentially bypass security filters and appear as legitimate software.
04
A new threat actor named UAT-5918 has been targeting critical infrastructure entities in Taiwan since 2023, with the goal of establishing long-term access for information theft and credential harvesting.
05
The FBI issued a warning about a rise in scams involving free online document converters, which are being used to load malware onto victims' computers.
06
The Albabat ransomware, also known as White Bat, has evolved to target not only Windows systems but also Linux and macOS platforms, with recent versions capable of harvesting information from these systems.
07
A critical security vulnerability (CVE-2025-29927) has been discovered in the Next.js React framework, which could potentially allow attackers to bypass authorization checks and access sensitive web pages.
08
A malware campaign is using fake Cloudflare verification prompts to trick users into running malicious PowerShell commands, leading to the installation of LummaStealer, with compromised WordPress websites being used as launchpads for these attacks.
09
A high-severity, unauthenticated local file inclusion vulnerability has been identified in the WP Ghost WordPress plugin, which could potentially allow attackers to conduct RCE on affected systems.
10
A new malware strain called SvcStealer, primarily spread through spear phishing attacks, has emerged as a significant threat, targeting sensitive data from compromised systems.
