Threat actors continue to experiment with new delivery techniques and social engineering lures to distribute malware and gain persistent access to systems. In one campaign, North Korea-linked actors have been exploiting the VS Code Auto Run feature to spread the StoatWaffle malware. Meanwhile, the Silver Fox campaign is using fake tax audit notifications as phishing bait to trick victims into downloading malware disguised as official documents. In another operation, the SilentConnect campaign has been deploying ScreenConnect remote access malware through stealthy delivery methods. Continue reading for more news.
01
North Korea-linked threat actors are abusing VS Code Auto Run features to distribute the StoatWaffle malware, enabling code execution and system compromise through malicious development environments.
02
The Silver Fox campaign uses fake tax audit notices as phishing lures to deliver malware, tricking victims into downloading malicious attachments disguised as official tax documents.
03
Researchers uncovered a large-scale AI-powered phishing campaign targeting railway organizations, compromising hundreds of organizations through highly automated and convincing phishing emails.
04
A new ransomware leak site has been linked to emerging ransomware operators, indicating expanding double-extortion operations and data leak marketplaces.
05
The SilentConnect campaign is delivering ScreenConnect remote access malware through stealthy delivery mechanisms to gain persistent remote access to victim systems.
06
The AsyncRAT malware has been used in cyberattacks targeting Libya’s oil sector, enabling remote access, surveillance, and data theft from compromised systems.
07
The FBI warned that Iran-linked threat actors are distributing malware through Telegram, targeting victims with malicious files and links to conduct cyber espionage and surveillance operations.
08
Researchers discovered a software supply chain attack where malicious files were bundled with legitimate downloads, allowing attackers to distribute malware through trusted software installers.
09
Trivy Docker images were compromised, potentially exposing developers and organizations to supply chain attacks through infected container images.
10
A critical vulnerability tracked as CVE-2025-32975 could allow attackers to execute remote code or escalate privileges on vulnerable systems if exploited.
