Go to listing page

Daily Cybersecurity Roundup, May 09, 2025

Cybercriminals have started using HR software, and it’s not for employee engagement. Ransomware groups are now misusing legitimate employee monitoring software like Kickidler, secretly installing it through fake RVTools download links in malicious Google Ads. In another campaign, a phishing kit known as Oriental Gudgeon is being used to impersonate trusted Japanese financial institutions, compromising login credentials from users across more than 40 companies. Simultaneously, cryptocurrency users are being lured through fraudulent Facebook ads that deliver malware under the guise of investment opportunities. Scroll down for your daily dose of the latest cybersecurity updates.

01

Ransomware groups like Qilin and Hunters International are using the legitimate Kickidler monitoring software, installed through fake RVTools links in malicious Google Ads, to spy on victims, steal credentials, and carry out attacks with the SMOKEDHAM PowerShell backdoor.

02

The Oriental Gudgeon phishing kit has been impersonating Japanese financial institutions to steal user credentials. Over 40 Japanese companies, including AEON, Mitsubishi UFJ Bank, and Rakuten, have been targeted.

03

The widely used npm package rand-user-agent was found to be compromised in a supply chain attack, where attackers injected a hidden RAT into specific versions to access infected systems, steal files, run commands, and spy on users.

04

FBI has been warning against threat actors exploiting end-of-life routers, which no longer receive security updates, to install malware and convert them into proxies for cybercrime networks like 5Socks and Anyproxy.

05

Chinese threat group dubbed Chaya_004 is actively exploiting a recently disclosed vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer. This vulnerability allows RCE via malicious web shell uploads.

06

A large-scale cryptocurrency phishing operation, FreeDrain, has been using SEO manipulation and free-tier web services to create over 38,000 subdomains, redirecting victims to fake wallet interfaces to steal their seed phrases.

07

A critical vulnerability has been discovered in the AZNFS-mount utility, preinstalled on Azure HPC/AI images, which allowed unprivileged Linux users to escalate privileges to root.

08

Fake cryptocurrency exchange ads of Binance and TradingView on Facebook are being used to distribute malware, targeting cryptocurrency enthusiasts.

09

CPX Holding has acquired UAE-based cyber AI startup spiderSilk, integrating its Resonance platform and advanced AI-powered technologies.

10

Efex, an IT managed services provider, has acquired Datcom, a mid-market cybersecurity service provider in Australia, as part of its strategic expansion in managed IT services.

Get the Daily Cybersecurity Roundup delivered to your email!