A new wave of targeted cyberattacks is raising concerns across key sectors in Asia. The Swan Vector APT group is actively targeting educational and mechanical engineering sectors in Taiwan and Japan. In other news, security researchers have uncovered a novel attack chain leveraging AutoIt scripting to bypass conventional detection techniques and deploy the DarkCloud Stealer through phishing emails. Meanwhile, European law enforcement, working with agencies across five regions, has taken down a €3 million ($3.4 million) investment fraud network that defrauded over 100 victims. Here’s what happened in the world of cybersecurity over the last 24 hours.
01
Swan Vector APT has been targeting the educational and mechanical engineering sectors in Taiwan and Japan using decoy resumes to deliver DLL implants.
02
Researchers have identified a new attack chain that uses AutoIt scripting to evade traditional detection methods and deploys the DarkCloud Stealer via phishing emails.
03
A phishing scam exploited Indiana state government accounts to send fraudulent toll collection messages via GovDelivery, targeting users with a fake TxTag portal.
04
A new .NET-based infostealer, Chihuahua Stealer, has been identified through a Reddit post involving an obfuscated PowerShell script linked to a Google Drive document.
05
Horabot, a phishing threat, has been discovered that uses malicious HTML files in emails to target Spanish-speaking users, stealing credentials and spreading within networks.
06
A malicious Python package called solana-token has been discovered, targeting Solana blockchain developers to steal source code and sensitive information.
07
European police, in collaboration with law enforcement agencies from five regions, have dismantled a $3.4m (€3m) investment fraud network affecting over 100 victims.
08
Microsoft has issued patches for 78 security flaws across its software, including five zero-day vulnerabilities, one being a critical CVSS 10 bug in Azure DevOps Server, along with fixes for issues in the Chromium-based Edge browser.
09
Fortinet patched a critical zero-day vulnerability, CVE-2025-32756, affecting FortiVoice and other products. The vulnerability allows RCE through malicious HTTP requests.
10
A critical security flaw in SAP NetWeaver, identified as CVE-2025-31324, is being exploited by China-linked APTs, impacting 581 systems worldwide. This vulnerability allows unauthenticated file uploads, leading to RCE.
