Phishing continues to be one of the most effective tactics in a cybercriminal’s arsenal, exploiting human trust to deliver malware and steal sensitive information. In a recent campaign, threat actors have been distributing the DBatLoader (ModiLoader) malware through phishing emails impersonating a Turkish bank, tricking users into opening malicious BAT file attachments. A newly discovered tool named Defendnot can disable Microsoft Defender by registering a fake antivirus via an undocumented Windows Security Center (WSC) API. Meanwhile, ESET’s latest APT report revealed that China-aligned groups accounted for 40% of observed attacks, Iran 9%, and Russia 26%, while North Korea was linked to major cryptocurrency heists. Continue reading for cybersecurity news from the last 24 hours.
01
The DBatLoader (ModiLoader) malware is being distributed via phishing emails impersonating a Turkish bank, prompting users to open malicious attachments containing BAT files.
02
A new tool named Defendnot has been found that can disable Microsoft Defender on Windows devices by registering a fake antivirus product, exploiting an undocumented Windows Security Center (WSC) API.
03
Threat actors have been distributing a trojanized KeePass password manager via fake websites and Bing ads, which installed Cobalt Strike beacons, stole credentials, and ultimately led to ransomware attacks on VMware ESXi servers.
04
RVTools, a VMware reporting tool, was briefly compromised in a supply chain attack to distribute a trojanized installer containing the Bumblebee malware loader.
05
ESET’s APT report (Q4 2024–Q1 2025) has highlighted that China-aligned groups led 40% of attacks, Iran 9%, Russia 26%, and North Korea conducted major crypto heists, including a $1.5B supply chain breach.
06
A newly discovered vulnerability (CVE-2025-4802) in the GNU C Library (glibc) affects the shared library loading mechanism of static setuid binaries, potentially allowing malicious code execution.
07
Thousands of WordPress websites are at risk due to a critical vulnerability (CVE-2025-4389) in the Crawlomatic Multisite Scraper Post Generator plugin. This vulnerability allows unauthenticated attackers to upload malicious files, leading to RCE.
08
Mozilla released emergency updates to fix two zero-day vulnerabilities (CVE-2025-4918 and CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin 2025.
09
AI-powered cyber threat intelligence startup CloudSEK nabbed $19 million in Series A2 and B1 rounds, backed by MassMutual Ventures, Inflexor Ventures, Prana Ventures, Tenacity Ventures, Commvault, and existing investors.
10
BreachRx, an incident response platform, banked $15 million in a Series A funding round led by Ballistic Ventures.
