Recent research has brought to light a concerning new malware campaign. Security researchers have uncovered a stealthy backdoor malware distributed with a Monero cryptominer, using the PyBitmessage library for encrypted P2P communication to evade detection. Meanwhile, a threat actor known as Hazy Hawk has been exploiting DNS misconfigurations to hijack abandoned cloud assets from major targets. In a separate campaign, over 100 malicious Chrome extensions masquerading as legitimate tools have been exposed, designed to steal credentials, hijack sessions, and inject unwanted ads. Continue reading for the cybersecurity updates from the past 24 hours.
01
Researchers detected a new backdoor malware bundled with a Monero coinminer that leverages the PyBitmessage library for encrypted P2P communication to evade detection.
02
A threat actor named Hazy Hawk has been exploiting DNS misconfigurations to hijack abandoned cloud resources from high-profile organizations, including federal agencies, universities, healthcare entities, and corporations.
03
The SideWinder APT has been targeting high-level government institutions in Sri Lanka, Bangladesh, and Pakistan using spear-phishing emails and exploiting vulnerabilities CVE-2017-0199 and CVE-2017-11882 in Microsoft Office.
04
Threat actors are exploiting the popularity of generative AI platforms like Kling AI by deploying fake Facebook ads and spoofed websites to distribute malware disguised as AI-generated media files, installing RATs on victims' systems.
05
Over 100 fake Chrome extensions have been identified, stealing credentials, hijacking sessions, and injecting ads while appearing as legitimate tools.
06
A severe RCE vulnerability, CVE-2025-30911, has been discovered in the RomethemeKit For Elementor WordPress plugin, affecting over 30,000 installations.
07
Two high-severity vulnerabilities (CVE-2025-47944 and CVE-2025-47935) in Multer middleware can cause DoS and memory leaks in millions of Node[.]js applications.
08
A critical vulnerability (CVE-2025-47934) in the OpenPGP.js library has been discovered and patched. This flaw allows attackers to spoof message signature verification, potentially misleading systems into accepting unsigned or altered content as legitimate.
09
Ekco, a Dublin-based cybersecurity provider, has acquired Predatech, a Manchester-headquartered cybersecurity consultancy.
10
Cyera, an Israeli cybersecurity startup, has secured $500 million in its latest funding round with support from Lightspeed Venture Partners, Greenoaks, and Georgian.
