As the cyber frontlines of the Russia-Ukraine conflict intensify, threat actors are ramping up digital warfare, most notably, Russian APT28 hackers, who are targeting defense, transport, and IT sectors across 12 European nations and the U.S. to undermine support for Ukraine. Meanwhile, threat actor MUT-9332 is targeting Windows-based Solidity developers through malicious Visual Studio Code extensions. CrowdStrike’s 2025 Latin America Threat Landscape Report highlights a 15% increase in ransomware incidents and a sharp rise in nation-state activity. Keep reading for the cybersecurity news from the past 24 hours.
01
Russian APT28 hackers have been targeting defense, transport, and IT entities across 12 European countries and the U.S. using spear-phishing, credential theft, and software exploits to to disrupt Ukraine aid.
02
Threat actor MUT-9332 has been using fake VS Code extensions to target Solidity developers on Windows, deploying malware to steal credentials and gain persistent access.
03
Researchers discovered malicious npm packages by “xuxingfeng” targeting JavaScript frameworks like React, Vue.js, Vite, and Quill Editor, amassing over 6,200 downloads through a mix of harmful and legitimate uploads to evade detection.
04
A fake Cloudflare verification page is being used to deliver malware that spreads via WordPress themes and plugins by injecting malicious code into files like header.php.
05
The FBI and CISA are warning against threat actors deploying LummaC2 malware via phishing and fake CAPTCHA prompts to steal sensitive data from U.S. critical infrastructure sectors.
06
CrowdStrike’s 2025 Latin America Threat Landscape Report revealed a 15% rise in ransomware and growing nation-state cyber threats, making Latin America a key target for cybercriminals and espionage groups.
07
A critical vulnerability (CVE-2025-47949) in the Samlify authentication library allows attackers to impersonate admin users by injecting unsigned malicious assertions into signed SAML responses.
08
Google released Chrome version 137.0.7151.40/.41, addressing eight security vulnerabilities. The most critical is CVE-2025-5063, a high-severity use-after-free flaw in the Compositing component.
09
Three critical, unpatched vulnerabilities (CVE-2025-34027, CVE-2025-34026, and CVE-2025-34025) in Versa Concerto’s SD-WAN/SASE management platform can allow remote attackers to bypass authentication, access sensitive endpoints, and achieve RCE.
10
Netrio has announced the acquisition of Agio, a managed IT and cybersecurity provider focused on the financial services sector.
