Cybercriminal and state-backed operations continue to make headlines. A new phishing campaign in Central and Eastern Europe is distributing the Rhadamanthys stealer through deceptive copyright infringement emails. In other news, Russian threat group TAG-110 is stepping up cyber-espionage in Tajikistan, targeting public and research sectors with malware-laden phishing attacks. Meanwhile, an AI-driven social engineering campaign on TikTok is spreading Vidar and StealC malware by using deepfake-style videos. Read further for more cybersecurity updates.
01
A phishing campaign targeting central and eastern Europe has been found using copyright infringement lures to distribute Rhadamanthys stealer.
02
Russian state-sponsored TAG-110 is conducting cyber-espionage in Central Asia, especially Tajikistan, using phishing and malware to infiltrate government, academic, and research institutions.
03
Sophisticated formjacking malware has been discovered targeting WooCommerce checkout pages on WordPress sites. The malware injects fake payment forms to steal sensitive customer data, including credit card details.
04
Hackers are using fake Ledger apps to target macOS users, aiming to steal seed phrases that secure access to cryptocurrency wallets. The malware impersonates the legitimate Ledger app and tricks users into entering their seed phrases on phishing pages.
05
A TikTok-based social engineering campaign uses AI-generated videos to distribute Vidar and StealC malware, instructing users to execute PowerShell commands disguised as software activation steps.
06
Europol dismantled multiple initial access malware strains, including Bumblebee, QakBot, and TrickBot, seizing 300 servers, 650 domains, and approximately $3.8 million in crypto used to launch ransomware attacks.
07
The U.S. and global law enforcement agencies dismantled the DanaBot malware network, responsible for infecting over 300,000 systems worldwide and causing at least $50 million in damages.
08
A Chinese-speaking threat actor, UAT-6382, is actively exploiting a zero-day vulnerability (CVE-2025-0994) in Cityworks software to deploy malware in targeted attacks.
09
GitLab Duo has been found vulnerable to remote prompt injection, leading to private source code theft and manipulation of AI-generated outputs.
10
A critical vulnerability (CVE-2025-4978) has been identified in the NETGEAR DGND3700v2 router, allowing unauthenticated remote attackers to bypass login credentials.
