It lurks in clicks, hides in downloads, and crashes your day — malware’s the prankster of the cyber world. One of its latest tricks? DOUBLELOADER, a newly discovered malware strain that uses the ALCATRAZ obfuscator and teams up with the RHADAMANTHYS infostealer to swipe sensitive data. Meanwhile, a separate malware campaign is deploying fake installers disguised as popular software tools to spread the Winos 4.0 malware framework. The FBI has issued a warning to U.S. law firms about the Silent Ransom Group (SRG), which is exploiting phishing emails and fraudulent IT support calls to steal sensitive information and extort ransom payments. Continue reading for more cybersecurity updates from the weekend.
01
Researchers have identified a new malware family called DOUBLELOADER, which uses the ALCATRAZ obfuscator for evasion and pairs with the RHADAMANTHYS infostealer.
02
A malware campaign has been uncovered that uses fake software installers mimicking popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 malware framework.
03
Fake Zenmap and WinMRT websites are targeting IT staff with malware through SEO poisoning campaigns. These sites distribute trojanized installers for popular tools like Zenmap and WinMTR, which deliver the Bumblebee malware loader.
04
China-linked TA-ShadowCricket has been associated with Shadow Force, targeting poorly managed Windows and MS-SQL servers in the APAC region using IRC bots and backdoors named Melody, Syrinx, and WinEggDrop.
05
Threat actor ViciousTrap has compromised over 5,500 edge devices, transforming them into honeypots to lure and monitor other malicious actors.
06
Over 40 malicious browser extensions have been involved in phishing campaigns. These extensions impersonate trusted brands and tools, use AI-generated pages to steal user data, or infiltrate corporate environments.
07
The FBI has warned U.S. law firms about the Silent Ransom Group (SRG), also known as Luna Moth or Chatty Spider, which uses phishing emails and fake IT calls to steal sensitive legal data and demand ransom.
08
D-Link routers DIR-605L and DIR-816L have been discovered with a vulnerability (CVE-2025-46176) caused by hardcoded Telnet credentials, which can lead to command execution and router configuration changes.
09
Tenable has released version 6.5.1 of its Network Monitor to address multiple high-severity vulnerabilities in its codebase and third-party libraries, including OpenSSL, expat, curl, libpcap, and libxml2. Two critical local privilege escalation vulnerabilities (CVE-2025-24916 and CVE-2025-24917) have been resolved.
10
A critical XSS vulnerability (CVE-2024-27443) was discovered in Zimbra Collaboration Suite’s CalendarInvite feature, allowing attackers to steal user data or take control of accounts.
