Global cyber threats continue to escalate. Chinese state-backed APT41 is abusing Google Calendar to deliver TOUGHPROGRESS malware, targeting government and industrial sectors worldwide. Meanwhile, the Interlock ransomware gang is using a new RAT, NodeSnake, to infiltrate university networks. Additionally, the Haozi phishing group is selling Plug-and-Play phishing-as-a-service kits on Telegram, making credential theft accessible to low-skilled attackers. Keep reading for more cybersecurity news from the last 24 hours.
01
Chinese state-sponsored group APT41 has been found exploiting Google Calendar using the TOUGHPROGRESS malware to target government entities and various industries globally.
02
The Interlock ransomware gang has deployed a new RAT named NodeSnake, which is delivered via phishing emails, targeting universities for persistent access to networks.
03
Dark Partners is stealing cryptocurrency on a large scale by deploying fake AI, VPN, and crypto tool websites that deliver Poseidon Stealer (macOS) and Lumma Stealer (Windows) to exfiltrate sensitive data.
04
Researchers have identified PumaBot, a Go-based Linux botnet targeting IoT devices, employing brute-force SSH attacks and persistence mechanisms.
05
A spear-phishing campaign is targeting CFOs and financial executives across industries, using social engineering to deploy the NetBird remote-access tool.
06
The Haozi phishing group has been found selling Plug-and-Play phishing-as-a-service (PhaaS) kits via Telegram, enabling amateur attackers to steal credentials with minimal technical skills.
07
Over 9,000 ASUS routers have been compromised by a botnet called AyySSHush, which exploits the CVE-2023-39780 command injection vulnerability to install a persistent SSH backdoor.
08
Dell Technologies has issued an urgent security update for PowerStore T systems to patch multiple vulnerabilities, including critical CVE-2025-36572, which allows low-privilege remote attackers to bypass authentication and access sensitive resources.
09
10
Limerston Capital, a U.K-based private equity investment firm, announced the acquisition of CyberCrowd, a cybersecurity services provider.
