CAPTCHAs are meant to prove you're not a robot, but this one proves you're not safe, as researchers uncovered EDDIESTEALER, a Rust-based infostealer delivered through fake CAPTCHA pages that trick users into running a malicious PowerShell script. Meanwhile, China-linked APT actor Earth Lamia is targeting organizations in Brazil, India, and Southeast Asia by using custom tools like PULSEPACK and BypassBoss. In other news, attackers are deploying ransomware and malware by posing as AI installers, using spoofed websites, SEO manipulation, and social media lures. Let’s dive into the latest cybersecurity stories making headlines today.
01
Researchers have discovered EDDIESTEALER, a new Rust-based infostealer malware being used in fake CAPTCHA campaigns to deceive users into executing a malicious PowerShell script.
02
Earth Lamia, a China-linked APT actor, has been actively targeting multiple industries in Brazil, India, and Southeast Asia, exploiting vulnerabilities in web applications and developing tools, such as PULSEPACK and BypassBoss.
03
Attackers are exploiting Google Apps Script to host phishing pages disguised as invoice emails, leveraging Google’s trusted domain to steal user credentials.
04
A threat actor known as "cappership" executed a sophisticated supply chain attack on PyPI by monkey-patching Solana key-generation methods within the malicious package “semantic-types” and its five dependencies.
05
Cybercriminals are distributing ransomware, such as CyberLock and Lucky_Gh0$t, as well as a new malware called Numero, by disguising them as legitimate AI installers through fake websites, SEO tactics, and social media.
06
A flaw in Microsoft's OneDrive File Picker allows web apps like ChatGPT, Slack, Trello, and ClickUp to access users’ entire OneDrive content instead of specific files selected by users.
07
A vulnerability (CVE-2025-20188) in Cisco IOS XE Wireless Controller Software has been discovered that allows unauthenticated arbitrary file uploads due to hard-coded JSON Web Tokens (JWTs).
08
A low-severity vulnerability (CVE-2025-48068) in Next.js dev server that allows attackers to exploit the development server using Cross-site WebSocket Hijacking (CSWSH) has been addressed.
09
American cybersecurity company Tenable has announced the acquisition of Apex Security, an Israeli AI security startup, for over $105 million.
10
Unbound, a cybersecurity startup, has secured $4 million in a seed funding round led by Race Capital, with participation from other investors.
