Phishing remains a top attack vector, enabling threat actors to breach networks through deceptive emails and messages. Russia-linked InedibleOchotense used phishing and Signal messages to deliver trojanized ESET installers deploying the Kalambur backdoor on Ukrainian systems, while Cavalry Werewolf targeted Russian agencies with BackDoor.ShellNET.1 and Trojan.FileSpyNET.5 to steal data. CrowdStrike’s 2025 European Threat Landscape Report also flags a surge in ransomware across Europe—22% of global cases—targeting high-value sectors like manufacturing and technology within 24 hours. Continue reading for more cybersecurity news.
01
Russia-linked group InedibleOchotense targeted Ukrainian entities using phishing emails and Signal messages to deliver trojanized ESET installers that deployed both legitimate software and the Kalambur backdoor.
02
The Cavalry Werewolf group targeted Russian government agencies through phishing emails, delivering BackDoor.ShellNET.1 malware, using Bitsadmin to fetch additional payloads and deploying Trojan.FileSpyNET.5 to exfiltrate sensitive data.
03
The Chinese APT group Bronze Butler exploited a zero-day vulnerability (CVE-2025-61932) in the Japanese endpoint management tool Lanscope, which allowed attackers to gain system-level privileges and deploy backdoors, thereby compromising sensitive information.
04
Threat group MUT-4831 utilized 17 malicious npm packages, disguised as legitimate SDKs and tools, including Telegram bot helpers and React forks, to deliver downloader malware that executed the Vidar infostealer on Windows systems.
05
Cybercriminals use LeakyInjector, an evasive injector disguised as a Microsoft Edge update, to deploy LeakyStealer, which steals browser data and popular crypto wallets and extensions such as MetaMask and Coinbase Wallet.
06
A malicious Visual Studio extension, “suspicious VSX,” was found using GitHub as a C2 channel to exfiltrate encrypted files for extortion, running automatically upon installation with hardcoded server URLs, encryption keys, and AI-generated code.
07
A coordinated international operation led by Eurojust resulted in 18 arrests in a €300 million global credit card fraud scheme, involving fake online subscription services and affecting millions of users across 193 countries.
08
CrowdStrike’s 2025 European Threat Landscape Report reveals that Europe accounts for 22% of global ransomware victims, with attackers striking high-value sectors like manufacturing and technology in under 24 hours across the UK, Germany, France, Italy, and Spain.
09
Cisco patched a critical vulnerability (CVE-2025-20354) in UCCX software that allows unauthenticated attackers to execute commands as root. Another flaw in the CCX Editor application enables attackers to bypass authentication and execute scripts with admin privileges.
10
Israeli cybersecurity startup Daylight has raised $33 million in Series A funding, led by Craft Ventures with participation from Bain Capital Ventures and Maple VC.
