Even when you think the RATs are gone, they somehow find their way back. The notorious DarkComet RAT, long discontinued by its creator, has resurfaced through a new malware campaign that hides behind fake Bitcoin tools to infect unsuspecting users. Adding to the growing list of stealthy threats, researchers have also uncovered a sophisticated operation abusing legitimate RMM tools like LogMeIn Resolve and PDQ Connect to deploy backdoor malware. Meanwhile, Android-based digital picture frames running the Uhale app have been found vulnerable to attacks that download and execute malicious payloads at startup, linking them to the Vo1d botnet and Mzmess malware families. Continue reading for more news.
01
A newly discovered malware campaign is leveraging fake Bitcoin tools to distribute the DarkComet RAT, which continues to pose a significant threat despite being discontinued by its creator.
02
Cybersecurity researchers have uncovered a sophisticated attack campaign utilizing legitimate RMM tools, specifically LogMeIn Resolve and PDQ Connect, to deploy backdoor malware on unsuspecting systems.
03
Researchers uncovered a ClickFix campaign targeting Windows and macOS users seeking pirated software, using malicious Google Colab and Drive pages to deliver malware and evade security filters.
04
Popular Android-based digital picture frames running the Uhale app have been found to contain critical security vulnerabilities. These devices download and execute malware during boot, with links to the Vo1d botnet and Mzmess malware families.
05
A malicious npm package "@acitons/artifact" has been targeting GitHub repositories via typosquatting on the legitimate "@actions/artifact" package.
06
DanaBot has resurfaced after a six-month hiatus, with a new variant (version 669) using Tor-based C2 infrastructure and backconnect nodes following its earlier disruption by Operation Endgame.
07
A large-scale spam campaign has inundated the npm registry with over 67,000 fake packages dubbed "IndonesianFoods." This financially motivated effort aims to clutter the registry rather than engage in data theft.
08
Hackers exploited critical vulnerabilities known as Citrix Bleed 2 (CVE-2025-5777) in Citrix NetScaler ADC and CVE-2025-20337 in Cisco Identity Service Engine (ISE) as zero-day attacks to deploy custom malware.
09
CISA has identified a critical vulnerability in WatchGuard Fireware OS, designated CVE-2025-9242, which allows remote unauthenticated attackers to execute arbitrary code.
10
Kibana has a vulnerability (CVE-2025-37734) in its Observability AI Assistant that can enable SSRF attacks, allowing attackers to exploit forged HTTP headers.
