A recent wave of threats highlights evolving attacker tactics: a Formbook campaign is distributing phishing emails with ZIP attachments containing obfuscated VBS scripts to trigger infections, while operators of the Contagious Interview campaign have shifted to using JSON storage services such as JSON Keeper and JSONsilo to host malware embedded in trojanized code projects posed as interview assignments. At the same time, researchers have uncovered a highly sophisticated phishing framework targeting Italy’s digital infrastructure. Read on for more.
01
A Formbook malware campaign has been using phishing emails with ZIP file attachments containing obfuscated VBS scripts to initiate infections.
02
Threat actors behind the Contagious Interview campaign are now using JSON storage services like JSON Keeper and JSONsilo to host and deliver malware hidden in trojanized code projects, disguised as demo or use-case assignments for interviews.
03
The SmartApeSG campaign uses fake CAPTCHA pages called ClickFix to distribute malicious NetSupport RAT malware.
04
Malware Lumma Stealer has seen a resurgence in activity following a decline caused by the exposure of its core members. The malware now incorporates advanced browser fingerprinting tactics alongside its traditional C2 protocols.
05
Kraken ransomware, a sophisticated cross-platform malware, has expanded its attacks to Windows, Linux, and VMware ESXi systems, employing advanced encryption techniques and exploiting vulnerabilities like SMB.
06
Researchers uncovered a sophisticated phishing framework targeting Italy's digital infrastructure, mimicking trusted brands like Aruba S.p.A. with precision.
07
The FBI identified Akira ransomware as one of the top five variants targeting U.S. businesses, with $244 million in proceeds as of late September.
08
Palo Alto Networks has disclosed a medium-severity vulnerability (CVE-2025-4619) in its PAN-OS software, which allows attackers to force firewalls into unexpected reboots using specially crafted network packets.
09
A critical zero-day vulnerability in Fortinet FortiWeb has been actively exploited, granting attackers full administrator access without authentication. The flaw impacts version 8.0.1 of FortiWeb, a Web Application Firewall, while version 8.0.2 appears to mitigate the issue.
10
A critical SQL injection vulnerability, CVE-2025-8324, has been discovered in Zoho Analytics Plus on-premise builds below 6170, allowing unauthenticated attackers to execute arbitrary SQL queries.
