Iranian hackers are on a roll, with UNC1549 deploying advanced malware families like TWOSTROKE and DEEPROOT to penetrate aerospace, aviation, and defense networks across the Middle East. At the same time, IRGC-IO–linked operators are pushing their SpearSpecter campaign, weaponizing tailored social-engineering tactics and the TAMECAT PowerShell backdoor. In a separate incident, Lynx ransomware actors carried out a highly coordinated intrusion by abusing stolen RDP credentials to enter a Windows server. Keep reading further.
01
Iranian hackers, identified as UNC1549, have been deploying advanced malware like TWOSTROKE and DEEPROOT to target aerospace, aviation, and defense industries in the Middle East.
02
Iranian threat actors linked to IRGC-IO are conducting the SpearSpecter campaign targeting high-value officials and deploying the PowerShell-based TAMECAT backdoor for credential harvesting, data exfiltration, and remote control.
03
Researchers have uncovered a new malware campaign known as EVALUSION, which utilizes the ClickFix social engineering tactic to distribute Amatera Stealer and NetSupport RAT.
04
A threat actor known as "dino_reborn" has published seven malicious npm packages that utilize Adspect cloaking to deceive victims into visiting crypto scam sites.
05
Lynx ransomware attackers executed a sophisticated intrusion by exploiting compromised RDP credentials. They gained access to a Windows server, escalated privileges, and created impersonation accounts.
06
A new phishing/reverse phishing campaign exploits Microsoft Entra tenant invitations to trick recipients into calling a phone number by referencing a fake bill.
07
70M+ installations of the mPDF PHP library are at risk due to a logic flaw that exposes internal networks to potential SSRF attacks. The vulnerability arises from improper handling of CSS @import rules.
08
Google has released security updates for its Chrome browser to address two significant vulnerabilities, including the actively exploited zero-day flaw CVE-2025-13223. This vulnerability could allow remote attackers to execute arbitrary code or cause program crashes through specially crafted HTML pages.
09
A critical security vulnerability (CVE-2025-9501) has been discovered in the W3 Total Cache WordPress plugin, affecting over 1 million websites. This flaw, present in versions prior to 2.8.13, allows attackers to execute arbitrary PHP code without authentication.
10
A critical vulnerability (CVE-2025-64446) in Fortinet's FortiWeb Web Application Firewall (WAF) has been actively exploited. The flaw allows unauthenticated attackers to execute administrative commands remotely via crafted HTTP/HTTPS requests.
