Cybercriminal activity is escalating across multiple fronts, with the global “TamperedChef” malvertising operation distributing fake software installers that deliver JavaScript-based remote access malware. At the same time, Iran-linked groups such as APT Imperial Kitten and APT MuddyWater are advancing the practice of “cyber-enabled kinetic targeting,” using cyber reconnaissance to support and refine real-world military strikes. Adding to the threat landscape, researchers have uncovered the Sturnus Android malware, a versatile and highly invasive tool capable of stealing data from secure messaging apps, including Signal, WhatsApp, and Telegram. Continue reading for more cybersecurity updates.
01
In a sophisticated global malvertising effort known as TamperedChef, cybercriminals are exploiting fake software installers to deploy JavaScript malware that provides remote access to compromised systems.
02
Iran-linked threat actors are increasingly using the trend of “cyber-enabled kinetic targeting,” with groups like APT Imperial Kitten and APT MuddyWater conducting cyber reconnaissance to directly support and enhance the precision of physical military attacks.
03
A new cyber campaign is targeting Brazilian users through a WhatsApp worm that distributes the Delphi-based banking trojan, Eternidade Stealer, to hijack WhatsApp accounts and send malicious attachments to victims’ contacts.
04
The newly discovered “Autumn Dragon” cyber-espionage campaign, linked to a China-aligned APT, is stealthily targeting government and media sectors in Southeast Asia using spearphishing emails, DLL sideloading, and multi-stage malware.
05
Multi-threat Android malware Sturnus has been found stealing data from secure messaging apps like Signal, WhatsApp, and Telegram, as well as taking full control of Android devices.
06
PlushDaemon, a China-aligned cyber threat actor, has been using a new Go-based backdoor called EdgeStepper to conduct adversary-in-the-middle (AitM) attacks by hijacking DNS queries.
07
ShinySp1d3r, a new RaaS platform from ShinyHunters and Scattered Spider, is enabling independent ransomware attacks using a custom ChaCha20-based encryptor that can kill processes, overwrite free space, and spread across local networks.
08
A global espionage campaign, Operation WrtHug, has compromised thousands of ASUS routers worldwide using known vulnerabilities. Attackers exploited six specific vulnerabilities, including CVE-2023-39780 and CVE-2025-2492, to target ASUS AiCloud services and gain high-level privileges on devices.
09
Hackers are actively exploiting a newly disclosed vulnerability in 7-Zip, identified as CVE-2025-11001, which allows remote code execution through symbolic links in ZIP files.
10
A critical vulnerability in the W3 Total Cache (W3TC) WordPress plugin, tracked as CVE-2025-9501, allows unauthenticated attackers to execute PHP commands on servers by posting malicious comments.
