As cyberespionage gains momentum across the globe, APT24’s persistent use of BADAUDIO showcases the lengths threat actors will go to maintain covert access. Over the past three years, APT24 has run an extensive cyber-espionage operation leveraging BADAUDIO malware to maintain long-term access within targeted networks. In parallel, UNC2891 orchestrated a prolonged ATM fraud scheme against two Indonesian banks, using Raspberry Pi devices and CAKETAP malware. Meanwhile, Hornetsecurity’s latest Cybersecurity Report highlights a sharp rise in email-borne threats, with malware-infused emails increasing by 131% year-over-year, alongside notable jumps in email scams (34.7%) and phishing attacks (21%). Keep reading for more cybersecurity news.
01
APT24, a PRC-nexus threat actor, has been conducting a three-year-long cyber-espionage campaign using BADAUDIO malware to establish persistent access to victim networks.
02
UNC2891 threat group carried out a multi-year ATM fraud campaign against two Indonesian banks using Raspberry Pi devices and CAKETAP malware to bypass PIN verification, and manipulating security protocols to successfully use cloned cards.
03
Operation DreamJob, a North Korean cyberespionage campaign, has targeted manufacturing organizations via deceptive job-related messages on WhatsApp Web using social engineering and advanced malware like MISTPEN backdoor.
04
Five distinct ransomware variants, each leveraging different AWS functionalities (encryption keys, data exfiltration, and deletion), have been found targeting Amazon S3 cloud storage misconfigurations.
05
Aisuru botnet, a TurboMirai-class IoT botnet, powered a record-breaking distributed denial-of-service (DDoS) attack that peaked at 15.72 Tbps and 3.64 Bpps, overwhelming a Microsoft Azure endpoint in Australia.
06
According to Hornetsecurity’s annual Cybersecurity Report, malware-laden emails surged 131% year-over-year, reinforcing email as a primary attack vector, while email scams rose by 34.7% and phishing incidents increased by 21%.
07
The Clop ransomware group, also known as Graceful Spider, has exploited a critical zero-day vulnerability (CVE-2025-61882) in Oracle EBS, affecting versions 12.2.3 to 12.2.14 and allowing unauthenticated RCE.
08
Chinese hackers, linked to state-sponsored APT groups, are exploiting a critical RCE vulnerability (CVE-2025-59287) in Microsoft Windows Server Update Services (WSUS) to deploy ShadowPad malware.
09
A high-severity vulnerability (CVE-2025-40601) has been discovered in SonicOS SSLVPN, causing denial-of-service (DoS) attacks on Gen7 and Gen8 firewalls.
10
A critical RCE vulnerability, CVE-2025-50165, has been discovered in the Windows Graphics Component that allows attackers to exploit systems through malicious JPEG images embedded in files.
