Phishing emails continue to be a primary entry point for advanced cyberattacks. Reflecting this trend, Kimsuky has launched a new campaign deploying two variants of its KimJongRAT malware through phishing emails impersonating South Korean government agencies. In parallel, researchers have uncovered a new Android spyware dubbed RadzaRat, masquerading as a legitimate file manager app to give attackers full remote control of infected devices. Additionally, threat actors linked to Russia are exploiting malicious Blender model files to distribute the StealC V2 info-stealer via popular 3D asset marketplaces like CGTrader. Continue reading for more cybersecurity updates.
01
Kimsuky has launched an advanced campaign utilizing dual variants of the KimJongRAT malware using phishing emails that impersonate South Korean agencies, delivering malicious LNK files and decoy PDFs to unsuspecting victims.
02
A new Android spyware, RadzaRat, was found disguised as a file manager, granting criminals full remote control over devices while keylogging passwords and stealing files.
03
A malicious VSCode extension has been found impersonating the popular Prettier tool. The extension, named "prettier-vscode-plus," was part of a Brandjacking attack and aimed to deploy Anivia Stealer malware.
04
Shai-Hulud malware has compromised over 500 npm packages in a recent supply chain attack, targeting well-known tools like Zapier and PostHog to steal developer and CI/CD secrets.
05
The CISA issued a warning about ongoing spyware campaigns that target users of mobile messaging applications like Signal and WhatsApp, utilizing sophisticated social engineering techniques and exploiting vulnerabilities to gain unauthorized access to user accounts.
06
A sophisticated phishing campaign has been exploiting a typographical trick by replacing the letter 'm' with 'r' and 'n' in the domain "rnicrosoft.com" to mimic Microsoft's legitimate website.
07
Malicious Blender model files are being exploited to deliver the StealC V2 infostealer through 3D model marketplaces such as CGTrader. This campaign, linked to Russian actors, allows embedded Python scripts within .blend files to execute automatically.
08
Multiple vulnerabilities in Google Chrome could allow attackers to execute arbitrary code, potentially leading to the installation of programs, data manipulation, or the creation of new accounts with full user rights. Systems affected include Chrome versions prior to 142.0.7444.175/.176 for Windows, Mac, and Linux.
09
A critical RCE vulnerability (CVE-2025-6389) in the Sneeit Framework plugin is under active exploitation. The flaw resides in the sneeit_articles_pagination_callback() function, allowing attackers to execute arbitrary code without authentication.
10
A vulnerability (CVE-2025-40601) in SonicOS could allow Denial of Service (DoS) attacks via the SSLVPN interface. This flaw impacts specific versions of SonicOS and could crash affected firewalls.
