Recent threat activity highlights a diverse set of ongoing cyber risks: the Russian-aligned RomCom group has been deploying SocGholish malware against a U.S.-based engineering firm tied to Ukraine. Meanwhile, UK users are being targeted by a campaign that plants deceptive adult-themed links in search results, redirecting victims to malware-laced sites disguised as “Windows update” downloads. Black Friday shoppers are facing a surge in scams where attackers spin up more than 100 polished, brand-impersonating “Survey Reward” domains to harvest personal and payment information. Keep reading for more cybersecurity news.
01
The Russian-aligned RomCom group used SocGholish malware to target a U.S.-based engineering firm connected to Ukraine, leveraging fake browser update prompts to deliver advanced payloads including the Mythic Agent loader and the VIPERTUNNEL backdoor.
02
A malicious campaign is targeting UK users by placing deceptive adult-themed links in search results that redirect to malware-infected sites, tricking victims into downloading a fake “Windows update.”
03
The Handala group has launched a cyber intimidation campaign against Israeli high-tech and aerospace professionals by scraping LinkedIn profiles, manipulating and publishing their personal data with false accusations, and offering financial rewards for more information.
04
A new Mirai-based botnet called ShadowV2 was observed during the October AWS outage, exploiting eight known vulnerabilities in IoT devices from vendors such as D-Link and TP-Link.
05
Researchers have uncovered a new campaign by the “Scattered Lapsus$ Hunters,” which uses more than 40 typosquatted Zendesk-like domains to host phishing pages and fake SSO portals designed to steal user credentials.
06
Black Friday scams are surging as scammers use fake “Survey Reward” pages across more than 100 brand-impersonating domains to steal personal and payment data, luring victims with enticing rewards like Starlink kits, LEGO sets, and YETI bundles.
07
Abandoned iCalendar (iCal) domains threaten nearly 4 million mainly iOS and macOS devices, as expired or hijacked calendar domains can be exploited to inject malicious events, links, or files, effectively turning digital calendars into phishing and malware delivery vectors.
08
NVIDIA has issued security updates for 14 critical vulnerabilities in its DGX Spark system, including the most severe flaw, CVE-2025-33187, which could let attackers bypass protections, escalate privileges, execute malicious code, steal data, and potentially take full control of the system.
09
A vulnerability (CVE-2025-54057) in the Apache SkyWalking performance monitoring tool allows attackers to execute malicious scripts through stored XSS due to improper neutralization of script-related HTML tags.
10
A vulnerability in legacy Python bootstrap scripts can fetch installation code from the long-abandoned, ad-parked domain python-distribute.org, creating a potential vector for domain takeover attacks.
