Cybercriminals seem to be constantly switching up their playbooks. Chinese-linked threat group Phantom Taurus has been conducting espionage operations against government, telecom, and foreign affairs sectors across Africa, Asia, and the Middle East. At the same time, researchers uncovered Detour Dog, a DNS-based malware fueling StrelaStealer campaigns that harvest email credentials from organizations in the U.S. and Europe. Adding to the growing risks, attackers are also manipulating Extended Validation (EV) certificates to lend legitimacy to malicious infrastructure and malware, helping them slip past traditional security defenses. Read further for more cybersecurity news.
01
The Chinese-aligned APT group dubbed Phantom Taurus has been targeting governments and telecom/foreign affairs sectors across Africa, Asia, and the Middle East using a stealthy malware toolset (Net-Star) for espionage.
02
A DNS-level malware dubbed Detour Dog has been observed powering campaigns distributing StrelaStealer to steal email credentials from organizations in the U.S. and Europe.
03
Ukraine’s CERT warns of CABINETRAT, a backdoor delivered via Excel XLL add-ins inside ZIPs shared over Signal, used in targeted campaigns in the country.
04
A malicious PyPI package named SoopSocks masquerades as a SOCKS proxy tool but serves as a malware dropper or backdoor targeting Windows systems.
05
A new toolkit called MatrixPDF enables transforming benign PDF documents into interactive lures embedding JavaScript and clickable overlays that bypass email filters for phishing or malware delivery.
06
Hackers are abusing Extended Validation (EV) certificates to make malware or malicious infrastructure appear more legitimate and bypass security checks.
07
Attackers are exploiting a patched information-disclosure flaw (CVE-2023-43261) in Milesight cellular routers to send phishing SMS messages targeting users in Sweden, Italy, Belgium, and other parts of Europe.
08
Multiple security flaws were disclosed in Totolink X6000R routers, allowing remote exploitation (code execution or other compromises) of home / SOHO network devices.
09
A severe security flaw in Red Hat’s OpenShift AI platform, tracked as CVE-2025-10725, could allow privilege escalation and full infrastructure takeover.
10
IAM / identity security startup Descope raised $35 million in a seed round extension from investors including Cerca Partners, Dell Technologies Capital, Lightspeed, Notable Capital, Triventures, and Unusual Ventures.
