Cyber threats are getting smarter, and so are the attackers behind them. Rhadamanthys, a versatile multi-modular stealer previously active in ClickFix campaigns, has evolved with version 0.9.2, introducing changes that may challenge detection and enforcement tools for researchers. Meanwhile, the state-sponsored SideWinder APT has expanded its operations to Pakistan and Sri Lanka’s maritime sectors through the Operation SouthNet campaign. At the same time, a new phishing toolkit called Impact Solutions is empowering low-skilled threat actors to carry out sophisticated malware campaigns using point-and-click attachments. Continue reading for more cybersecurity news from the last 24 hours.
01
Rhadamanthys, a multi-modular stealer widely used in ClickFix campaigns, has evolved with version 0.9.2, which may impact detection and enforcement tools used by researchers.
02
SideWinder APT, a state-sponsored group known for South Asian espionage, is now targeting Pakistan and Sri Lanka’s maritime sectors in the Operation SouthNet campaign, with over 50 malicious domains hosting phishing and credential-stealing pages.
03
Cavalry Werewolf threat group has been targeting Russian state agencies and enterprises with phishing emails impersonating Kyrgyz officials, deploying custom malware, FoalShell reverse shells, and StallionRAT trojans controlled via Telegram.
04
A new phishing toolkit, Impact Solutions, has been enabling low-skilled threat actors to launch advanced malware campaigns using point-and-click phishing attachments like .lnk, HTML, and SVG files, leveraging social engineering and evasion techniques globally.
05
Hackers are exploiting nine unpatched Oracle E-Business Suite vulnerabilities, some critical and remotely exploitable without authentication, to send extortion emails to executives claiming theft of sensitive data.
06
Google Chrome 141 fixes 21 vulnerabilities, including two high-severity heap buffer overflows in WebGPU and Video (CVE-2025-11205, CVE-2025-11206), while Firefox 143.0.3 patches two high-severity flaws, an integer overflow in Graphics (CVE-2025-11152) and a JIT miscompilation in the JavaScript Engine (CVE-2025-11153).
07
Microsoft Defender for Endpoint users are encountering widespread false BIOS security alerts due to a software bug that incorrectly flags up-to-date BIOS installations as outdated or vulnerable, causing confusion among IT administrators and end-users.
08
DrayTek issued a security advisory for a critical RCE vulnerability (CVE-2025-10547) affecting several Vigor routers, which could allow unauthenticated attackers to execute arbitrary code via crafted HTTP/HTTPS requests to the Web User Interface (WebUI).
09
Oneleet, a cybersecurity firm, secured $33 million in a Series A round led by Dawn Capital, with participation from prominent investors, including Frank Slootman (former CEO of Snowflake and ServiceNow), Dropbox co-founder Arash Ferdowsi, Y Combinator, and multiple founders and CISOs.
10
The global technology company, Stefanini Group, has acquired Cyber Smart Defense, a Romanian cybersecurity company, to strengthen its global cybersecurity portfolio.
