A wave of new malware activity is sweeping across regions. In Brazil, a WhatsApp-based Windows worm dubbed Sorvepotel is rapidly infecting government and public service networks. Meanwhile, the China-linked espionage group Mustang Panda has refreshed its arsenal, deploying advanced tools in targeted campaigns across Singapore, Thailand, and other East Asian nations. At the same time, the XWorm malware has re-emerged with expanded capabilities enabling widespread attacks across Russia, the U.S, India, Ukraine, and Turkey. Keep reading for more cybersecurity updates from the past 24 hours.
01
A new WhatsApp-based Windows worm named Sorvepotel is spreading rapidly across Brazil, primarily hitting government and public service organizations by hijacking WhatsApp Web sessions.
02
The China-aligned espionage group Mustang Panda has updated its toolset and been observed targeting organizations in Singapore and Thailand, and other East Asia victims.
03
A new, fully undetectable Android RAT dubbed the "Most Powerful (FUD Android RAT) 2025," has been discovered on GitHub, allowing attackers to manage compromised devices through a web-based console.
04
Researchers discovered a "Mic-E-Mouse" attack, where high-DPI optical sensors in modern computer mice can detect desk vibrations caused by sound waves and reconstruct speech, posing a privacy threat.
05
The modular XWorm backdoor has resurfaced with a ransomware module and 35+ plugins targeting countries, including Russia, the U.S, India, Ukraine, and Turkey.
06
The Clop ransomware gang is exploiting a critical zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite that allows remote, unauthenticated access to Oracle Concurrent Processing.
07
A critical vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere MFT tool is being actively exploited in ransomware campaigns, including by the Medusa ransomware group. The flaw allows attackers to bypass signature verification, enabling RCE and system compromise.
08
A critical vulnerability (CVE-2025-36604) in Dell UnityVSA allows attackers to execute commands without authentication due to improper sanitization of login redirect URIs.
09
Researchers published a proof-of-concept for a critical command-injection issue (CVE-2025-61984) in OpenSSH’s ProxyCommand feature that allows RCE by exploiting inadequate filtering of control characters in usernames.
10
MokN, a Paris-based deception-centric identity protection startup, raised approximately $3M in a funding round led by Moonfire, with participation from OVNI Capital, Kima Ventures, and angels.
