True to its name, the Vietnamese threat group BatShadow is emerging from the dark with a new campaign targeting job seekers and digital marketing professionals through social engineering tactics. Meanwhile, threat actors are leaning on an off-the-shelf phishing toolkit called IUAM ClickFix Generator to spin up highly convincing credential-harvesting pages that can drop follow-on payloads such as DeerStealer and the Odyssey infostealer. In addition, attackers are abusing email styling using CSS tricks to hide and shuffle text in a tactic sometimes called “hidden text salting.” Continue reading for more cybersecurity news from the last 24 hours.
01
The Vietnamese threat actor group BatShadow is conducting a new campaign targeting job seekers and digital marketing professionals using social engineering tactics to distribute a Go-based malware named Vampire Bot.
02
Attackers are leveraging a phishing kit called IUAM ClickFix Generator that simplifies the creation of sophisticated phishing pages to deliver malware such as DeerStealer and Odyssey infostealers.
03
A new cryptocurrency scam is targeting users of the Best Wallet app, aiming to deceive them into connecting their wallets to a fraudulent website.
04
A phishing campaign targeted job seekers in social media and marketing roles by impersonating prominent brands like Tesla, Google, Ferrari, and Red Bull through fake job applications.
05
Fake indie game pages impersonating legitimate platforms like itch[.]io are being used to distribute malware through social engineering tactics.
06
Hackers are abusing CSS properties in emails, a technique called hidden text salting, impersonating brands like PayPal, Harbor Freight, Blue Cross Blue Shield, Wells Fargo, and Norton LifeLock.
07
Google has released Chrome version 141.0.7390.65/.66 to address three critical security vulnerabilities that could allow attackers to execute arbitrary code. These flaws include CVE-2025-11458, CVE-2025-11460, and CVE-2025-11211.
08
CISA has issued a warning about a zero-day XSS vulnerability in the Zimbra Collaboration Suite (ZCS), which is currently being exploited by attackers. This flaw arises from insufficient sanitization of HTML in calendar invitation files (ICS) viewed in the Classic Web Client.
09
A critical SQL injection vulnerability (CVE-2025-57819) in the open-source FreePBX platform has been actively exploited, allowing attackers to tamper with databases and execute arbitrary code.
10
Kaseya, an information technology management software company, acquired cybersecurity firm INKY Technology for an undisclosed sum.
