Modern RATs no longer just hide, they evolve. A new Python-based RAT exemplifies this shift using advanced polymorphism and self-modifying routines to change its code signature on every run. Meanwhile, a China-aligned group tracked as UTA0388 has run sophisticated spear-phishing campaigns against organizations worldwide, with a pronounced focus on Asian geopolitical topics. Moreover, pro-Russian hacktivists known as TwoNet have moved away from DDoS operations toward strikes on critical infrastructure targets. Stay tuned for more cybersecurity news.
01
A new Python-based RAT employs advanced polymorphic and self-modifying techniques, altering its code signature with each execution to evade detection.
02
UTA0388, a China-aligned threat actor, has been conducting sophisticated spear-phishing campaigns, targeting organizations globally with a focus on Asian geopolitical issues, particularly Taiwan.
03
Chinese hackers with suspected ties to the state have begun exploiting the open-source Nezha monitoring tool to deliver the Gh0st RAT.
04
The Chaos-C++ ransomware, a new variant of the Chaos ransomware family, is aggressively targeting Windows systems, deleting large files over 1.3 GB instead of encrypting them, and is built in C++ for faster execution.
05
Hacktivists from the pro-Russian group TwoNet have shifted their focus from DDoS attacks to targeting critical infrastructure. They recently attacked a decoy water treatment plant set up by researchers to study their tactics.
06
A new FileFix attack variant uses "cache smuggling" to bypass security software by hiding malicious files in Chrome's cache. The attack disguises itself as a Fortinet VPN Compliance Checker, tricking users into running hidden PowerShell commands.
07
A critical vulnerability (CVE-2025-5947) in the Service Finder WordPress theme allows attackers to bypass authentication and access any account, including administrator accounts.
08
GitLab has released patch versions 18.4.2, 18.3.4, and 18.2.8 for both Community Edition (CE) and Enterprise Edition (EE), addressing critical security vulnerabilities and various bugs.
09
A critical vulnerability (CVE-2025-53967) has been discovered in the Figma MCP server, allowing attackers to execute arbitrary code through command injection due to unsanitized user input in shell commands.
10
Realm.Security, a cybersecurity startup has secured $15 million in Series A funding round led by Jump Capital, with participation from seed investors Accomplice and Glasswing Ventures.
