Cybercriminals are upping their game with new tactics targeting users across industries and platforms. A phishing campaign in Russia’s automobile and e-commerce sectors is deploying the stealthy .NET-based CAPI Backdoor to steal data and spy on victims. At the same time, attackers are exploiting Google Ads to deceive macOS developers with fake Homebrew, LogMeIn, and TradingView downloads. In a major crackdown, Europol’s Operation SIMCARTEL dismantled a cybercrime-as-a-service network, seizing assets and infrastructure used to generate over 49 million fake accounts for fraud, phishing, and identity theft. Read further to know more about the cybersecurity updates from the weekend.
01
A new phishing campaign targeting the Russian automobile and e-commerce sectors has been uncovered, utilizing a .NET malware called CAPI Backdoor.
02
Google Ads are being exploited to target macOS developers with fake Homebrew, LogMeIn, and TradingView platforms. These malicious ads lead users to download infostealing malware like AMOS and Odyssey.
03
Attackers are exploiting Google Ads to promote fake Comet Browser download links, spreading malware disguised as Perplexity’s official installer.
04
A newly uncovered phishing campaign exploits Microsoft’s logo and branding to steal user credentials using a fake payment notification email, leading users to a counterfeit CAPTCHA challenge and a simulated ransomware experience.
05
A phishing scam has been impersonating Google Careers and targeting corporate Google Workspace and Microsoft 365 users with emails titled “Are you open to talk?” to steal their login credentials while avoiding non-business accounts.
06
Europol’s Operation SIMCARTEL dismantled a cybercrime-as-a-service platform running a SIM farm that enabled phishing, fraud, and identity theft, resulting in arrests, asset seizures, and the takedown of infrastructure used to create over 49 million fake accounts for criminal activities.
07
Cybercriminals are exploiting the lack of authentication in Zendesk's customer service platform to flood email inboxes with spam and harassing messages.
08
Microsoft fixed a critical ASP.NET Core vulnerability (CVE-2025-55315) in the Kestrel web server that could allow attackers to hijack user credentials, bypass security controls, or crash the server.
09
Zimbra released a patch for a high-severity SSRF vulnerability, urging immediate updates to version 10.1.12. The vulnerability enables attackers to access sensitive data, map internal networks, and steal credentials.
10
Theodosian, a U.K.-based cybersecurity startup, secured $1.3 million in pre-seed funding led by Fuel Ventures, with participation from D11Z Ventures, 1818 Venture Capital, and others.
