Looks like NATO’s inbox just got a new uninvited guest. Russia-backed threat actor COLDRIVER has launched a fresh cyber espionage operation against NATO entities, leveraging a new downloader dubbed NOROBOT that uses fake CAPTCHA lures. Meanwhile, Chinese state-linked group Salt Typhoon continues its global targeting of telecommunications firms, with its latest campaign breaching a European telecom via a Citrix NetScaler Gateway vulnerability. In another wave of cybercrime, attackers are exploiting TikTok videos masquerading as free activation tutorials for popular software like Windows, Spotify, and Netflix to execute ClickFix attacks. Keep reading further for more cybersecurity news.
01
Russia-backed COLDRIVER has launched a new cyber-espionage campaign targeting NATO entities using NOROBOT, a downloader that employs fake CAPTCHA lures to deploy backdoors like MAYBEROBOT for intelligence gathering.
02
Chinese cyberespionage group Salt Typhoon, also known as Earth Estries or UNC2286, continues targeting global telecoms, with a recent attack on a European telecom starting through a Citrix NetScaler Gateway compromise.
03
A new supply chain attack, GlassWorm malware, has been targeting developers on OpenVSX and Microsoft VS Code marketplaces, with over 35,800 installations.
04
Silver Fox group expanded their malware attacks (Winos 4.0 and HoldingHands RAT) from China and Taiwan to Japan and Malaysia, using phishing emails with malicious PDFs.
05
A phishing email was found impersonating Home Depot, offering a free Gorilla Cart by using obfuscated Unicode characters and recycled legitimate content to evade spam filters and appear authentic.
06
Cybercriminals are using TikTok videos disguised as free activation guides for software like Windows, Spotify, and Netflix to carry out ClickFix attacks that trick users into running malicious PowerShell commands and thereby install info-stealing malware.
07
A coordinated campaign with 131 rebranded Chrome extensions was found targeting WhatsApp Web users in Brazil, abusing platform rules to automate spam messaging.
08
CISA warns that the Windows SMB vulnerability (CVE-2025-33073) is now under active exploitation, enabling attackers to gain SYSTEM privileges on unpatched systems.
09
A critical RCE flaw (CVE-2025-61932) has been discovered in the on-premise edition of LANSCOPE Endpoint Manager that could allow attackers to execute malicious code on affected systems.
10
Insight Enterprises Australia has announced the acquisition of Sekuro, an end-to-end security, governance, and cybersecurity services provider.
