Things are getting muddy in cyberspace, quite literally. Iran-linked MuddyWater has stirred up a large-scale espionage campaign, targeting over 100 government and international organizations through phishing emails. Riding the same wave of global espionage, Russian-linked actors rolled out PhantomCaptcha, a spearphishing operation posing as Cloudflare CAPTCHA pages to infiltrate Ukrainian war relief groups and government entities. Adding to the mix, Bitter APT, a South Asian threat group, exploited a WinRAR zero-day and malicious Office macros to plant C# backdoors and exfiltrate sensitive data from government, military, and critical infrastructure networks. Keep reading for more cybersecurity updates from the last 24 hours.
01
Iran-linked APT MuddyWater launched an espionage campaign targeting over 100 government and international organizations worldwide, using phishing emails from compromised mailboxes to deploy Phoenix backdoor v4.
02
Russian-linked threat actors have launched PhantomCaptcha, a spearphishing campaign targeting Ukrainian war relief organizations and government entities, using fake Cloudflare CAPTCHA pages and multi-stage malware delivery to steal data and execute remote commands.
03
Vidar Stealer 2.0 has been released with enhanced capabilities and now targets a wide range of sensitive information, including browser cookies, cryptocurrency wallets, cloud credentials, and messaging apps like Telegram and Discord.
04
Hackers exploited misconfigured ASP.NET machine keys to compromise IIS servers globally in a campaign identified as REF3927. The attack involved deserialization vulnerabilities in ViewState, malicious IIS modules like TOLLBOOTH, webshell frameworks, and kernel-mode rootkits.
05
Bitter APT, a South Asian-based threat group, exploits a WinRAR zero-day vulnerability and malicious Office macros to deploy C# backdoors and steal sensitive data from government, military, and critical infrastructure sectors.
06
Researchers exploited CVE-2025-7656, a patched Chromium flaw, to target Cursor and Windsurf IDEs, exposing 1.8 million developers to attacks due to their reliance on outdated Chromium and Electron builds vulnerable to over 94 known CVEs.
07
China-linked hackers exploited the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint, targeting government agencies, universities, telecommunication providers, and finance organizations across four continents.
08
Microsoft 365 Copilot was found vulnerable to an indirect prompt injection attack, enabling data exfiltration via specially crafted Mermaid diagrams. Attackers could embed malicious instructions in documents, prompting M365 Copilot to fetch sensitive tenant data.
09
Veeam Software to acquire Securiti AI, a data privacy management software provider, for about $1.73 billion.
10
A non-human identity startup, Defakto, secured $30.75 million in a Series B funding round led by Ross Fubini of XYZ Capital.
