From critical software flaws to trusted messaging apps, threat actors are leaving no stone unturned in their latest campaigns. The sophisticated Gamaredon group is targeting government entities by exploiting a critical WinRAR vulnerability in its latest phishing operation. Meanwhile, the Water Saci malware campaign has evolved to use WhatsApp as its primary infection vector, hijacking web sessions to spread malicious ZIP files. This surge in activity is mirrored by the Qilin ransomware group, which has intensified its operations this year to publish data from victims using a double-extortion model. Read on for the top 10 highlights from the past 24 hours.
01
A sophisticated phishing campaign by the Gamaredon threat group is targeting government entities by exploiting a critical WinRAR vulnerability, CVE-2025-8088.
02
The Water Saci malware campaign has significantly evolved, utilizing WhatsApp as its primary infection vector to spread malicious ZIP files through hijacked web sessions.
03
SideWinder APT has launched a sophisticated espionage campaign targeting South Asian diplomatic entities, utilizing a novel PDF and ClickOnce-based infection chain.
04
The Trigona threat actor has launched a new wave of attacks targeting vulnerable MS-SQL servers using brute-force and dictionary attacks. It uses the Bulk Copy Program to extract malware from SQL tables and create local executable files.
05
QNAP has issued a warning regarding a critical ASP[.]NET Core vulnerability, tracked as CVE-2025-55315, which affects its NetBak PC Agent, a Windows utility for backing up data to QNAP NAS devices.
06
Qilin ransomware group has intensified its activity in 2025, publishing over 40 victim cases monthly. Their operations primarily target manufacturing, professional services, and wholesale trade sectors using a double-extortion model.
07
The Apache Software Foundation has identified two significant vulnerabilities—CVE-2025-55752 and CVE-2025-55754—in Apache Tomcat, affecting versions 9, 10, and 11.
08
A new variant of the Gunra ransomware is targeting Linux systems using ELF binaries. This variant employs the ChaCha20 encryption algorithm but suffers from a critical cryptographic flaw in its random number generation.
09
Europol warned that caller ID spoofing, used by criminals to falsify phone numbers and impersonate trusted institutions, accounts for 64% of fraud cases involving calls and texts, facilitating various online scams and social engineering schemes.
10
Fraud cases in the U.K rose by 17% in the first half of 2025 compared to the same period in 2024, with total consumer losses reaching £629 million ($839 million).
