Attackers are showcasing alarming ingenuity this week, from hiding in code repositories to mimicking human behavior on infected devices. Researchers uncovered 10 malicious npm packages that used typosquatting to trick developers, executing credential-stealing malware upon installation. On the mobile front, a new Android malware family named Herodotus is evading detection by simulating human typing and bypassing modern Accessibility permission restrictions. Meanwhile, the Beast ransomware is actively spreading across networks by targeting open SMB connections, leveraging a RaaS model and the Vidar infostealer to fuel its attacks. Read on for more.
01
Socket researchers uncovered 10 malicious npm packages that executed credential-stealing malware upon installation. These packages used typosquatting to mimic legitimate libraries.
02
A new Android malware family, Herodotus, employs random delay injection in its input routines to simulate human typing and evade detection. The malware circumvents Accessibility permission restrictions in Android 13 and later.
03
Atroposia is a new feature-rich RAT that enables low-skill attackers to execute complex cyberattacks, including stealthy remote desktop access, credential theft, and DNS hijacking.
04
Qilin ransomware has been found abusing Windows Subsystem for Linux to execute Linux-based encryptors on Windows systems, evading traditional security tools.
05
The CISA warned of two actively exploited vulnerabilities (CVE-2025-6205 and CVE-2025-6204) in Dassault Systèmes' DELMIA Apriso, which could allow unauthorized access and code execution.
06
The Beast ransomware has been targeting active SMB connections to spread across networks, leveraging RaaS to enable affiliates to launch independent attacks. It uses phishing campaigns and Vidar infostealer.
07
A phishing attack is using invisible Unicode characters embedded in email subject lines via MIME encoding. Attackers use soft hyphen characters, making the subject line appear corrupted to algorithms but clear to recipients.
08
Researchers developed TEE.Fail attack, which compromises confidential computing on Intel, AMD, and NVIDIA CPUs by exploiting weaknesses in Trusted Execution Environments (TEEs) using a DDR5-based side-channel attack.
09
A critical vulnerability in WSUS, identified as CVE-2025-59287, is currently being exploited by threat actors. This flaw allows unauthenticated attackers to execute remote code with system privileges.
10
A surge in fake investment platforms mimicking cryptocurrency and forex exchanges is spreading financial crime across Asia, involving organized cross-border groups.
