Cybercriminals are proving adept at turning trusted infrastructure against its users, from enterprise software to the phone in your pocket. A newly discovered Windows malware named Airstalk is now exploiting the AirWatch API for covert communications in supply chain attacks. On the server front, the Kinsing threat actor is actively exploiting a known Apache ActiveMQ vulnerability to deploy a .NET backdoor. This trend of abusing built-in tech extends to consumers, as researchers report a surge in NFC relay malware in Eastern Europe, with over 760 malicious Android apps found stealing credit card data. Read on for more.
01
Airstalk is a newly discovered Windows-based malware family, likely used by a nation-state actor in supply chain attacks, featuring both PowerShell and .NET variants. It exploits the AirWatch API for covert C2 communications.
02
A significant increase in NFC relay malware has been observed in Eastern Europe, with researchers identifying over 760 malicious Android apps exploiting Near-Field Communication technology to steal credit card information.
03
Attackers are exploiting CVE-2025-59287, a WSUS vulnerability, to deploy the Skuld infostealer. Victims include universities, technology, manufacturing, and healthcare organizations, mostly in the U.S.
04
ASEC identified the Kinsing threat actor exploiting the CVE-2023-46604 vulnerability in Apache ActiveMQ to distribute malware, including Sharpire, a .NET backdoor supporting PowerShell Empire.
05
A new vulnerability named Brash has been discovered in the Blink rendering engine of Chromium-based browsers, enabling attackers to crash these browsers within seconds using a single malicious URL.
06
The CISA identified a critical vulnerability, CVE-2025-41244, affecting Broadcom VMware Tools and VMware Aria Operations, which has been actively exploited by a China-linked threat actor known as UNC5174.
07
Russian cybercriminals are increasingly using the open-source command-and-control framework AdaptixC2, originally designed for penetration testing, to carry out ransomware attacks worldwide.
08
The CISA and NSA released tips to secure Microsoft Exchange servers, focusing on authentication, encryption, and attack surface reduction. Organizations are advised to migrate from unsupported Exchange versions.
09
A recent tech support scam involves fake PayPal invoices claiming that users owe $823, urging them to call a provided number. This tactic exploits urgency and employs unverified contact details.
10
Email security startup Sublime Security raised $150 million in a Series C funding round led by Georgian, with participation from Avenir and 01A, and existing investors.
