Spear-phishing attacks continue to evolve, targeting specific individuals with highly tailored lures to steal sensitive information. Recently, ScarCruft (APT37) launched Operation HanKook Phantom, deploying RokRAT and custom malware to exfiltrate data via cloud services. Meanwhile, Ukrainian threat actors conducted over 1.3 million VPN and RDP login attempts, employing brute-force and password-spraying techniques to bypass security defenses. At the same time, attackers are targeting the hospitality sector using malvertising and fake login pages to impersonate at least thirteen hotel brands. Keep reading for more cybersecurity updates.
01
ScarCruft (APT37) launched Operation HanKook Phantom, a spear-phishing campaign against South Korean academics and officials, using RokRAT and custom malware to steal sensitive data via cloud services under the guise of legitimate activity.
02
Ukrainian hackers launched over 1.3 million VPN and RDP login attempts using brute-force and password-spraying tactics, leveraging bulletproof hosting and coordinated autonomous systems to evade defenses.
03
Cybercriminals are abusing Meta’s ad platforms to spread Brokewell malware via fake ads offering a free TradingView Premium app, targeting Android users in the cryptocurrency space.
04
Iranian-aligned Homeland Justice exploited a compromised Omani Ministry of Foreign Affairs (MFA) mailbox to send diplomatic-themed spear-phishing emails with macro-laced Word files delivering malware to global governments.
05
A spear-phishing campaign is impersonating HR with emails titled “Salary amendment” or “FIN_SALARY,” tricking executives into entering credentials on fake Microsoft Office/OneDrive login pages.
06
Attackers are running a large-scale phishing campaign targeting hotelier accounts, using malvertising and fake login pages to impersonate at least thirteen hospitality companies and compromise cloud-based property management and guest messaging platforms.
07
A hacker exploited API authentication flaws in Pudu Robotics’ service robots, including BellaBot and KettyBot, allowing unauthorized global control, data access, and configuration changes, posing risks across restaurants, offices, and hospitals.
08
WhatsApp patched a critical zero-day (CVE-2025-55177) exploited alongside an Apple OS flaw (CVE-2025-43300) in a commercial spyware campaign, enabling memory corruption and targeted attacks.
09
Researchers disclosed three Sitecore Experience Platform flaws (CVE-2025-53693, -53691, -53694) that could be chained to poison caches, expose data, and enable remote code execution.
10
Danish cybersecurity startup Moxso has raised $5.5 million in seed funding led by Seed Capital, with Ugly Duckling Ventures and D2 Fund also participating.
