Cybercriminal activity continues to escalate with sophisticated campaigns targeting financial platforms, Windows systems, and unsuspecting users through advanced malware and social engineering tactics. North Korea’s Lazarus Group has deployed new malware tools in a social engineering campaign against a DeFi firm, impersonating an employee on Telegram. Meanwhile, Windows systems are under attack from TinyLoader, which spreads through network shares and USB devices, serving as a delivery mechanism for Redline Stealer and DCRat while also hijacking clipboard activity to steal cryptocurrency. Cybercriminals are using a fake AnyDesk installer in the ClickFix scam to distribute MetaStealer malware, employing techniques like FileFix and Windows Explorer to trick victims into downloading malicious files disguised as PDFs. Continue reading for more cybersecurity news.
01
The North Korean Lazarus Group used new tools—PondRAT, ThemeForestRAT, and RemotePE—in a social engineering attack on a DeFi firm, impersonating an employee on Telegram and exploiting fake scheduling sites for access.
02
The TinyLoader malware is targeting Windows via network shares and USBs, acting as a delivery tool for Redline Stealer and DCRat while also stealing cryptocurrency through clipboard hijacking.
03
Inf0s3c Stealer, a Python-based grabber, has been found collecting system info and sensitive data, including passwords, cookies, crypto wallets, Discord/Telegram data, and gaming accounts.
04
A new C++ backdoor, MystRodX (aka ChronosRAT), has been discovered, which is linked to Liminal Panda, offering file management, port forwarding, reverse shell, and stealthy, flexible espionage capabilities.
05
A fake AnyDesk installer is spreading MetaStealer malware in the ClickFix scam, using FileFix and Windows Explorer to trick victims into downloading malicious PDF-disguised files.
06
A critical AI supply chain flaw, Model Namespace Reuse, lets attackers exploit abandoned model namespaces on platforms like Hugging Face to deploy malicious models, affecting Azure AI, Google Vertex AI, and thousands of open-source projects.
07
The September 2025 Android Security Bulletin disclosed two actively exploited zero-days—CVE-2025-38352 in Android Runtime and CVE-2025-48543 in Android 13–16—both elevation-of-privilege flaws enabling RCE without user interaction.
08
Google released Chrome 140 for Windows, macOS, and Linux, fixing six vulnerabilities—including the critical V8 use-after-free flaw (CVE-2025-9864) and medium-severity issues in Toolbar, Extensions, and Downloads.
09
A new RCE vulnerability (CVE-2025-53772) in Microsoft IIS Web Deploy allows authenticated attackers to execute arbitrary code via unsafe deserialization in msdeployagentservice and msdeploy.axd.
10
Israeli cybersecurity company Varonis is set to acquire California-based AI email security startup SlashNext for $150 million.
