From hijacked search results to weaponized job interviews and cunning phishing ploys, cybercriminals and state-backed actors are finding new ways to outsmart defenses. A newly identified China-aligned group, GhostRedirector, has compromised at least 65 Windows servers worldwide using the Rungan C++ backdoor. Meanwhile, North Korean hackers linked to the “Contagious Interview” campaign have been exploiting cyber threat intelligence platforms to monitor infrastructure, identify new assets, and evade detection. Adding to the wave of threats, PayPal users are being targeted by a phishing scam that uses spoofed emails to trick victims into adding a secondary account user, giving attackers direct access to their funds. Catch up on the biggest cybersecurity headlines from the past 24 hours.
01
A new China-aligned threat actor, GhostRedirector, has compromised at least 65 Windows servers globally with a C++ backdoor Rungan and the malicious IIS module Gamshen to manipulate Google search results.
02
North Korean hackers behind the "Contagious Interview" campaign have been exploiting cyber threat intelligence platforms like Validin, VirusTotal, and Maltrail to monitor their infrastructure, scout for new assets, and evade detection.
03
Russian state-sponsored hackers, APT28 (Fancy Bear), have developed a new malware named "NotDoor," targeting Microsoft Outlook users to steal sensitive data and gain system control.
04
Threat actors are exploiting X’s Grok AI assistant by embedding malicious links in video ad metadata, which Grok then surfaces as clickable replies, lending them credibility and wider reach.
05
A sophisticated phishing scam is targeting PayPal users with spoofed emails that trick victims into adding a secondary account user, giving scammers direct access to their funds.
06
Hackers are exploiting a new AI-powered tool called HexStrike-AI to automate attacks on recently disclosed vulnerabilities (n-day flaws) in Citrix systems, including CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424.
07
Researchers uncovered Frostbyte10, a set of ten critical flaws in Copeland’s E2 and E3 building management controllers that can be chained for unauthenticated root access, jeopardizing food safety, supply chains, and human safety.
08
A critical vulnerability (CVE-2025-57833) in Django's ORM system allows attackers to execute malicious SQL code on web servers. The vulnerability affects Django versions 5.2, 5.1, and 4.2, including the main development branch.
09
Cato Networks, an Israeli cybersecurity company, acquired AI security startup Aim Security for $350 million.
10
Sola Security, a Tel Aviv-based startup, has raised $35 million in a Series A funding round led by S32, with participation from Microsoft’s M12, New Era Capital Partners, and investors.
