When one gate closes, another opens! Unfortunately, in cybercrime, it’s usually the backdoor. A new campaign called “GPUGate” is luring IT professionals in Western Europe through poisoned Google Ads and GitHub repositories. Meanwhile, macOS users aren’t spared either. Threat actors are pushing the Odyssey stealer through a fake Microsoft Teams download site using ClickFix, siphoning off credentials, cookies, Apple Notes, and even crypto wallets to a C2 server. Adding to the chaos, researchers flagged four malicious npm packages masquerading as Flashbots SDKs, designed to swipe Ethereum wallet secrets. Continue reading for the Top 10 cybersecurity headlines for today.
01
A sophisticated malware campaign dubbed “GPUGate” has been targeting IT professionals in Western Europe via malicious Google Ads and compromised GitHub repositories, using GPU-based decryption to evade virtual environment and sandbox detection.
02
Threat actors are distributing the Odyssey macOS stealer via a fake Microsoft Teams download site using ClickFix, stealing credentials, cookies, Apple Notes, and crypto wallets before exfiltrating them to a C2 server.
03
GhostAction, a supply chain attack, has been uncovered that injected malicious GitHub Actions workflows to steal 3,325 secrets from 817 repositories, first targeting the FastUUID project, though no malicious package releases were found.
04
A phishing campaign is abusing iCloud Calendar invites to deliver payment-themed emails that originate from Apple’s trusted servers, bypass security checks, and exploit Microsoft 365’s forwarding mechanism to appear legitimate.
05
AMOS Stealer targets macOS users through cracked apps and malicious Terminal commands, bypassing Gatekeeper protections while leveraging rotating domains to evade detection and delay takedowns.
06
Researchers discovered four malicious npm packages posing as Flashbots SDKs that steal Ethereum wallet credentials by exfiltrating private keys and mnemonic seeds to an attacker-controlled Telegram bot.
07
A critical flaw in Argo CD (CVE-2025-55190) affects versions up to 2.13.0, allowing attackers with low-level API tokens to exploit the project details API endpoint to steal repository credentials, enabling code theft and supply chain attacks.
08
A critical vulnerability (CVE-2025-58782) in Apache Jackrabbit Core and JCR Commons enables RCE by exploiting deserialization of untrusted data through malicious JNDI references, allowing attackers to execute arbitrary code and compromise sensitive data and system stability.
09
A digital identity provider, ID.me secured $340 million in a Series E funding round led by Ribbit Capital, with participation from Ares Credit funds, Moonshots Capital, and Positive Sum.
10
Shift5, an operational intelligence platform, raised $75 million in a Series C funding round led by Hedosophia with support from Insight Partners, Center 15 Capital, Booz Allen Ventures, and others.
