Tax season continues to be a prime lure for cybercriminals, with the Kimsuky group launching sophisticated tax-themed phishing campaigns against South Korean users in an attempt to steal credentials and gain access to government networks. In addition, attackers are deploying multiple malware families, including SectopRAT, SystemBC, and Betruger, to enable proxy tunneling and maintain persistence. Meanwhile, on a broader front, Link11’s H1 2025 report highlights a staggering 225% surge in DDoS attacks compared to the same period in 2024. Keep on reading for more cybersecurity updates from the last 24 hours.
01
North Korean APT Kimsuky (aka APT43) is conducting sophisticated tax-themed phishing attacks against South Korean users, aiming to steal credentials and infiltrate government networks.
02
Attackers are dropping multiple malware families, including SectopRAT, SystemBC, and Betruger, on a breached system and using tools like AdFind and SharpHound for proxy tunneling.
03
A new Android banking trojan, RatOn, has been discovered that merges NFC relay attacks with ATS fraud and overlay screens, giving attackers full remote control and the ability to steal cryptocurrency and bank funds.
04
Attackers compromised 18 popular npm libraries by phishing their maintainers, injecting malicious code to stealthily hijack Web3/crypto wallet transactions and redirect funds to attacker-controlled accounts.
05
The U.S. Treasury sanctioned multiple Southeast Asian cyber scam networks that enslave workers to run large-scale online investment and romance scams, which defrauded Americans of over $10 billion in 2024.
06
Link11’s H1 2025 report found a 225% increase in DDoS attacks versus H1 2024, with adversaries using advanced Layer7 techniques to mimic legitimate traffic.
07
An anti-spam engine bug in Exchange Online and Teams erroneously flagged safe URLs as malicious, quarantining over 6,000 legitimate links.
08
SAP’s September patch release fixed four critical NetWeaver vulnerabilities - notably CVE-2025-42944, CVE-2025-42922, and CVE-2025-42958, enabling remote code execution and privilege escalation.
09
Mitsubishi Electric is acquiring Nozomi Networks, an industrial cybersecurity firm, in a deal worth nearly $1 billion.
10
An AI-driven threat intelligence and managed security solutions provider, Tego Cyber, announced the acquisition of a managed security services business and the launch of VigilAigent, a next-generation AI-driven managed security service provider (MSSP).
