Threat actors are stepping up their game with increasingly deceptive and disruptive tactics. In a recent campaign, Chinese state-backed group APT41 has been spoofing a Congressman’s email to phish U.S. trade officials, delivering booby-trapped legislative draft documents that install malware to exfiltrate sensitive data. Adding to the mix, researchers uncovered a new malware strain exploiting exposed Docker APIs—not just for cryptomining but also by blocking rival attackers, hinting at preparation for a larger botnet. Meanwhile, the Salty2FA phishing kit is taking aim at MFA protections by cleverly embedding attacks within trusted login flows. Continue reading for more cybersecurity news for the last 24 hours.
01
Chinese state-sponsored group APT41 has been spear-phishing U.S. trade officials by spoofing a Congressman’s email, sending malicious legislative draft attachments that deploy malware to steal sensitive data.
02
A novel malware strain is targeting exposed Docker APIs by blocking other attackers from accessing the API, suggesting preparation for a botnet beyond simple cryptomining.
03
An underground AI-driven email attack toolkit, SpamGPT has been disclosed that automates large-scale spam and phishing campaigns by using generative AI to craft emails and bypass filters.
04
Hackers are abusing Google’s AppSheet platform to send Meta-themed phishing emails from the legitimate [email protected] domain, bypassing normal email defenses and harvesting credentials under the guise of trusted infrastructure.
05
Salty2FA, a phishing-as-a-service kit, has been undermining MFA by cloaking attacks in trusted flows to trick users into giving up credentials.
06
Microsoft disclosed two Office suite vulnerabilities—CVE-2025-54910 and CVE-2025-54906—both enabling remote code execution through malicious documents requiring user interaction, often via phishing or compromised websites.
07
Researchers discovered that the Amp’ed RF BT-AP 111 Bluetooth Access Point has a critical flaw – its HTTP-based admin interface has no authentication, allowing any attacker full administrative access.
08
SessionReaper (CVE-2025-54236), a critical unauthenticated RCE flaw in Adobe Commerce/Magento, has been discovered that lets attackers take over customer accounts and execute arbitrary code.
09
Naq, a cybersecurity and compliance company, has raised $6.6 million in Series A funding from Automate Health to expand its software-led healthcare compliance solutions.
10
Cybersecurity start-up Geordie secures $6.5 million in seed funding, co-led by Ten Eleven Ventures and General Catalyst, with participation from angel investors.
