The Gentlemen threat group clearly isn’t living up to its name, as it launched a ruthless ransomware campaign hitting manufacturing, construction, healthcare, and insurance sectors across 17 countries, with most activity focused in the U.S. and APAC regions. Meanwhile, Chinese-speaking users are being lured into downloading RATs like ValleyRAT, FatalRAT, and kkRAT from phishing sites on GitHub Pages disguised as legitimate software installers. Adding to the mix, attackers are also weaponizing obfuscated BAT-based loaders to deploy fileless RATs such as XWorm and Remcos. Keep reading for more cybersecurity updates.
01
The Gentlemen threat group launched a ransomware campaign to target manufacturing, construction, healthcare, and insurance industries across 17 countries, with activity concentrated in the U.S. and the APAC regions.
02
A malware campaign has been targeting Chinese-speaking users and delivering ValleyRAT, FatalRAT, and kkRAT via phishing sites on GitHub pages that mimic popular software installers to distribute malicious executables.
03
A malicious campaign is targeting Meta advertisers with fake Chrome extensions such as “Madgicx Plus,” masquerading as AI ad optimization tools but designed to steal credentials, hijack sessions, and compromise Meta Business accounts.
04
A sophisticated fileless malware campaign has been exploiting legitimate system tools to run code entirely in memory, evading detection and analysis, and ultimately delivering the AsyncRAT via a multi-stage loader.
05
Attackers are using BAT-based loaders to execute PowerShell loaders that deploy fileless RATs like XWorm and Remcos, and they’re evading detection by hiding malicious JavaScript inside SVG files for stealthy distribution.
06
VoidProxy, a Phishing-as-a-Service (PhaaS) platform, is targeting Microsoft, Google, and third-party SSO accounts, using Adversary-in-the-Middle (AitM) techniques to intercept credentials, MFA codes, and session tokens.
07
Samsung patched a critical RCE vulnerability (CVE-2025-21043) that was actively exploited in zero-day attacks, allowing attackers to execute malicious code remotely.
08
A critical vulnerability (CVE-2025-58754) in the Axios HTTP client lets attackers crash Node.js applications by abusing data URL handling—improper decoding of large Base64 payloads directly into memory bypasses memory protections and triggers DoS.
09
Cisco’s September 2025 security advisory patched three IOS XR flaws: a high-severity ISO image signature verification bypass (CVE-2025-20248), a DoS bug in ARP handling (CVE-2025-20340), and a medium-severity ACL bypass (CVE-2025-20159).
10
Miru, a cybersecurity start-up, has raised $2.7 million in a pre-seed funding round led by Dreamcraft, Cadenza, and Seedcamp with support from Inovia, Plug and Play, Notion, and Alphagraph.
