Just when you thought ransomware couldn’t get any trickier, LockBit leveled up from 4.0 to 5.0, and it’s bringing a whole new bag of nasty surprises. LockBit 5.0 has raised the stakes in ransomware attacks by adding advanced obfuscation, anti?analysis features, and cross?platform support for Windows, Linux, and ESXi. Meanwhile, North Korean threat actors are running a deceptive “Contagious Interview” campaign, tricking cryptocurrency and Web3 developers with fake LinkedIn job offers. On the enterprise front, the UK’s NCSC has issued alerts about ongoing malware campaigns targeting Cisco ASA 5500-X devices. Catch up on the most recent cybersecurity incidents and updates.
01
LockBit 5.0 has introduced advanced obfuscation, anti?analysis techniques, and cross?platform capabilities for Windows, Linux, and ESXi to maximize business disruption over its 4.0 predecessor.
02
North Korean hackers are running a “Contagious Interview” campaign, using fake LinkedIn job offers to infect cryptocurrency and Web3 developers with malware like AkdoorTea, TsunamiKit, and Tropidoor to steal data and funds.
03
A phishing campaign is targeting PyPI users with fake emails asking for account verification, redirecting them to malicious domains like "pypi-mirror.org".
04
A new XCSSET variant is targeting macOS by infecting Xcode projects and adding updated modules for browser targeting, clipboard hijacking, and enhanced persistence.
05
A new Windows malware, LAMEHUG, has been using Hugging Face–hosted LLMs to generate real-time commands for reconnaissance, data theft, and system manipulation, delivered via spear-phishing and built to adapt and evade detection.
06
A large-scale Loader-as-a-Service botnet has been spreading malware such as RondoDoX, Mirai, and Morte by exploiting weak credentials, unsanitized inputs, and outdated CVEs across SOHO routers, IoT devices, and enterprise applications.
07
The NCSC has warned of ongoing malware campaigns targeting Cisco ASA 5500-X devices, highlighting the RayInitiator and LINE VIPER malware components to help organizations detect and mitigate malicious activity.
08
Cisco disclosed a critical vulnerability (CVE-2025-20363) affecting multiple platforms handling HTTP-based management, enabling full root code execution and total device compromise.
09
A critical Salesforce Agentforce vulnerability, ForcedLeak, has been exploiting indirect prompt injection and CSP bypass to allow attackers to exfiltrate sensitive CRM data, posing unique risks to AI agents.
10
A critical vulnerability (CVE-2025-34508) has been discovered in the file-sharing tool ZendTo that allows authenticated users to bypass security controls via path traversal, potentially accessing sensitive files.
