Think your browser’s safe? Think again! Attackers are engineering believable traps. A sophisticated malvertising campaign is using SEO poisoning to steer Bing users toward teams-install.icu, a lookalike Microsoft site that drops Oyster malware via a weaponized Teams installer. Olymp Loader, a new Assembly?written MaaS, claims to evade modern AV and ML heuristics. Meanwhile, threat actors abuse lax Dynamic DNS registration practices, with over 591,000 domains linked to malicious activity. Keep up with the latest threats and security updates from the weekend.
01
A sophisticated malvertising campaign is using SEO poisoning to redirect Bing users to teams-install.icu, a fake Microsoft site, delivering Oyster malware via a weaponized Teams installer.
02
Olymp Loader, a new Malware-as-a-Service (MaaS) platform written in Assembly, claims to bypass modern antivirus engines and machine learning-based heuristics.
03
A spear-phishing campaign targeting the manufacturing industry delivered DarkCloud version 3.2 malware through malicious zip archives attached to financial-themed phishing emails designed to appear legitimate.
04
Researchers have identified the first-ever malicious MCP server, discovered within a rogue npm package named "postmark-mcp." This package, which imitated an official Postmark Labs library, introduced harmful functionality in version 1.0.16.
05
Researchers have uncovered significant privacy and security vulnerabilities in Tile tracking tags, which are used by over 88 million users globally. These flaws allow malicious actors to track users and bypass anti-stalking protections.
06
Threat actors exploit Dynamic DNS providers for malicious activities due to minimal regulatory oversight and anonymous registration processes. Over 591,000 domains linked to malicious activities have been identified.
07
Arctic Wolf reports a surge in Akira ransomware attacks on SonicWall firewalls, exploiting CVE-2024-40766 to bypass MFA via malicious SSL VPN logins with valid credentials.
08
A deserialization flaw (CVE?2025?10035) in Fortra’s GoAnywhere MFT License Servlet, is being actively exploited as a zero?day to enable unauthenticated remote command injection using forged license response signatures.
09
A critical DLL hijacking vulnerability (CVE-2025-56383) in Notepad++ version 8.8.3, has been identified that allows attackers to execute arbitrary code by replacing legitimate DLL files within the plugin directory with malicious versions.
10
Chicago-based cybersecurity startup SafeHill has come out of stealth mode after securing $2.6 million in pre-seed funding, led by Mucker Capital and Chingona Ventures.
