Hackers have been using Nezha with scripts containing Simplified Chinese messages, and their command center is hosted on Alibaba Cloud services in Japan. This activity is part of a broader trend of digital warfare.

A malicious npm package named lotusbail has been identified, posing as a legitimate WhatsApp Web API library. This package is a fork of the WhiskeySockets Baileys project and has been downloaded over 56,000 times.

Brevard Skin and Cancer Center has notified over 55,000 individuals of a data breach that compromised sensitive personal information, including names, SSNs, billing and claims information, diagnoses, clinical information, and more.

A sophisticated espionage campaign by the SideWinder APT group targets Indian entities by impersonating the Income Tax Department of India. The campaign uses advanced techniques such as DLL side-loading with legitimate Microsoft Defender binaries.

Frogblight is a newly identified Android malware targeting users in Turkiye. It spreads through smishing attacks, masquerading as legitimate court and aid applications. The malware uses the Turkish name 'Davalar?m' to appear legitimate.

Cyberespionage group Goffee launched a campaign targeting Russian military personnel and defense-industry organizations. The campaign uses phishing lures, including fake New Year concert invitations and letters impersonating Russian officials.

A deep-dive analysis by Gen Digital (Gen Threat Labs) has unveiled AuraStealer, an emerging Malware-as-a-Service (MaaS) that is rapidly gaining traction in underground forums by leveraging a devious distribution tactic known as “Scam-Yourself.”

A deceptive social engineering tactic known as “ClickFix” has evolved into a gateway for major ransomware attacks, with researchers uncovering a direct link between these fake verification prompts and the notorious Qilin ransomware group.

Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals.

CISA, National Security Agency, and Canadian Centre for Cyber Security have released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples.