The emails demand users open attachments that combine VBScript with PowerShell scripts, downloading files from external sources like planachiever.au and tripplebanks.duckdns.org.

The McAfee Mobile Research Team discovered malware campaigns abusing .NET MAUI, a cross-platform development framework, to evade detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information.

Pulsedive Threat Research identified multiple delivery mechanisms used to distribute Rilide. Phishing websites are the most common method, but newer versions have been adapted to work with Chrome Extension Manifest V3.

The vulnerability, tracked as CVE-2025-0927, a heap overflow in the HFS+ file system implementation, could allow an attacker to escalate local privileges on affected systems.

The attack disrupted online services, including the mobile app used for ticket purchases, but did not affect train schedules, Ukrzaliznytsia said. The railway operator is investigating the incident along with Ukraine’s security services.

A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers.

In February 2025, Hunters International exploited CVE-2024-55591 in FortiOS to breach a retailer. They used VPN access, deceptive accounts, Rclone, and WinSCP for data exfiltration before deploying Rust-based ransomware and disabling recovery.

Law enforcement agencies in seven African countries arrested over 300 suspected cybercriminals involved in mobile banking, investment and messaging app scams, according to a statement on Monday by Interpol.

The malware is distributed via a DMG file named Installer_v2.7.8.dmg, leveraging a clever trick to bypass macOS Gatekeeper. Victims are instructed to right-click and select “Open,” sidestepping Apple’s verification mechanism.

After responsible disclosure, the vulnerabilities were fixed in Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7. Users should update promptly and secure the admission webhook endpoint from external exposure.