On Monday, Apple rolled out new security updates for the latest generation mobile devices, resolving 60 vulnerabilities with iOS 18.4 and iPadOS 18.4, and 38 flaws with iPadOS 17.7.6.

Researchers at eSentire spotted a new KoiLoader variant using phishing, LNK file abuse, PowerShell, and layered scripts to evade detection, gain persistence, and deliver KoiStealer malware for data theft via encrypted C2 communication.

The attack chains involve the use of provisioning packages (.ppkg), signed Microsoft Windows Installer files (.msi), and .msc files to deliver information stealers and backdoors that are capable of persistence and data theft.

Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.

The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the rise, with threat actors now utilizing the folder to run three distinct types of malicious code.

Blockchain intelligence platform TRM Labs reports that U.S. state investigators, primarily the FBI, uncovered laundering patterns of amounts linked to 'romance baiting' operators, enabling them to file a dual legal forfeiture.

During the outage, the Moscow subway’s website displayed a message purportedly from Ukraine’s national railway operator, Ukrzaliznytsia, which was recently hit by a large-scale cyberattack.

Cisco Talos reported an ongoing campaign targeting Ukrainian users with malicious LNK files, which run a PowerShell downloader, since at least November 2024. The file names use Russian words related to the movement of troops in Ukraine as a lure.

Researchers found unused code and dynamic payload loading, hinting at the malware being under active development, indicating future updates may address any issues with contemporary versions.

The Python-based Discord Remote Access Trojan (RAT) leverages Discord’s API as a C2 server to execute arbitrary system commands, steal sensitive information, capture screenshots, and manipulate both local machines and Discord servers.