A fraud campaign exploiting Indonesia's Coretax tax platform has resulted in financial losses of $1.5m to $2m. The operation identified 228 new malware samples and 996 phishing URLs, targeting a potential pool of 67 million Indonesian taxpayers.

The Remcos RAT has evolved with new real-time surveillance capabilities and stronger evasion techniques. Originally a legitimate remote management tool, Remcos has been repurposed as a Remote Access Trojan.

A critical vulnerability has been identified in the Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller. This vulnerability, which lacks authentication for a critical function, could lead to over- or under-odorization events.

Multiple critical vulnerabilities have been identified in the Jinan USR IOT Technology Limited (PUSR) USR-W610 device, potentially allowing unauthorized access and denial-of-service attacks.

A critical vulnerability in the better-auth library allows unauthenticated attackers to create API keys for arbitrary users, posing a significant risk of account takeover and MFA bypass.

ATM jackpotting is a significant threat, with over $20 million stolen using malware-assisted techniques. The Ploutus malware exploits the XFS API, allowing attackers to dispense cash without bank authorization.

Volt Typhoon continues to target strategically important sites, maintaining long-term access to operational technology networks. This access could enable destructive cyberattacks aimed at slowing U.S. military mobilization.

The vulnerability in TeamT5 ThreatSonar Anti-Ransomware allows remote attackers with administrator privileges to upload malicious files, potentially leading to arbitrary command execution on the server.

The cybersecurity landscape is increasingly threatened by state-sponsored groups, particularly from China and Russia, targeting critical infrastructure in the US. Notably, the Volt Typhoon group has been embedding malware in US energy networks.

Hackers are exploiting fake Social Security Administration (SSA) emails to hijack PCs by abusing the ScreenConnect tool. This attack does not rely on new viruses but rather on hijacking existing tools and weakening system defenses.