Amatera Stealer is a rebranded and significantly enhanced version of ACR Stealer, now distributed as a malware-as-a-service (MaaS). It features advanced evasion techniques, dynamic payload delivery, and a stealthy command-and-control (C2) mechanism.

A critical command injection vulnerability, CVE-2024-3721, in TBK DVR devices is being actively exploited by multiple botnet operators. This flaw enables unauthenticated remote code execution via crafted HTTP requests.

A new malicious WordPress plugin named wordpress-player.php has been discovered, designed to covertly redirect site visitors to suspicious domains. At least 26 websites have been confirmed as infected, indicating a growing campaign.

A new campaign by the North Korean APT group BlueNoroff (also known as TA444 or Sapphire Sleet) leverages deepfake videos of company executives during Zoom calls to distribute custom macOS malware.

A malicious Python package named chimera-sandbox-extensions was discovered on PyPI, targeting developers using the chimera-sandbox environment. The package is designed to steal sensitive infrastructure-specific data.

A cyber extortion group known as World Leaks has claimed responsibility for a significant data breach at Freedman HealthCare. The attackers allege they have exfiltrated 52.4 GB of sensitive data comprising 42,204 files.

A recent discovery has revealed a sophisticated steganographic technique used to embed a malicious Windows executable within a JPEG image. The payload was hidden using Base64 obfuscation and detected through dynamic analysis.

Two separate cyberattacks have disrupted government operations in Thomasville, North Carolina, and the Ogeechee Judicial Circuit District Attorney’s Office in Georgia. These incidents have led to significant service outages.

GrayAlpha, a threat actor overlapping with FIN7, has been observed deploying NetSupport RAT using diverse infection vectors and custom loaders. The group utilizes PowerNet, a PowerShell loader, and MaskBat.

Episource, a medical software provider, suffered a ransomware attack between January 27 and February 6, 2025, compromising sensitive health and insurance data. The breach impacted at least 24,259 individuals in Texas.