A malicious campaign is distributing the NjRat Remote Access Trojan (RAT) through a fake Minecraft installer disguised as a browser-based clone called Eaglercraft 1.12 Offline.

Researchers uncovered critical vulnerabilities in AI-powered coding tools that prioritize development speed over security. Tools like CodeRabbit can be exploited to perform RCE and exfiltrate sensitive data from development environments.

Attackers continue to exploit CVE-2017-11882, a remote code execution vulnerability in Microsoft Office's Equation Editor, despite it being patched in 2017 and the component being removed in 2018.

A sophisticated wave of fraudulent “AI-powered” trading platforms is targeting global investors using deepfake technology and coordinated online deception. These exploit artificial intelligence to impersonate public figures and fabricate credibility.

Allianz Life has confirmed a significant data breach involving the exposure of 2.8 million sensitive records, affecting the majority of its 1.4 million customers. The breach is linked to a compromise of a third-party Salesforce CRM system.

The most common initial access vectors included: VPN accounts – 23.5% Domain user accounts – 19.9% Remote Desktop Protocol (RDP) – 16.7% Such access enables threat actors to perform lateral movement, defense evasion, and data exfiltration.

Since late 2022, threat researchers from Unit 42 have tracked at least seven distinct strike teams associated with Muddled Libra. These teams are not static; personas frequently move between them, and their objectives and methods evolve over time.

A persistent malvertising campaign active throughout 2025 is delivering PS1Bot, a modular multi-stage malware framework written in PowerShell and C#. PS1Bot is designed for stealth and flexibility.

The vulnerabilities pose severe risks including full system compromise, unauthorized code execution, and unauthorized database access. Exploitation could lead to loss of confidentiality, integrity, and availability across affected SAP environments.

A recent cyberattack on the U.S. federal court filing system, PACER, has been attributed to Russian government hackers. The breach has compromised sealed legal records and potentially exposed the identities of confidential informants.