A sophisticated phishing campaign is actively targeting email users by impersonating internal security alert systems. These emails appear to originate from the recipient’s own corporate domain.

A new PhaaS platform, Quantum Route Redirect, is enabling cybercriminals to launch sophisticated phishing campaigns with minimal technical expertise. The platform has been used to target users across 90 nations, with 76% of victims located in the US.

Fantasy Hub is a sophisticated Android Remote Access Trojan (RAT) sold as a Malware-as-a-Service (MaaS) offering, primarily targeting mobile banking users and BYOD environments.

Qilin ransomware, a long-standing Ransomware-as-a-Service (RaaS) operation, has seen a surge in activity, primarily targeting small-to-medium-sized businesses across the construction, healthcare, and financial sectors.

North Korea-linked threat actor KONNI has been observed abusing Google's Find My Device feature to remotely factory reset Android smartphones and tablets belonging to South Korean targets.

A large-scale phishing campaign is actively targeting users of Meta Business Suite by exploiting Facebook’s legitimate business invitation infrastructure. Over 40,000 phishing emails have been distributed to more than 5,000 SMBs.

A high-severity vulnerability has been identified in the Zoom Workplace VDI Client for Windows. This flaw allows authenticated local attackers to escalate privileges due to improper verification of cryptographic signatures in the installer.

A Russian national will plead guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks that targeted at least eight U.S. companies between July 2021 and November 2022.

North Korean hackers are abusing Google’s Find Hub tool to track the GPS location of their targets and remotely reset Android devices to factory settings. The attacks are primarily targeting South Koreans.

Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant of the Comebacker backdoor to infiltrate high-value targets.