Threat actors are using a recently patched vulnerability in Microsoft WSUS, known as CVE-2025-59287, to distribute ShadowPad malware. This backdoor, linked to Chinese hacking groups, allows attackers to execute commands and install additional malicious tools on compromised systems.

Chinese-speaking hackers used a compromised SonicWall VPN to access VMware ESXi systems, exploiting three zero-day vulnerabilities for potential ransomware attacks. Cybersecurity firm Huntress intervened before the attack could escalate, revealing a sophisticated toolkit that enables virtual machine escapes and backdoor access.

Kaspersky uncovered a cyber espionage campaign dubbed Operation ForumTroll, where sophisticated phishing emails led to infections via a zero-day exploit in Google Chrome. The malware identified, known as "Dante," was traced back to the Italian company Memento Labs and utilized advanced techniques to bypass browser security measures, highlighting ongoing vulnerabilities in web applications.