Threat actors are using a recently patched vulnerability in Microsoft WSUS, known as CVE-2025-59287, to distribute ShadowPad malware. This backdoor, linked to Chinese hacking groups, allows attackers to execute commands and install additional malicious tools on compromised systems.

This article examines how the Russian threat group Primitive Bear uses a recently discovered WinRAR vulnerability (CVE-2025-6218) to launch malware attacks targeting Ukrainian entities. The analysis highlights the group's methodology, including the use of deceptive file names to trick victims into executing malicious scripts.

The article details a sophisticated malware operation by North Korean threat actors using npm packages to deliver malicious code. It explains how they utilize GitHub and Vercel to manage and deploy payloads, highlighting various tactics for data theft, including clipboard access, keylogging, and file exfiltration.

Hackers exploited a zero-day vulnerability in Triofox, a file-sharing platform, to bypass authentication and deploy malicious payloads. They manipulated HTTP host headers to gain access and configured the system's anti-virus feature to run their own scripts, allowing further exploitation.

A new strain of malware named "Gayfemboy," based on the Mirai botnet, has been identified targeting vulnerabilities in devices from various vendors including DrayTek and TP-Link. The malware has shown evolved techniques for obfuscation, self-protection, and remote control, enabling attackers to gain control over infected systems and conduct DDoS attacks across multiple sectors worldwide.

Kaspersky uncovered a cyber espionage campaign dubbed Operation ForumTroll, where sophisticated phishing emails led to infections via a zero-day exploit in Google Chrome. The malware identified, known as "Dante," was traced back to the Italian company Memento Labs and utilized advanced techniques to bypass browser security measures, highlighting ongoing vulnerabilities in web applications.

Over 300 entities have been affected by a new variant of the Atomic MacOS Stealer malware in a recent campaign. This malicious software targets MacOS systems to extract sensitive information, raising concerns about the security of Apple devices. Cybersecurity experts are advising users to remain vigilant and implement protective measures.

Hacking groups, including those affiliated with the North Korean government, are utilizing a new method called EtherHiding to distribute malware via public cryptocurrency blockchains. This technique embeds malware within smart contracts, providing a decentralized and nearly untouchable platform for cybercriminals to operate, thus enhancing the resilience against law enforcement actions.

North Korean hackers are reportedly combining the Beavertail malware with other cyber-attack techniques to enhance their infiltration capabilities. This new strategy is part of a broader trend of increasing cyber warfare tactics from the regime that targets various sectors globally.

A group has adapted its tactics to exploit the ongoing protests in Nepal by deploying mobile and Windows malware alongside phishing schemes to steal sensitive data. Utilizing the guise of Nepalese Emergency Services and military figures, they trick users into downloading malicious applications that exfiltrate personal information. The article highlights specific malware samples and their indicators of compromise (IOCs).