Researchers found a sophisticated malware framework called VoidLink that targets Linux machines, particularly in cloud environments. It has over 30 customizable modules for reconnaissance, privilege escalation, and stealth, indicating a shift towards targeting Linux systems by professional threat actors.

Ukrainian Defense Forces were attacked by a charity-themed malware campaign delivering backdoor malware called PluggyApe, likely linked to the Russian threat groups Void Blizzard and Laundry Bear. The campaign used deceptive messages to lure victims into downloading malicious files disguised as documents. CERT-UA warns that mobile devices are increasingly targeted due to their weaker security.