Cybercrime
-
Zimbra zero-day reportedly used to target Brazilian military, report says
A stored cross-site scripting flaw in Zimbra Collaboration (CVE-2025-27915) was exploited in attacks that targeted the Brazilian military using malicious ICS calendar files, a StrikeReady Labs report said; Zimbra issued patches in January 2025.
-
Trend Micro: SORVEPOTEL self‑propagating malware spreads via WhatsApp, hits Brazil hard
Trend Micro researchers said a self‑propagating malware campaign called SORVEPOTEL is spreading via WhatsApp and email to Windows desktops, concentrating in Brazil; it propagates through malicious ZIP attachments and PowerShell, aims for rapid spread rather than data theft, and has led to mass spam and account suspensions.
-
Renault and Dacia inform UK customers of data exposure after third‑party breach
Renault and Dacia told UK customers that personal data held by a third‑party provider was taken in a cyberattack, exposing names, contact details and vehicle identifiers; Renault said banking data was not exposed and declined to name the supplier or say how many customers were affected.
-
Confucius-linked phishing in Pakistan used WooperStealer and Anondoor, researchers say
Researchers say the Confucius hacking group targeted Pakistani users with phishing lures that delivered WooperStealer and, in later attacks, a Python backdoor called Anondoor; Fortinet and K7 Security Labs described the techniques and capabilities but did not disclose victim counts.
-
Malicious PyPI package ‘soopsocks’ acted as SOCKS5 proxy and Windows backdoor, researchers say
Researchers say a PyPI package called soopsocks posed as a SOCKS5 proxy but included Windows backdoor capabilities, downloaded 2,653 times before removal; analysis attributes reconnaissance, privilege elevation, firewall changes and data exfiltration to a compiled executable and accompanying scripts.
-
US Air Force investigating ‘privacy-related issue’ after alleged SharePoint notice
The Department of the Air Force is investigating a “privacy-related issue” after an alleged notice said USAF SharePoint permissions exposed PII and PHI and that SharePoint, Teams and Power BI might be blocked; officials have provided limited confirmation and Microsoft declined to comment.
-
New Android banking trojan Klopatra has infected more than 3,000 devices, Cleafy says
Cleafy said a new Android banking trojan called Klopatra has infected over 3,000 devices, mainly in Spain and Italy, using VNC remote control, dynamic overlays and abuse of Android accessibility services to steal credentials and perform fraudulent transfers.
-
Okta says North Korean ‘IT worker’ scam is targeting healthcare, finance and AI hiring
Okta Threat Intelligence reported that nearly half of companies targeted by a North Korean-linked fake remote-worker scheme are outside IT, with rising activity in healthcare, finance and AI hiring; the firm tracked over 130 identities tied to more than 6,500 interviews from 2021 to mid-2025 and warned the sample likely understates the full scale.
-
Unit 42 says China-aligned actor ‘Phantom Taurus’ has targeted government and telecom organisations in Africa, Middle East and Asia
Palo Alto Networks’ Unit 42 said a China-aligned actor it calls ‘Phantom Taurus’ has conducted an ongoing espionage campaign against government and telecom organisations across Africa, the Middle East and Asia, using bespoke .NET malware against IIS servers and tools to exfiltrate database content.
-
Breach of RemoteCOM surveillance service exposes records of nearly 14,000 monitored people
A breach of RemoteCOM’s SCOUT monitoring system exposed nearly 14,000 records of people under court supervision and contact details for thousands of officers, with leaked files showing device monitoring data, activity alerts and fees for monitored individuals.
