Risk
-
Iran-linked Subtle Snail Targets European Telecoms in LinkedIn Recruitment Scheme, 34 Devices Infected
A Iran-linked cyber espionage group known as UNC1549, also called Subtle Snail, has been attributed to a campaign against European telecommunications firms, infiltrating 34 devices across 11 organizations through LinkedIn-based recruitment lures and a modular backdoor named MINIBIKE designed for long-term data exfiltration.
-
Fortra patches critical GoAnywhere MFT flaw; admins urged to restrict internet exposure of Admin Console
Fortra has issued patches for a critical GoAnywhere MFT vulnerability (CVE-2025-10035) that could enable remote command injection via deserialization. The company urges administrators to secure Admin Console access and apply the latest updates, as Shadowserver tracks hundreds of GoAnywhere instances and exposure continues to be a concern.
-
ESET: Gamaredon and Turla Coordinating Campaign Targets Ukrainian Institutions, Deploying Kazuar Backdoor
Security researchers have identified a coordinated campaign between Gamaredon and Turla targeting Ukrainian entities, with Kazuar backdoor deployments signaling active collaboration and evolving tactics across multiple campaigns in early 2025.
-
CountLoader: New Russian-linked malware loader broadens post-exploitation toolkit, researchers warn
Cybersecurity researchers have identified CountLoader, a new malware loader used by Russian ransomware groups to deliver post-exploitation tools such as Cobalt Strike, AdaptixC2, and the PureHVNC RAT. The loader, observed in variants across .NET, PowerShell, and JavaScript, targets Ukrainian users with PDF phishing lures and features a BrowserVenom proxy capability, multiple download/execution methods, and a…
-
WatchGuard patches critical remote-code vulnerability in Firebox firewalls (CVE-2025-9242)
WatchGuard issued patches for a critical remote-code execution flaw in Firebox firewalls (CVE-2025-9242) caused by an out-of-bounds write in the Fireware OS iked process, affecting several Fireware versions; admins are urged to patch or apply temporary mitigations.
-
TA558 Deploys AI-Generated Scripts to Deliver Venom RAT, Targeting Hotels in Latin America
Kaspersky links TA558’s latest activity to the RevengeHotels cluster, where attackers use AI-generated scripts to deliver Venom RAT to hotels in Latin America through phishing emails, with goals including stealing guest credit card data and expanding their reach via AI-assisted phishing.
-
AI-assisted CopyCop disinformation network expands with hundreds of fake-news sites, researchers say
A Recorded Future Insikt Group study finds that CopyCop, a Kremlin-linked disinformation network, has expanded into hundreds of AI-generated fake-news sites, using self-hosted Llama 3 models to craft content and deepen influence across the U.S., Europe, and Canada, while funding and infrastructure details highlight the scale of the operation.
-
TA415 Uses Visual Studio Code Remote Tunnels in Targeted U.S.-China Policy Espionage Campaign
A China-aligned threat actor known as TA415 carried out spear-phishing campaigns targeting U.S. policy and economic-relations circles, using VS Code Remote Tunnels and a Python loader, WhirlCoil, to establish a persistent backdoor and harvest data amid ongoing U.S.-China trade talks, according to Proofpoint.
-
Insight Partners notifies thousands after ransomware breach, exposing personal and investor data
New York-based Insight Partners said thousands of individuals were affected by a ransomware breach that involved data exfiltration and subsequent server encryption, with notification letters and identity monitoring offered to impacted individuals and a Sept. 2025 deadline for confirming exposure.
-
Critical Chaos Mesh Flaws Could Allow Kubernetes Cluster Takeover; Patch Released
Cybersecurity researchers warned of four critical vulnerabilities in Chaos Mesh that could enable an in-cluster attacker to seize control of Kubernetes clusters, potentially exfiltrating data or disrupting services. Chaos Mesh issued a patch with version 2.7.3 and urges users to update or apply mitigations to limit exposure.
