Havoc
-
TrueConf zero-day exploited in attacks on Southeast Asian government entities
A zero-day in TrueConf client video conferencing software was exploited in attacks on Southeast Asian government entities. The flaw let a tampered update run arbitrary code, and the vendor has since patched it in Windows client 8.5.3.
-
Amaranth Dragon exploits WinRAR flaw to target Southeast Asian agencies
Amaranth Dragon exploited CVE-2025-8088 in WinRAR to target government and law enforcement agencies across six Southeast Asian countries from mid-2025, delivering encrypted loaders and using Cloudflare-backed command servers.
-
Kaspersky: Tomiris APT increasingly uses Telegram and Discord as command-and-control channels
Kaspersky researchers reported that the Tomiris threat actor has targeted diplomatic and government entities, increasingly using public services like Telegram and Discord as command-and-control channels and deploying multi-language implants and open-source C2 frameworks.
-
China-linked Tick group exploits Lanscope flaw to deploy Gokcpdoor backdoor
A critical Lanscope Endpoint Manager flaw (CVE-2025-61932, CVSS 9.3) has been exploited by the Tick espionage group to deploy a Gokcpdoor backdoor and other tooling, with JPCERT/CC confirming active abuse and researchers advising prompt patching and review of internet-exposed servers.
