VulnHub

BitSight research highlights a significant cybersecurity threat where threat actors exploit calendar subscriptions to deliver phishing links and malware via hijacked domains. This method poses a serious risk as it can lead to social engineering attacks, potentially compromising sensitive information and systems.

The article reports on a cyber attack campaign by the threat actor Bloody Wolf, which has been targeting Kyrgyzstan since June 2025 and has recently expanded its operations to Uzbekistan. The primary objective of these attacks is to deliver the NetSupport Remote Access Trojan (RAT), posing significant risks to the affected regions' cybersecurity landscape.

This article highlights various cybersecurity threats, including AI-powered malware, vulnerabilities in voice bots, and significant money laundering activities. It emphasizes the evolving tactics of cybercriminals and the ongoing efforts of governments and security teams to combat these threats.

The Shai-Hulud supply chain attack has escalated, now affecting the Maven ecosystem after previously compromising over 830 npm packages. The identified package, org.mvnpm:posthog-node:4.18.1, contains malicious components that pose significant risks to software security.

The article reports on a hacking operation linked to Russia, specifically targeting a U.S. civil engineering firm that has connections to Ukraine. The attackers used the SocGholish malware, highlighting the ongoing cybersecurity threats faced by organizations involved in geopolitical conflicts.

A malicious Chrome extension named Crypto Copilot has been identified, capable of injecting hidden Solana transfer fees into swap transactions, redirecting funds to an attacker's wallet. This poses a significant threat to users engaging in cryptocurrency transactions on the Raydium platform, highlighting the need for vigilance against browser-based threats.

The RomCom malware has been distributed using a JavaScript loader called SocGholish, targeting a U.S.-based civil engineering company to deliver the Mythic Agent. This marks the first instance of RomCom being deployed via SocGholish, highlighting a significant development in the tactics of threat actors.

A new cybersecurity campaign is utilizing fake Windows update pop-ups on adult websites to trick users into executing malicious commands. This method combines ClickFix lures with phishing tactics, posing a significant risk to users who visit these sites.

The article discusses a new macOS malware chain attributed to FlexibleFerret, which employs staged scripts and a Go-based backdoor to steal user credentials and maintain persistent access to infected systems. This represents a significant cybersecurity threat to macOS users, emphasizing the need for heightened security measures against such sophisticated attacks.

ToddyCat, a threat actor, has developed a new tool called TCSectorCopy to steal Outlook emails and Microsoft 365 access tokens by exploiting the OAuth 2.0 authorization protocol through users' browsers. This poses a significant threat to corporate email security, as it allows unauthorized access to sensitive information outside the compromised infrastructure.

Cybersecurity researchers have identified a campaign that exploits Blender Foundation files to distribute StealC V2, a data-stealing malware. This operation has been ongoing for at least six months, posing significant risks to users who download infected .blend files from platforms like CGTrader.