Recorded Future reports APT28, linked to Russia’s GRU, running sustained credential-harvesting attacks against UKR Net users using phishing emails and two-factor authentication capture.
Kaspersky reports fresh phishing attacks tied to Operation ForumTroll targeting Russian academics, using fake eLibrary emails and advanced malware delivery techniques.
This week Threatsday Bulletin outlines major cyber incidents worldwide including botnets malware arrests privacy debates AI abuse and infrastructure vulnerabilities shaping digital security.
Cybersecurity researchers reveal active phishing campaigns targeting Russian organizations using malicious ISO files to deploy Phantom Stealer and AdaptixC2 implants across multiple sectors.
Google issues Chrome security updates to fix three vulnerabilities, including a high severity ANGLE buffer flaw under active exploitation, urging users of Chrome and Chromium based browsers to update immediately.
Elastic Security Labs uncovers Nanoremote, a Windows backdoor linked to REF7707 that uses Google Drive API for covert command and control and shares code with the Finaldraft malware family.
Microsoft releases security updates for 56 flaws across Windows and Edge, addressing an actively exploited zero-day in Cloud Files Mini Filter Driver, alongside two additional critical command injection vulnerabilities.
North Korean-linked threat actors are exploiting the React2Shell vulnerability to deploy EtherRAT, a sophisticated remote access trojan using Ethereum smart contracts and multiple persistence methods targeting Linux systems.
CISA adds React2Shell to its KEV catalog following active exploitation of CVE-2025-55182, impacting React Server Components and frameworks including Next.js and RedwoodSDK.
U.S. CISA issues alert on BRICKSTORM, a Golang-based backdoor targeting VMware vSphere and Windows systems, used by China-linked groups for persistent network access and data exfiltration.
