VulnHub

ESET researchers have uncovered a spyware campaign targeting individuals in Pakistan that employs romance scam tactics. This operation uses a malicious app masquerading as a chat service, which facilitates conversations through WhatsApp but primarily serves to steal data from infected devices. The malware is identified as GhostChat, and it appears to be part of a larger surveillance effort by the same threat actor. This incident is particularly concerning as it exploits personal relationships and trust, potentially affecting many unsuspecting users who are seeking companionship online. The implications of such spyware are significant, as it not only compromises personal data but also raises issues of privacy and security in digital communications.

The U.S. Justice Department has charged 31 individuals connected to a widespread ATM jackpotting scheme that exploited Ploutus malware to steal cash from ATMs nationwide. This malware allows attackers to manipulate ATM systems, enabling them to dispense large amounts of cash illegally. The recent indictments are part of ongoing efforts to combat this type of cybercrime, which poses significant risks to financial institutions and the security of ATM networks. With these arrests, authorities aim to disrupt the operations of organized criminal groups involved in such schemes. This incident serves as a reminder for banks and ATM operators to enhance their security measures against sophisticated cyber threats.

A report from Trellix reveals that healthcare cyberattacks are becoming a significant safety issue, with over 54.7 million detections reported in 2025. Email is identified as the main attack vector, accounting for 85% of these incidents, and the United States is the most targeted nation, representing 75% of the detections. This alarming trend shows how vulnerable healthcare systems are to cyber threats, which can compromise patient safety and data integrity. With the increasing reliance on digital communication in healthcare, organizations need to bolster their security measures to protect sensitive information and ensure operational continuity. The findings call for urgent attention from healthcare providers to strengthen their defenses against these persistent cyber threats.

A vulnerability in WinRAR, a popular file compression software, is being exploited by Russian and Chinese nation-state attackers, even though a patch was released last July to fix the issue. This flaw poses a significant risk, particularly to small and medium-sized businesses (SMBs), which may not have updated their software or may be unaware of the vulnerability. The fact that this exploitation is ongoing months after the patch was issued raises concerns about the security practices of many organizations. Companies using affected versions of WinRAR need to take immediate action to protect themselves from potential breaches. Staying updated with software patches is crucial, especially when attackers are targeting known vulnerabilities.

In late December, Poland's energy grid experienced a coordinated cyberattack that affected around 30 facilities nationwide. The attackers targeted various distributed energy resources, including combined heat and power plants, as well as wind and solar energy systems. This incident raises concerns about the security of critical infrastructure, as energy systems are essential for everyday life and economic stability. The attack not only disrupted operations but also highlighted vulnerabilities in the energy sector that could be exploited in the future. Authorities are likely to investigate the incident further to bolster defenses against potential future threats.

Fortinet has confirmed a new zero-day vulnerability that is allowing attackers to exploit single sign-on (SSO) authentication for malicious logins. In response to the ongoing attacks, the company has temporarily disabled FortiCloud SSO authentication across all devices to mitigate the risk. This means that users relying on this feature for secure access may face disruptions while Fortinet works on a solution. The situation is particularly concerning as it puts sensitive information at risk and could lead to unauthorized access to critical systems. Companies using Fortinet products should monitor the situation closely and be prepared to implement any updates once they are released.

MicroWorld Technologies, the company behind the eScan antivirus software, has confirmed that one of its update servers was compromised. This breach allowed attackers to distribute a malicious update to a small number of eScan users earlier this month. The unauthorized update was later analyzed and flagged as harmful, raising concerns about the security of users' systems. Although the number of affected customers is limited, the incident underscores the risks associated with software updates and the potential for malicious actors to exploit vulnerabilities in update mechanisms. Users of eScan should remain vigilant and ensure their software is updated from legitimate sources to avoid such threats.

A new cyber threat known as the PeckBirdy framework has been linked to advanced persistent threats (APTs) associated with China. This framework is particularly targeting gambling and government entities, utilizing JScript and living-off-the-land binaries (LOLBins) to execute attacks across various environments. The implications of these attacks are significant, as they could compromise sensitive information and disrupt operations within the affected sectors. Organizations in the gambling and government sectors should be vigilant and strengthen their security measures to prevent potential breaches. Researchers are continuing to monitor the situation for further developments and potential mitigation strategies.