VulnHub

According to threat intelligence from Quorum Cyber, the global education sector has seen a dramatic 63% increase in cyberattacks from November 2024 to October 2025. This surge includes a 73% rise in data breaches and a 75% increase in attacks driven by hacktivist groups. Educational institutions, already under pressure from the shift to online learning, are now facing heightened risks to their data and systems. This trend raises concerns about the security of sensitive student information and the potential for disruptions in educational services. As cybercriminals target these institutions, it's crucial for schools and universities to enhance their cybersecurity measures to protect against these escalating threats.

The newly discovered Bluekit Phishing Kit is a sophisticated tool that employs advanced techniques to target major online platforms. It utilizes an AI-driven approach called AiTM, which allows attackers to steal session data and bypass multi-factor authentication (MFA) protections. This poses a significant risk to users, as it could lead to unauthorized access to their accounts on popular services. The implications are serious, as many individuals rely on MFA to secure their online identities. Companies and users alike need to be vigilant and update their security measures to counteract these emerging threats.

A new strain of ransomware known as Vect 2.0 is being deployed against organizations affected by the TeamPCP supply chain attacks. However, security experts warn that paying for a decryptor might not be wise, as a design flaw in the ransomware makes it function more like a wiper than traditional ransomware. This means that instead of simply encrypting files for ransom, it may permanently erase data. Companies that have been impacted need to be cautious, as the ramifications of this ransomware could lead to significant data loss. Organizations should prioritize data backups and consider their recovery options before engaging with the attackers.

Cybersecurity researchers have identified a new wave of attacks linked to North Korea, involving malicious code embedded in an npm package called '@validate-sdk/v2'. This package, which is falsely advertised as a utility for software development, actually serves as a vehicle for malware. The attackers have utilized artificial intelligence to insert this malicious code, making it harder to detect. As a result, developers who unknowingly incorporate this package into their projects could be exposing their systems to remote access trojans (RATs). This incident highlights the increasing sophistication of cyber threats, particularly from state-sponsored actors, and emphasizes the need for developers to scrutinize third-party packages before use.

Vimeo has confirmed that customer data was accessed during a recent breach linked to the ShinyHunters extortion group. This group has threatened to release the stolen data by April 30 unless a ransom is paid. The breach raises concerns about the safety of user information and the potential for it to be misused if the ransom demand is not met. Vimeo users should be vigilant, as their personal details may be at risk. This incident underscores the ongoing challenges companies face in protecting sensitive data from cybercriminals.

Researchers have identified a malicious npm dependency that is associated with an AI-assisted code commit. This dependency is designed to steal sensitive information and compromise cryptocurrency wallets. Developers who incorporate this malicious package into their projects risk exposing their private keys and other critical data. This situation is particularly concerning for those involved in crypto transactions, as the attackers could gain unauthorized access to funds. Users and developers should be vigilant and review their dependencies carefully to avoid falling victim to this scheme.

A new multi-stage malware campaign is targeting employees of Pakistan's Punjab Safe Cities Authority and the Punjab Police Integrated Command, Control & Communication Centre. Researchers have noted that the attackers are using sophisticated obfuscation tactics to evade detection. This level of complexity suggests that the attackers are well-resourced and may have specific goals in mind, which could include espionage or disruption of services. The campaign's focus on law enforcement and public safety agencies raises concerns about the potential for serious consequences, including compromised security operations and sensitive data breaches. As these entities play crucial roles in maintaining public safety, any successful infiltration could have far-reaching implications for security in the region.

Researchers at KELA have identified a staggering 2.9 billion compromised credentials that are being circulated in the cybercriminal underground. Infostealers, which are malicious programs designed to extract sensitive information like usernames and passwords, are the primary method attackers are using to gain unauthorized access to accounts. This situation poses significant risks for individuals and organizations alike, as compromised credentials can lead to identity theft, financial loss, and data breaches. The sheer volume of stolen credentials emphasizes the need for stronger security measures, such as enabling two-factor authentication and regularly updating passwords. Companies and users must remain vigilant to protect their sensitive information from ongoing cyber threats.