VulnHub

Threat intelligence experts have issued a warning that cybercriminals are actively seeking out misconfigured proxy servers to exploit access to application programming interfaces (APIs) used by various large language models (LLMs). This tactic allows attackers to manipulate these models for malicious purposes, potentially leading to unauthorized data access or the generation of harmful content. Organizations that utilize LLMs need to ensure their proxy servers are correctly configured to prevent exploitation. If left unchecked, these vulnerabilities could allow attackers to compromise sensitive information or disrupt services. It's crucial for companies to take proactive measures to secure their systems against this emerging threat.

A database containing information on over 300,000 users from BreachForums, a notorious hacking forum, has been leaked online. This breach exposes usernames, email addresses, and other personal data, putting users at risk of phishing attacks and identity theft. BreachForums has been a hub for cybercriminals, making this leak particularly concerning for those involved in illegal activities, as their identities may now be compromised. The leak not only affects the forum's users but also raises broader questions about the security of online communities where sensitive information is shared. Users are urged to change their passwords and be vigilant about any suspicious activity related to their accounts.

APT28, a cyberespionage group linked to Russia, has been targeting organizations in Turkey, Europe, North Macedonia, and Uzbekistan with credential-harvesting attacks from February to September 2025. This group, also known as Fancy Bear, has focused on personnel involved in energy, nuclear sectors, and policy-making. The attacks have included attempts to steal login credentials from staff at Turkish energy and nuclear agencies, as well as from European think tanks. Such activities pose significant risks to national security and critical infrastructure, highlighting the ongoing threat posed by state-sponsored cyber actors. Organizations in the targeted regions need to enhance their cybersecurity measures to protect sensitive information from these sophisticated attacks.

Cybersecurity researchers have identified two service providers that support online criminal networks involved in pig butchering fraud, a type of scam where victims are tricked into investing in fake businesses. This operation has been active since at least 2016, primarily involving Chinese-speaking criminal groups that have established large-scale scam centers in Southeast Asia. These centers are designed specifically for fraudulent investment schemes, allowing scammers to exploit unsuspecting users. The findings reveal a significant infrastructure that enables these scams, raising concerns about the growing sophistication of online fraud. As these criminal networks continue to operate, it becomes increasingly important for users to be vigilant and for authorities to take action against these service providers.

Instagram has recently addressed a vulnerability that enabled attackers to send mass password reset requests, which raised concerns about a potential data leak affecting over 17 million accounts. Although the company has denied that a data breach occurred, the incident has drawn attention to the security of user information on the platform. Users may have been at risk of having their account details scraped and shared online. This situation is particularly concerning as it highlights how easily attackers can exploit weaknesses in security systems to potentially access sensitive information. Instagram's prompt action to fix the issue is crucial, but it also serves as a reminder for users to secure their accounts with strong passwords and two-factor authentication.

The latest Security Affairs Malware newsletter covers a range of malware-related issues affecting users and organizations globally. One notable threat is the VVS Discord Stealer, which employs Pyarmor to obfuscate its code and evade detection. Additionally, researchers are raising alarms about malicious NPM packages that deliver the NodeCordRAT, a remote access tool that can compromise systems. The newsletter also discusses a new campaign linked to the Astaroth worm, which is being spread through WhatsApp in Brazil. These findings highlight the ongoing challenges in malware detection and the evolving tactics used by cybercriminals, putting many users at risk.

A significant data breach has exposed the personal information of 17.5 million Instagram users. The breach is attributed to a North Korea-linked hacking group known as Kimsuky, which has been involved in various cyberattacks, including a new tactic called 'quishing.' This method combines phishing with QR codes, making it easier for attackers to deceive victims into revealing sensitive information. The scale of the breach raises concerns about user privacy and security, particularly for those whose data has been compromised. Users are urged to change their passwords and enable two-factor authentication to enhance their security.

BreachForums, a well-known hacking forum, has experienced a significant data breach, resulting in the leak of its user database containing information from approximately 324,000 accounts. This breach raises concerns for users whose personal data may now be exposed to cybercriminals. The leaked data could potentially include usernames, emails, and passwords, making it easier for attackers to exploit affected users. Given the nature of BreachForums, which is often used for illicit activities, this incident highlights the ongoing risks associated with participating in such online communities. Users are urged to take immediate action to secure their accounts and monitor for any suspicious activity.

MuddyWater, an Iranian hacking group, has launched a spear-phishing campaign targeting various sectors in the Middle East, including diplomatic, maritime, financial, and telecom organizations. The attackers are using malicious Word documents that employ icon spoofing to trick users into activating a Rust-based remote access tool (RAT) known as RustyWater. This malware allows for asynchronous command and control, registry persistence, and anti-analysis capabilities, making it difficult for victims to detect and remove. The implications of this campaign are significant, as it could compromise sensitive information and disrupt critical infrastructure in the affected sectors. Organizations in these areas should be vigilant and enhance their cybersecurity measures to protect against such targeted attacks.