VulnHub

US organizations are being warned about the presence of Chinese malware, specifically BrickStorm, Junction, and GuestConduit, which are being used by the group Warp Panda for long-term persistence in attacks. This poses a significant cybersecurity threat as these malware types can enable attackers to maintain access to compromised systems over extended periods.

The article highlights an ongoing espionage threat from China, utilizing Brickstorm malware that has affected numerous organizations over the past three years. The average duration of these attacks is reported to be 393 days, indicating a significant and persistent threat landscape.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a new malware threat named BrickStorm, which is being used by Chinese hackers to backdoor VMware vSphere servers. This poses a significant risk to organizations using these servers, as it could lead to unauthorized access and potential data breaches.

GoldFactory, a financially motivated cybercriminal group, has launched new attacks targeting mobile users in Southeast Asia, specifically Indonesia, Thailand, and Vietnam. They are distributing modified banking applications that serve as conduits for Android malware, leading to over 11,000 infections since October 2024, posing significant risks to users' financial security.

Cybersecurity researchers have identified a serious attack involving a fake ChatGPT Atlas browser, which is being used in ClickFix attacks to steal user passwords. This highlights the increasing threat posed by such malicious tactics in the cybersecurity landscape.

The Shai-Hulud 2.0 malware attack has compromised approximately 400,000 raw secrets by infecting numerous packages in the NPM registry and leaking the stolen data across 30,000 GitHub repositories. This incident highlights significant vulnerabilities in software supply chains and the potential risks for developers and organizations relying on these tools.

North Korean hackers have intensified their 'Contagious Interview' campaign by uploading over 200 malicious npm packages designed to install OtterCookie malware. This targeted attack primarily affects blockchain and Web3 developers, leveraging fake job interviews and coding tests to lure victims.

The article reports on a joint investigation revealing a remote IT worker infiltration scheme linked to North Korea's Lazarus Group. This scheme highlights the persistent threat posed by state-sponsored cyber actors, emphasizing the need for heightened awareness and security measures against such infiltration tactics.

BitSight research highlights a significant cybersecurity threat where threat actors exploit calendar subscriptions to deliver phishing links and malware via hijacked domains. This method poses a serious risk as it can lead to social engineering attacks, potentially compromising sensitive information and systems.

The article reports on a cyber attack campaign by the threat actor Bloody Wolf, which has been targeting Kyrgyzstan since June 2025 and has recently expanded its operations to Uzbekistan. The primary objective of these attacks is to deliver the NetSupport Remote Access Trojan (RAT), posing significant risks to the affected regions' cybersecurity landscape.

This article highlights various cybersecurity threats, including AI-powered malware, vulnerabilities in voice bots, and significant money laundering activities. It emphasizes the evolving tactics of cybercriminals and the ongoing efforts of governments and security teams to combat these threats.

The Shai-Hulud supply chain attack has escalated, now affecting the Maven ecosystem after previously compromising over 830 npm packages. The identified package, org.mvnpm:posthog-node:4.18.1, contains malicious components that pose significant risks to software security.

The article reports on a hacking operation linked to Russia, specifically targeting a U.S. civil engineering firm that has connections to Ukraine. The attackers used the SocGholish malware, highlighting the ongoing cybersecurity threats faced by organizations involved in geopolitical conflicts.