VulnHub

Researchers have discovered 17 malicious browser extensions associated with the GhostPoster campaign that have been installed over 840,000 times across Chrome, Firefox, and Edge stores. These extensions are designed to hijack users' browsing sessions and can potentially lead to data theft or other malicious activities. The widespread installation indicates that many users may have unknowingly compromised their security by downloading these harmful extensions. It's crucial for users to regularly check their installed extensions and remove any that seem suspicious. The incident raises concerns about the security measures in place within browser extension stores and the need for more stringent vetting processes to protect users from such threats.

Researchers have discovered a vast network of over 18,000 command-and-control servers operated by Chinese cybercriminals, which have been used to facilitate malware attacks. These servers are spread across 48 different hosting providers and account for nearly 84% of all malicious cyber activities within Chinese hosting environments over the past three months. This extensive operation poses significant risks to businesses and individuals, as the malware can compromise systems and steal sensitive information. The scale of the operation indicates a well-organized effort that could have far-reaching implications for cybersecurity in the region and beyond. Companies need to remain vigilant and enhance their defenses against these types of threats.

Researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel of the StealC info-stealing malware. This flaw allowed them to monitor the malware operators' active sessions and collect data on their hardware setups. StealC is designed to steal sensitive information from users, which means this incident not only exposes the attackers but also raises concerns about the ongoing effectiveness of such malware. Understanding these vulnerabilities can help cybersecurity experts develop better defenses against similar threats. The incident serves as a reminder that even sophisticated malware can have weaknesses that researchers can exploit to gain insights into cybercriminal operations.

A new malvertising campaign known as TamperedChef is distributing malware through fake PDF manuals that appear to be legitimate. This malware creates backdoors on infected systems, allowing attackers to steal user credentials, particularly targeting organizations that rely heavily on technical equipment. Researchers have identified that these malicious ads can lead users to download harmful files, putting sensitive information at risk. The implications of this attack are significant, as it could compromise various organizations' security and operational integrity. Users need to be cautious about downloading files from unverified sources, especially when they seem to be offering manuals or guides.

Security experts have uncovered a targeted campaign aimed at U.S. government and policy organizations, utilizing politically charged themes related to the U.S.-Venezuela relationship. Attackers are distributing a backdoor malware known as LOTUSLITE through spear phishing emails that include a ZIP file titled 'US now deciding what's next for Venezuela.zip.' This tactic exploits current geopolitical tensions to lure victims into opening the malicious attachment. The campaign highlights the ongoing risk of politically motivated cyber attacks that can compromise sensitive information and undermine national security. As such, it's crucial for organizations in the affected sectors to enhance their security measures and educate employees about recognizing phishing attempts.

Researchers have identified a malware campaign utilizing AsyncRAT, a remote access tool, which is being cleverly masked by cybercriminals through Cloudflare's services. By using Cloudflare’s free-tier offerings and TryCloudflare tunneling domains, attackers are able to host malicious WebDAV servers. This tactic allows them to hide their operations behind a trusted infrastructure, making detection more difficult. The campaign raises significant concerns for organizations relying on Cloudflare, as it shows how legitimate services can be exploited for malicious purposes. Companies must remain vigilant and enhance their security measures to counteract such deceptive tactics that can lead to unauthorized access and data breaches.

The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a series of cyberattacks targeting Ukraine's defense forces, utilizing a malware known as PLUGGYAPE. These attacks are believed to be linked to the Russian cyber group Void Blizzard, also referred to as Laundry Bear or UAC-0190. The attacks come amidst ongoing tensions and conflict in the region, raising concerns about the security of military operations in Ukraine. Given the group’s history and capabilities, these incidents could pose significant risks to the integrity of defense communications and operations. The situation underscores the continuing cyber warfare component of the conflict, as nation-states increasingly rely on digital tactics alongside traditional military strategies.

A new malware campaign known as PluggyApe has been targeting defense officials in Ukraine. The attackers have been using a charity theme to lure victims into clicking on links that lead to a fake charitable foundation website. This tactic involves sending instant messages through platforms like Signal and WhatsApp, making it appear as though the outreach is legitimate. The campaign's focus on defense personnel raises concerns about the potential for sensitive information to be compromised, especially given the ongoing conflict in the region. As cyber threats continue to evolve, this incident serves as a reminder of the need for vigilance among individuals and organizations against social engineering tactics.

Predator spyware has been found to be more advanced and dangerous than previously thought, turning failed cyberattacks into valuable intelligence for future exploits. This software can collect data from targets even when initial attacks do not succeed, making it a persistent threat. Researchers have indicated that this capability allows attackers to refine their methods and strategies, increasing the likelihood of successful future breaches. The implications are significant for individuals and organizations that could be targeted, as it raises concerns about privacy and security. As this spyware evolves, it poses a greater risk to sensitive information and personal data.

The Computer Emergency Response Team of Ukraine (CERT-UA) has reported a series of cyber attacks targeting Ukrainian defense forces using a malware called PLUGGYAPE. These attacks occurred between October and December 2025 and have been linked to a Russian hacking group known as Void Blizzard. This group, also referred to as Laundry Bear or UAC-0190, has been active for several years. The use of popular messaging platforms like Signal and WhatsApp suggests that attackers are exploiting familiar tools to deliver their malware, making detection and prevention more challenging. This incident raises concerns about the cybersecurity of military organizations, especially in conflict zones, where the integrity of communications is crucial.

From October to December 2025, Ukraine's Defense Forces were targeted by a malware campaign disguised as a charity initiative. The attackers deployed backdoor malware known as PluggyApe, which allowed them unauthorized access to sensitive systems. This incident raises concerns about the security of military communications and the potential for further cyberattacks against Ukraine amidst ongoing tensions. The use of a charity theme to lure victims highlights the evolving tactics of cybercriminals, making it crucial for organizations to remain vigilant. As the conflict continues, the implications of such attacks could extend beyond immediate data breaches, affecting national security and public trust.

A new phishing campaign is targeting employees by exploiting their anxiety around performance reviews. The attackers are sending emails that impersonate management or HR, claiming to discuss performance evaluations scheduled for October 2025 and falsely hinting at potential layoffs. This tactic aims to create urgency and fear, prompting recipients to click on malicious links or download malware. Companies and employees need to be vigilant, as these scams can lead to data breaches or financial loss. The incident highlights the need for better cybersecurity awareness and training, especially during sensitive times like performance review periods.