VulnHub

In October 2025, Kaspersky reported a new wave of phishing attacks linked to a group known as Operation ForumTroll, specifically targeting Russian scholars. These attackers are using fake emails that appear to come from a legitimate eLibrary service to lure victims into providing sensitive information. This shift from targeting organizations in the spring to focusing on individuals in the fall raises concerns about the attackers' evolving strategies. The origins of the threat actor remain unclear, but the targeted approach suggests a calculated effort to exploit the academic community. Such incidents can lead to significant data breaches and have serious implications for both personal and institutional security.

Kaspersky's GReAT team has reported an increase in cyberattacks from the ForumTroll APT group, which is specifically targeting Russian political scientists. The attackers are using a tool known as the Tuoni framework to infiltrate their devices. This situation is concerning as it shows a focused attempt to compromise the devices of individuals involved in political research, potentially to gather sensitive information or disrupt their work. The targeting of political scientists indicates a strategic move to influence or monitor political discourse in Russia. These incidents serve as a reminder of the ongoing risks faced by academics and researchers in politically sensitive environments.

The Tsundere botnet, targeting Windows users, is expanding and capable of executing arbitrary JavaScript code from a command-and-control server. This poses a significant threat to users, as the botnet's propagation methods remain unclear, indicating a potential for widespread exploitation.

Kaspersky GReAT experts have identified the Tsundere botnet, which utilizes Node.js-based bots to exploit web3 smart contracts. The campaign poses a significant cybersecurity threat as it spreads through MSI installers and PowerShell scripts, indicating a sophisticated method of propagation.