VulnHub

Cybersecurity researchers at Securonix have reported a new campaign targeting the European hospitality sector, known as PHALT#BLYX. This campaign uses fake booking emails to trick hotel staff into clicking on links that lead to counterfeit blue screen of death (BSoD) error pages. By doing so, attackers aim to install a remote access trojan called DCRat on the victims' systems. This type of malware allows hackers to gain unauthorized access to sensitive information and control over the infected devices. The incident underscores the need for heightened vigilance among hotel employees regarding suspicious emails and links, as these tactics can lead to severe security breaches.

The cybercriminal group known as Silver Fox has recently shifted its focus to Indian users, employing income tax-themed phishing emails to spread a remote access trojan called ValleyRAT. This malware is designed to give attackers remote control over infected systems. Researchers from CloudSEK, Prajwal Awasthi and Koushik Pal, noted that the attack utilizes a sophisticated method involving DLL hijacking to ensure the malware remains persistent on the target devices. Users in India should be particularly cautious of emails related to taxes, as they are being used as bait to deliver this malicious software. The rise in such targeted phishing campaigns emphasizes the need for increased awareness and cybersecurity measures among individuals and organizations.

A recent report from cybersecurity firm Ontinue reveals that the open-source monitoring tool Nezha is being misused as a Remote Access Trojan (RAT) by hackers. This abuse allows attackers to bypass security measures and gain control over servers worldwide. The exploitation of Nezha raises significant concerns for organizations using the tool, as it can lead to unauthorized access and potential data breaches. Users of the tool should be particularly vigilant, as this incident demonstrates how legitimate software can be weaponized for malicious purposes. The situation underscores the need for enhanced security protocols and monitoring to protect against such threats.

A recent campaign has targeted developers through the Visual Studio Code (VSCode) Marketplace, where 19 malicious extensions have been found since February. These extensions cleverly disguise malware within dependency folders, hiding it in fake PNG files. Developers using these compromised extensions are at risk, as the malware can potentially compromise their systems and projects. This incident raises alarms about the safety of third-party tools within development environments. Users are urged to be cautious when installing extensions and to verify their sources to avoid falling victim to such attacks.

North Korea-linked cyber actors are exploiting a recently identified vulnerability in React Server Components known as React2Shell to deploy a new remote access trojan called EtherRAT. This malware utilizes Ethereum smart contracts to manage command-and-control communications and can establish multiple persistence mechanisms on Linux systems. The emergence of EtherRAT marks a concerning development as it allows attackers to maintain access to compromised systems. Companies using React Server Components need to be vigilant and update their systems to mitigate this risk. The situation emphasizes the ongoing threat posed by state-sponsored hacking groups and the importance of timely patching of known vulnerabilities.

The article reports on a cyber attack campaign by the threat actor Bloody Wolf, which has been targeting Kyrgyzstan since June 2025 and has recently expanded its operations to Uzbekistan. The primary objective of these attacks is to deliver the NetSupport Remote Access Trojan (RAT), posing significant risks to the affected regions' cybersecurity landscape.

The 'Eternidade' Trojan is a sophisticated infostealer targeting Brazilian Portuguese speakers, designed to phish banking credentials and steal sensitive data. Its self-propagating nature and unique features tailored for Brazilian users pose significant cybersecurity threats across the region.

A new cyber campaign has emerged in Brazil, utilizing social engineering and WhatsApp hijacking to spread a banking trojan called Eternidade Stealer. This threat is significant due to its ability to dynamically retrieve command-and-control addresses, indicating a sophisticated level of exploitation targeting Brazilian users.