VulnHub

Threat intelligence experts have issued a warning that cybercriminals are actively seeking out misconfigured proxy servers to exploit access to application programming interfaces (APIs) used by various large language models (LLMs). This tactic allows attackers to manipulate these models for malicious purposes, potentially leading to unauthorized data access or the generation of harmful content. Organizations that utilize LLMs need to ensure their proxy servers are correctly configured to prevent exploitation. If left unchecked, these vulnerabilities could allow attackers to compromise sensitive information or disrupt services. It's crucial for companies to take proactive measures to secure their systems against this emerging threat.

The React2Shell vulnerability is currently being exploited by cybercriminals to install malware on Linux systems. Researchers from Palo Alto Networks and NTT Security have identified that this vulnerability facilitates the deployment of malicious tools like KSwapDoor and ZnDoor. KSwapDoor is particularly concerning as it is a sophisticated remote access tool designed to operate stealthily, allowing attackers to maintain control over compromised systems without detection. This ongoing threat affects organizations running vulnerable Linux environments, making it crucial for them to take immediate action to secure their systems. Users need to be aware of the risks and ensure their defenses are updated to mitigate potential attacks.

A phishing campaign utilizing the Evilginx kit has targeted 18 US universities, successfully bypassing Multi-Factor Authentication (MFA) to steal credentials over a period from April to November 2025. The severity of the threat highlights the vulnerabilities in MFA systems and the need for enhanced security measures in educational institutions.

The article reports on a joint investigation revealing a remote IT worker infiltration scheme linked to North Korea's Lazarus Group. This scheme highlights the persistent threat posed by state-sponsored cyber actors, emphasizing the need for heightened awareness and security measures against such infiltration tactics.