VulnHub

The latest Security Affairs Malware newsletter covers several significant malware threats that have emerged recently. Notably, a group identified as Stan Ghouls is targeting users in Russia and Uzbekistan using the NetSupport Remote Access Trojan (RAT), which allows attackers to control infected systems remotely. Another concerning development is the discovery of ZeroDayRAT, a new spyware designed to infiltrate both Android and iOS devices. Additionally, researchers have uncovered a Linux botnet named SSHStalker, which utilizes old-school IRC methods to compromise new victims. These activities demonstrate the evolving tactics of cybercriminals and emphasize the need for users and organizations to remain vigilant against these persistent threats.

Apple has addressed a serious zero-day vulnerability, identified as CVE-2026-20700, which was used in targeted attacks last year. This flaw, a memory corruption issue in the dyld component of Apple's operating systems, could allow attackers to execute arbitrary code on affected devices. Specifically, the vulnerability impacts versions of iOS prior to iOS 26 and was reportedly exploited in sophisticated attacks against select individuals. Users of these older versions should update their devices to protect against potential exploitation.

Researchers have identified a new spyware kit called ZeroDayRAT, which is being distributed via Telegram. This toolkit is said to allow attackers to fully compromise both iOS and Android devices, functioning at a level typically associated with resources available to nation-states. The implications of this spyware are significant, as it can potentially give hackers complete access to personal data and device controls. Users of mobile devices, especially those who may be targeted for sensitive information, should be particularly cautious. The emergence of such advanced tools raises serious concerns about mobile security and privacy.

Apple has issued updates for macOS and iOS to address two zero-day vulnerabilities in WebKit that were found to be exploited in a highly sophisticated attack. These vulnerabilities could allow attackers to execute malicious code on affected devices, potentially compromising user data and privacy. The updates are crucial for users of Apple's platforms, as they help protect against active threats that exploit these flaws. Users are encouraged to install the latest updates to ensure their devices are secure. This incident also raises concerns about the interconnectedness of browser vulnerabilities, as these flaws are linked to a Chrome exploit, indicating that security issues can cross platform boundaries.

CISA has identified that various cyber threat actors are using commercial spyware to target users of mobile messaging applications, employing tactics such as phishing, zero-click exploits, and impersonation. The focus is primarily on high-value individuals including government and military officials, indicating a serious threat to sensitive communications.